Lead Security Analyst, Cloud & Endpoint Incident Response
This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Lead Security Analyst, Cloud & Endpoint Incident Response in the United States.
This senior-level role focuses on leading cloud-centric and endpoint security incident response, with a primary emphasis on AWS environments. The position involves full ownership of high-severity incidents, from initial detection to containment, remediation, and post-incident review, while improving overall security processes and automation. The ideal candidate will partner closely with engineering, SRE, and IT teams to remediate vulnerabilities, enhance detection capabilities, and ensure scalable, resilient security practices. You will also be responsible for mentoring team members, developing incident response playbooks, and identifying gaps in telemetry, tooling, and workflows. The role demands hands-on investigative expertise, strong technical leadership, and the ability to operate under pressure in a fast-paced environment. Opportunities exist to influence security strategy and drive continuous improvement across cloud and endpoint platforms.
- Lead end-to-end investigations of high-severity security incidents across AWS, endpoint, identity, and SaaS environments
- Track emerging threats, assess risks, and translate threat intelligence into actionable guidance and mitigation strategies
- Develop, maintain, and improve incident response playbooks and automation workflows using SOAR tools and scripting
- Collaborate with Engineering, SRE, and IT teams to implement remediation and preventive measures for security incidents
- Conduct forensic analysis to reconstruct attacker activity and provide clear documentation for technical and non-technical stakeholders
- Identify gaps in detection, telemetry, and security tooling, and partner with relevant teams to close them
- Mentor and guide security team members, fostering a culture of continuous improvement and technical excellence
- Strong understanding of AWS security services, cloud architecture, CI/CD pipelines, and DevOps workflows
- Hands-on experience responding to cloud and endpoint security incidents, including investigation and containment
- Solid knowledge of identity and access management concepts, SaaS systems, and multi-account AWS environments
- Proficiency in Linux investigations, with working knowledge of macOS and Windows environments
- Experienced in using SIEM tools for detection and investigations (Splunk preferred) and scripting in Python for automation
- Proven ability to lead complex security incidents and drive collaboration across engineering and security teams
- Excellent problem-solving, communication, and documentation skills, with the ability to operate under pressure
- Competitive base salary range ($130,800 – $209,300 USD), with eligibility for performance-based bonuses
- Participation in equity plans for eligible roles (RSUs)
- Comprehensive healthcare, dental, and vision coverage
- Flexible work arrangements, including remote options
- Paid time off, holidays, and wellness programs
- Opportunities for professional development and career growth
- Supportive, collaborative, and inclusive work environment
Why Apply Through Jobgether?
We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.
We appreciate your interest and wish you the best!
Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.
#LI-CL1
Average salary estimate
If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.
Lead cross-functional teams to deliver secure, compliant Salesforce programs that align with strategic goals and drive measurable business outcomes.
Lead the strategic vision and execution of Salesforce for a nonprofit partner, managing the transition from NPSP to Agentforce while improving CRM adoption and operational efficiency.
T5 Data Centers seeks a Cloud Administrator to manage, secure, and automate hybrid Azure and on‑prem infrastructure for high‑availability enterprise operations.
Agile Defense is hiring a Battle Officer I to provide continuous technical oversight and incident management for the Army's CONUS cyber operations at Fort Huachuca.
An experienced Data Center Network Architect is needed to design scalable, secure data center and enterprise network solutions using Cisco ACI/SDN and advanced routing technologies in a remote, North America-wide role.
Bioscope.ai is hiring an IT Security Engineer to combine hands-on IT support with security engineering and DevSecOps to secure our healthcare AI platform and support HIPAA compliance.
A SkillBridge internship at Blackpoint Cyber offers active-duty service members near separation hands-on SOC experience conducting lead-less threat hunting, endpoint triage, and incident analysis on a night shift schedule.
Lead the security vision and architecture for Microsoft cloud and AI implementations, shaping Zero Trust and data protection strategies across the enterprise.
Hermeus is looking for a Network Engineer to build and secure scalable LAN/WAN infrastructure supporting high-assurance aerospace and national security operations.
Lead the design and implementation of enterprise Microsoft security and Zero Trust architectures to protect cloud and AI environments in a remote Principal Architect role.
Support ATPCO's remote-first operations team as a Platform Support Analyst Intern, monitoring and maintaining the cloud platforms that power global air travel.
Astro Mechanica is hiring a hands‑on Infrastructure Architect to design and operate identity, endpoints, networks, and cloud for a fast‑moving aerospace startup working on regulated and export‑controlled systems.
Lead administration and performance optimization of AWS RDS SQL Server environments for a major healthcare client in a remote SQL DBA role.
Experian is hiring a Lead Offensive Security Engineer to lead adversary simulation, social engineering, and purple-team exercises that validate and strengthen enterprise security controls.
Experienced network and systems professional needed to administer Cisco/Meraki networks and Windows server environments for a security-conscious US-based organization.
Jobgether has the ambition to disrupt the recruitment industry as we know it by simplifying it and making it more accurate 🎯 Jobgether platform connects candidates and companies based on: - Skills -... Values - Ambition - Personality The candidat...
624 jobs
🔮
Hi, I'm Risa! Your AI Career Copilot
you, just ask me below!
