AlphaSense
SaaS
StaffIncidentResponseAnalyst
Neural analysis suggests this role is
optimal for Staff candidates.
“Staff Incident Response Analyst at AlphaSense. Skills: Incident Response, EDR proficiency, AWS IR capability, Windows forensics, Linux forensics, SIEM investigation, Identity incident response, MITRE ATT&CK fluency. Take over technical lead role on Sev2+ Scope incidents. Accurately and quickly determine blast radius, affected assets, and attacker objectives from available telemetry”
Industry & Context.
Determine blast radius, affected assets, and attacker objectives from available telemetry; Reconstruct attacker activity from Prefetch, MFT, Shimcache, event logs, and registry artifacts; Identify recurring escalation patterns
What They're Looking For.
Must Have
6+ years of hands-on incident response experience, at least 3 years performing technical IR at a senior or staff level, Expert-level EDR proficiency (e. g. , CrowdStrike Falcon, SentinelOne, or equivalent): remote triage, process tree analysis, behavioral detections, and custom detection rule authorship, Deep AWS IR capability: CloudTrail forensics, IAM chain analysis, EC2 and Lambda investigation, and IMDS/assumed-role abuse patterns, Windows forensics: ability to reconstruct attacker activity from Prefetch, MFT, Shimcache, event logs, and registry artifacts without tooling assistance, Solid Linux forensics: persistence mechanisms, cron, SUID analysis, process anomalies, and log artifact interpretation, Hands-on SIEM investigation and detection experience (e. g. , Google SecOps/Chronicle, Splunk, Microsoft Sentinel): writing detection logic, pivoting on normalized events, and multi-event correlation, Identity incident response experience in an enterprise IdP (e. g. , Okta, Entra ID): audit log forensics, session analysis, app-layer anomalies, and admin abuse patterns, Demonstrated ability to scope and lead Sev1 incidents autonomously, including containment decisions and cross-functional coordination, technical writing: you produce investigation timelines, evidence summaries, and escalation handoffs that are accurate, concise, and unambiguous, MITRE ATT&CK fluency: you use it to communicate attacker behavior, not just as a reference
Nice to Have
Memory forensics experience using Volatility or equivalent: process injection, credential material in memory, and rootkit indicators, Malware analysis capability: static analysis (PE headers, strings, imports), dynamic sandbox review, and YARA rule authorship, GCP IR experience using Cloud Audit Logs, VPC Flow Logs, and IAM policy analysis in a live incident context, CIAM forensics experience (e. g. , Auth0, Cognito): authentication logs, abnormal grant flows, and token misuse investigation, Experience receiving and evaluating escalations from an MSSP/MDR, including identifying under-triaged or misrouted tickets, Familiarity with CSPM tooling (e. g. , Wiz, Prisma Cloud, Orca) as an investigative data source during cloud incidents, DFIR certifications: GCFE, GCFA, GCFR, GREM, GCIH, or equivalent practical forensics credentials, Prior experience in a SaaS company, financial services, or other regulated environment handling sensitive customer data
What You'll Do.
Take over technical lead role on Sev2+ Scope incidents
Accurately and quickly determine blast radius
and attacker objectives from available telemetry
Make and document containment decisions
Maintain a forensically sound incident timeline
Communicate incident status to the Security Operations Manager
Drive incidents to documented closure
Provide technical direction when an analyst is stuck
Review escalation packages for completeness and accuracy
Identify recurring escalation patterns and flag them to the Security Operations Manager
Document investigation methodology on closed cases
How You'll Work.
Team & Collaboration
Communicate incident status to the Security Operations Manager; Provide technical direction when an analyst is stuck; Review escalation packages for completeness and accuracy; Cross-functional coordination
Communication Scope
Communicate incident status; Technical writing; Accurate, concise, and unambiguous investigation timelines, evidence summaries, and escalation handoffs
Process & Methodology
Scope incidents, Lead incidents, Drive incidents to documented closure
Full Job Description
About AlphaSense: The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on proven AI, AlphaSense delivers insights that matter from content you can trust. Our universe of public and private content includes equity research, company filings, event transcripts, expert calls, news, trade journals, and clients’ own research content. The acquisition of Tegus by AlphaSense in 2024 advances our shared mission to empower professionals to make smarter decisions through AI-driven market intelligence. Together, AlphaSense and Tegus will accelerate growth, innovation, and content expansion, with complementary product and content capabilities that enable users to unearth even more comprehensive insights from thousands of content sets. Our platform is trusted by over 6,000 enterprise customers, including a majority of the S take over technical lead role on Sev2+ Scope incidents accurately and quickly: determine blast radius, affected assets, and attacker objectives from available telemetry Make and document containment decisions — endpoint isolation, account suspension, token revocation, network block — with clear rationale Maintain a forensically sound incident timeline: ordered evidence, source attribution, and chain-of-custody throughout Communicate incident status to the Security Operations Manager with enough fidelity to brief upward without needing to re-investigate Drive incidents to documented closure: root cause, attacker path, affected assets, and defensive gaps identified Host provide technical direction when an analyst is stuck, not just take the case Review escalation packages for completeness and accuracy — push back when context is insufficient and coach on what’s missing Identify recurring escalation patterns and flag them to the Security Operations Manager as potential L2 training gaps or detection tuning needs Document investigation methodology on closed cases in enough d
Applying for this Staff Incident Response Analyst role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Greenhouse
- Create a Greenhouse profile before applying — it saves time across multiple applications.
- Upload your resume as a PDF; the parser handles it better than Word.
- Answer all knockout questions carefully — wrong answers auto-reject before a human sees you.
- Enable email notifications to track application status in real time.
ANONYMOUS · UNFILTERED
What do employees actually say about AlphaSense?
Real rants from real employees. Read before you apply.