Serve as Incident Commander for SIRN-related security cases, owning coordination from detection through resolution and post-incident review.
Lead incident triage efforts, rapidly assessing scope, severity, and impact to drive prioritization and response decisions.
Coordinate with internal AR teams and external Solana ecosystem stakeholders throughout active incident lifecycles.
Develop, tune, and triage telemetry signals relevant to SIRN use cases, including on-chain event monitoring and infrastructure-level detection.
Identify gaps in current detection coverage and propose improvements to signal fidelity and alert quality.
Author, maintain, and continuously improve incident runbooks tailored to SIRN scenarios.
Provide operational and logistical support to the SIRN project team, including tracking deliverables, coordinating stakeholder communications, and ensuring project milestones are met.
Maintain clear documentation across all assigned workstreams.

7+ years of security engineering or incident response experience, with demonstrated depth in operational IR roles.
Proven experience as an Incident Commander or equivalent lead role in complex, fast-moving security events.
Hands-on experience developing or tuning telemetry, detection pipelines, or monitoring systems (SIEM, on-chain alerting, or equivalent).
Familiarity with runbook development and operational documentation best practices.
Strong communication skills — able to convey technical findings clearly to both engineering teams and non-technical stakeholders under pressure.
Ability to work independently and with high autonomy in a fully remote setting.
Experience with Web3 security, blockchain incident response, or protocol-level threat analysis (Solana ecosystem experience a strong plus).
Background in Web2 security operations (EDR, MDM, Google Workspace, or equivalent platforms).
Familiarity with DeFi attack patterns, smart contract exploits, or on-chain forensics.

Enterprise Security Engineer – Incident Response

Key skills