Incident Response Engineer

Turing provides a platform that connects talents with our enterprise customers in a global marketplace. Our security engineers work on a broad set of efforts focusing on scaling and automating security infrastructure and processes. Our security engineers work on building the industry standard and implementing the best security practices in our platforms that connect enterprise environments. Our security engineers define and enforce the security protocols to operate services in a protected environment. Our security engineers also build and manage the framework for data access both internally and externally.

At Turing, we are continuously addressing the complex challenges of scaling our systems in a safe and secure manner. We're looking for passionate security engineers and leaders who are excited to solve intricate security problems in dynamic enterprise environments.

We are seeking an experienced Incident Response Engineer to join our global security operations team. Based in India as part of a shared technical escalation pool, this role is central to handling complex security incidents, engineering detection capabilities, and leading forensic investigations. You will drive improvements in detection content, response automation, and mentor junior analysts while supporting critical security infrastructure and processes.

• Lead complex investigations into advanced threats, including root cause analysis, malware behaviour, persistence mechanisms, and forensic evidence collection across cloud and endpoint environments.
• Build lightweight tools and scripts to support forensic analysis, incident enrichment, or threat hunting (e.g., log correlation, IOC extraction).
• Act as the Incident Commander (IC) during high-severity incidents, leading technical response and coordinating with stakeholders across IT, Legal, and Engineering.
• Provide feedback on SIEM detection logic (e.g., Chronicle rules, UDM mappings) based on real investigations and hunting findings, in collaboration with MDR and Detection Engineering.
• Contribute to SOAR playbook development and refinement - including enrichment, escalation logic, and automated containment steps to accelerate incident handling and reduce response time.
• Define escalation criteria, triage workflows, and decision trees to guide team to ensure clear handoffs for high-priority incidents.
• Collaborate with platform owners to tune and validate security tools (e.g., EDR policies, SOAR workflows) for effective incident detection and response.
• Provide input on detection and response tooling gaps based on incident experience and help evaluate solutions where needed.
• Build or extend automation for investigation tasks, enrichment, or containment actions using APIs and lightweight scripts.
• Conduct proactive threat hunts using IOC searches, TTP mapping (MITRE ATTACK), and internal behavioural data to detect hidden or emerging threats.
• Develop threat hunting hypotheses based on current threat landscape or recent incidents, test them using available telemetry, and document outcomes and recommendations.
• Mentor team through real-case reviews, knowledge sharing, and training sessions to strengthen their triage, investigation, and escalation skills.
• Contribute to internal playbooks and IR documentation to ensure procedures, tools, and best practices are clearly documented and regularly updated.

• Required Skills
  • Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field (or equivalent practical experience).
  • 5 years of experience in Security Operations, Incident Response, or Detection Engineering roles.
  • Demonstrated experience with digital forensics, malware analysis, and network-based incident investigations.
  • Strong hands-on experience with SIEM platforms such as Splunk, Chronicle, Elastic, or QRadar.
  • Proficiency in scripting languages (e.g., Python, Bash, PowerShell), and familiarity with configuration formats like YAML for automation and tooling.
  • Deep understanding of EDR solutions (e.g., CrowdStrike, SentinelOne) and SOAR platforms.
  • Working knowledge of the MITRE ATT&CK framework and TTP-driven detection and response.
  • Familiarity with threat intelligence and applying it to hunt and detect advanced threats.
  • Excellent communication and collaboration skills, especially during incident handling.
    
    
• Good to have:
  • Industry-recognized certifications such as GIAC GCFA, GCIH, GREM, GCIA, or OSCP.
  • Experience with memory analysis tools (e.g., Volatility, Rekall).
  • Experience handling security incidents in cloud-native environments (e.g., GCP, Azure, SaaS platforms).
  • Experience writing detection logic using YARA, Sigma rules, or Sysmon.
  • Familiarity with automation platforms (e.g., Phantom, XSOAR, StackStorm).
  • Contributions to open-source IR tools or threat research communities.
  • Experience integrating security tooling with workflow platforms (e.g., Slack, Jira) to support response automation and incident coordination.
  • Knowledge of compliance-driven incident response requirements (e.g., SOC 2, ISO 27001, breach notifications).