Lead Security Analyst, Cloud & Endpoint Incident Response

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Lead Security Analyst, Cloud & Endpoint Incident Response in the United States.

This senior-level role focuses on leading cloud-centric and endpoint security incident response, with a primary emphasis on AWS environments. The position involves full ownership of high-severity incidents, from initial detection to containment, remediation, and post-incident review, while improving overall security processes and automation. The ideal candidate will partner closely with engineering, SRE, and IT teams to remediate vulnerabilities, enhance detection capabilities, and ensure scalable, resilient security practices. You will also be responsible for mentoring team members, developing incident response playbooks, and identifying gaps in telemetry, tooling, and workflows. The role demands hands-on investigative expertise, strong technical leadership, and the ability to operate under pressure in a fast-paced environment. Opportunities exist to influence security strategy and drive continuous improvement across cloud and endpoint platforms.

• Lead end-to-end investigations of high-severity security incidents across AWS, endpoint, identity, and SaaS environments
• Track emerging threats, assess risks, and translate threat intelligence into actionable guidance and mitigation strategies
• Develop, maintain, and improve incident response playbooks and automation workflows using SOAR tools and scripting
• Collaborate with Engineering, SRE, and IT teams to implement remediation and preventive measures for security incidents
• Conduct forensic analysis to reconstruct attacker activity and provide clear documentation for technical and non-technical stakeholders
• Identify gaps in detection, telemetry, and security tooling, and partner with relevant teams to close them
• Mentor and guide security team members, fostering a culture of continuous improvement and technical excellence

• Strong understanding of AWS security services, cloud architecture, CI/CD pipelines, and DevOps workflows
• Hands-on experience responding to cloud and endpoint security incidents, including investigation and containment
• Solid knowledge of identity and access management concepts, SaaS systems, and multi-account AWS environments
• Proficiency in Linux investigations, with working knowledge of macOS and Windows environments
• Experienced in using SIEM tools for detection and investigations (Splunk preferred) and scripting in Python for automation
• Proven ability to lead complex security incidents and drive collaboration across engineering and security teams
• Excellent problem-solving, communication, and documentation skills, with the ability to operate under pressure

• Competitive base salary range ($130,800 – $209,300 USD), with eligibility for performance-based bonuses
• Participation in equity plans for eligible roles (RSUs)
• Comprehensive healthcare, dental, and vision coverage
• Flexible work arrangements, including remote options
• Paid time off, holidays, and wellness programs
• Opportunities for professional development and career growth
• Supportive, collaborative, and inclusive work environment

Why Apply Through Jobgether?

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

 Why Apply Through Jobgether? 

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

#LI-CL1