CrawlJobs Logo

Engineering Manager, Investigations and Incident Response

United States 204000.00 - 255000.00 USD / Year · Job Posted April 01, 2026
Apply Position
Job Link Share

Job Description

The Threat Detection and Response team (TDR) at Airbnb is focused on automating security detection, responding to security incidents, and working with partner teams to build capabilities that support the incident lifecycle. This is the front-line team that detects, investigates, and responds to security threats and malicious activity. We are seeking an Engineering Manager to lead our Investigations & Incident Response team within a mature Threat Detection & Response organization. This is a key role that combines incident response leadership, strategic ownership, and engineering-informed scale.

Job Responsibility

  • Define and execute new approaches to detecting, containing, and mitigating security threats and incidents
  • Own incident response and investigation outcomes, leading end-to-end response across identification, containment, eradication, and recovery
  • Shape how the team operates—evolving operating models, guiding execution during incidents, and scaling through thoughtful use of automation and engineering
  • Define and drive the strategy for a modern incident response function
  • Assess current capabilities and chart the path forward across people, process, and technology
  • Scale the function through automation, tooling, and improved workflows
  • Serve as a key voice to senior leadership, communicating incident trends, risks, and strategic direction
  • Lead and mentor a diverse team of ~5+ senior engineers
  • Partner with Security Platform and Detection Engineering teams to enhance telemetry, context, and response capabilities
  • Coach and develop team members, help them grow their careers, technical expertise, and collaboration skills
  • Act as a senior escalation point during high-severity or complex incidents
  • Ensure consistent, high-quality investigations with strong root cause analysis
  • Establish clear priorities that balance speed, depth, and risk reduction
  • Improve escalation paths, ownership clarity, and cross-functional coordination
  • Use incident data to influence security priorities and investment decisions
  • Partner closely with partner teams within Information Security to ensure incident learnings are shared
  • Work with infrastructure, product, and engineering teams to drive effective remediation
  • Define and track key metrics such as MTTD, MTTR, incident severity, and recurrence
  • Ensure clear communication during incidents to senior and executive leadership

Requirements

  • 9+ years of industry experience in threat detection and incident response
  • Minimum of 3-5 years in engineering management
  • Experience shaping or evolving incident response programs in complex environments
  • Exceptional people management and mentorship skills, with a history of recruiting, developing and retaining top talent
  • Strong understanding of attacker behavior and frameworks such as MITRE ATT&CK
  • Experience and understanding of technologies such as EDR, SIEM, cloud environments, and investigation workflows
  • Experience in cloud-native environments (AWS, GCP, Azure)
  • Ability to analyze ambiguous situations and make sound, timely decisions
  • Comfort partnering with engineering teams to build scalable solutions
  • Ability to operate at both strategic and tactical levels, from executive communication to incident leadership
  • Experience defining team strategy, priorities, and operating models
  • Strong judgment in risk assessment, escalation, and trade-offs
  • Excellent communication skills across technical and executive audiences
  • Must live in a state where Airbnb, Inc. has a registered entity (excluding Alaska, Mississippi, and North Dakota)

What we offer

  • bonus
  • equity
  • benefits
  • Employee Travel Credits

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Engineering Manager, Investigations and Incident Response

8 matching positions

Cybersecurity Manager - Detection and Response

Microsoft Incident Response – the Detection and Response Team (DART) – part of t...
Location
Location
United Kingdom , Multiple Locations
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field and several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection and several years of experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field and several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience
  • Many years of people management and/or informal/indirect team leadership experience
  • Strong analytic, qualitative, and quantitative reasoning skills
  • Track record of successfully managing a technical business group and maintaining consistent growth
  • Recognized as a strategic leader who can hire, retain and motivate diverse quality talent
  • Experience leading both a services organization and product development function
  • Develop business strategy and provide technical thought leadership
  • Manage customer engagements escalations to ensure customer satisfaction
Job Responsibility
Job Responsibility
  • People Management: Responsible for mentoring, managing and leading a team of cyber security analysts, engineers, developers, leads and incident managers
  • Managers deliver success through empowerment and accountability by modeling, coaching, and caring
  • Strategic Initiatives: Secure partner relationships and work closely with internal product and services groups as well as co-delivering with Microsoft’s Partner ecosystem
  • Develop and mentor individual contributors through open communication, training and development opportunities and performance management processes
  • Develop and maintain objectives, metrics and KPIs supporting the department’s strategic direction and continuously improve incident response technical capabilities
  • Communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily understood, authoritative, and actionable manner
  • Present to a wide range and size of audiences from IT Pro, to CxO, to business decision makers
  • Technical leadership and executive presence to establish Trusted Technical Advisor to influence senior decision makers to mature and promote customer’s security posture across the overall technology landscape
  • Drive investigative teams to exhaust all investigative leads in the expectation of discovering novel attacker techniques
  • Investigate and research these techniques, and partner with threat intelligence and security engineering to drive security tooling and product enhancements
  • Fulltime
Read More
Arrow Right

Manager of Cybersecurity Engineering and Operations

We are looking for an experienced Manager of Cybersecurity Engineering and Opera...
Location
Location
United States , Burlington
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Information Security, or a related technical field
  • Advanced cybersecurity certifications such as CISSP, CISM, or equivalent
  • At least ten years of experience in technical cybersecurity roles, with a minimum of five years in enterprise-level environments
  • Proven expertise in forensic tools, investigations, and incident response processes
  • Strong knowledge of security practices, including SIEM, application security, and network security
  • Experience with vulnerability assessment tools and automated penetration testing
  • Effective leadership and communication skills to manage cross-functional coordination and team development
  • Ability to stay updated on emerging cybersecurity threats and technologies
Job Responsibility
Job Responsibility
  • Lead cybersecurity operations, including threat detection, incident response, and escalation, ensuring adherence to established protocols and runbooks
  • Oversee the design, operation, and optimization of core security platforms and tools, including vulnerability management, firewalls, cloud security, and identity protection systems
  • Collaborate with cross-functional teams, such as infrastructure, application, and DevOps, to integrate security measures into workflows and ensure alignment with organizational priorities
  • Manage vendor relationships and external service providers to effectively investigate, remediate, and document security incidents
  • Analyze incident trends and operational gaps to drive continuous improvement in detection, response, and automation capabilities
  • Coordinate vulnerability identification and remediation efforts in partnership with relevant teams to mitigate risks
  • Facilitate periodic security exercises, including tabletop simulations and red/blue team evaluations, to strengthen incident response readiness
  • Develop and maintain comprehensive documentation of security processes, incidents, and operational standards
  • Mentor and guide team members, fostering attention to detail in development and promoting a culture of accountability within the cybersecurity team
  • Ensure security systems and processes adapt to emerging threats and evolving business risks
What we offer
What we offer
  • medical
  • vision
  • dental
  • life and disability insurance
  • 401(k) plan
Read More
Arrow Right

Principal Software Engineering Manager - Data Science & Engineering

The MSRC Data Science team is responsible in building data pipelines, data minin...
Location
Location
United States , Redmond
Salary
Salary:
139900.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree in Computer Science or related technical field AND 6+ years technical engineering experience with coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, or Python OR equivalent experience
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role
  • This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter
Job Responsibility
Job Responsibility
  • Leads team on the disciplined use of, and improving artificial intelligence (AI) tools and practices across the software development lifecycle (SDLC)
  • Guides team on proactively taking responsibility for the content of their AI-generated requirements, design documents, code, and other assets, and assisting other members of the team to do the same
  • Leads team on incorporating Responsible AI practices into the SDLC to ensure appropriate controls over AI-generated assets
  • Coaches team on applying SDLC and engineering health measures (e.g., Accelerate, SPACE framework, Engineering System Success Playbook [ESSP]) to guide improvements to processes and practices, especially those involving AI
  • Leads team on experimenting with AI tools and practices to improve their own capabilities, and providing recommendations on how to adopt them to others
  • Reviews debugging tools, tests, logs, telemetry, and other methods, and acts as an expert for others to proactively verify assumptions while developing code before issues occur across products in production
  • Guides team to perform machine learning/data extraction, transformation, and loading (ETL) pipelines (e.g., data collection, cleaning) based on data prepared
  • Guides the architecture of scalable pipelines and datasets
  • Influences the direction of the team
  • Begins to anticipate potential data pipeline issues and provides solutions
  • Fulltime
Read More
Arrow Right
New

Threat Intelligence & Incident Response Lead

The Threat Intelligence & Incident Response Lead shapes ANS’ proactive cyber def...
Location
Location
United Kingdom , Manchester
Salary
Salary:
Not provided
ans.co.uk Logo
ANS Group
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in one or more of: SOC, MDR or MSSP environments
  • Threat intelligence and adversary analysis
  • Incident response and cyber coordination
  • Threat hunting and proactive investigations
  • Detection engineering and alert tuning
  • SOAR / security automation
  • CTEM, vulnerability prioritisation or exposure management
  • Cloud and identity security (Microsoft / multi-cloud). Strong understanding of: SIEM/SOAR platforms (e.g. Chronicle, Sentinel)
  • Microsoft Defender ecosystem
  • MITRE ATT&CK framework
Job Responsibility
Job Responsibility
  • Lead and mature threat intelligence, embedding it across detection, investigation, hunting, and protection
  • Research emerging threats, adversary tactics, and vulnerabilities relevant to customers
  • Translate intelligence into actionable detections, automation, and security improvements
  • Produce customer and internal threat advisories
  • Identify emerging risks across sectors and technologies
  • Align with frameworks (e.g. MITRE ATT&CK)
  • Partner with Engineering and SOC to improve detection and response
  • Lead technical response for high-priority incidents (P1/P2)
  • Own and enhance incident readiness, playbooks, and processes
  • Drive post-incident reviews and continuous improvement
What we offer
What we offer
  • 25 days’ holiday, plus you can buy up to 5 more days
  • Birthday off
  • Extra celebration day
  • 5 days’ additional holiday in the year you get married
  • 5 volunteer days
  • Private health insurance
  • Pension contribution match
  • 4 x life assurance
  • Flexible working
  • Work from anywhere for up to 30 days per year
  • Fulltime
Read More
Arrow Right

Senior Security Monitoring and Response Analyst

Mastercard powers economies and empowers people in 200+ countries and territorie...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
mastercard.com Logo
Mastercard
Expiration Date
November 30, 2026
Flip Icon
Requirements
Requirements
  • Direct experience in a Security Operations Center (SOC)
  • Experience working in an incident response or digital forensics role
  • Demonstrated experience with cybersecurity related disciplines, not limited to: e.g. vulnerability research, network traffic analysis, static and dynamic malware analysis, digital forensics, memory analysis, web-security and threat hunting.
Job Responsibility
Job Responsibility
  • Providing monitoring coverage, triage and investigation of escalated alerts (T3) from various sources
  • Responding to cybersecurity incidents through critical thinking, defining, and applying playbook responses
  • Applying root cause analysis and lessons learned to improve security posture and processes
  • Working closely with security engineering, threat intelligence, insider threat and a managed SOC service, providing critical feedback to improve and automate monitoring and response
  • Strong collaboration with the team to develop knowledge base, playbook and use cases
  • Proactive initiatives and project-related support by providing subject matter expertise
  • Ability to work independently as well as collaborate with different teams to assess impact, mitigate risk, and resolve security incidents.
  • Fulltime
Read More
Arrow Right

Monitoring Engineer / Incident Manager

A team within Engineering under the Platform Excellence pillar exhibits an unwav...
Location
Location
Netherlands , Amsterdam
Salary
Salary:
Not provided
adyen.com Logo
Adyen
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least 5 years of experience with incident management, problem management, incident client communication, and platform monitoring operations
  • Experience with problem management practices - identifying trends across incidents, conducting root cause investigations and driving preventative action
  • Solid communication skills and the ability to develop strong working relationships throughout the organization, able to translate technical situations clearly and concisely to a diverse audience via data-visualizing dashboards and written documents
  • Willing to participate in the on-call rotation and work in a fast-paced, dynamic environment
  • Experience with monitoring and logging tools like Prometheus, Grafana, ELK Stack, etc.
  • Experience with observability platforms like Datadog, Dynatrace, Splunk
  • Excellent analytical and problem-solving skills, with the ability to analyze complex systems and spot the root cause of issues
  • Thrive in an environment where collaboration is crucial and where a global approach is key for successful implementation of processes and projects
  • Passion for defining and standardizing processes to drive strategic improvement and able to translate complex technical concepts with ease for all non technical audiences
  • Natural ability for handling complex situations and multiple responsibilities simultaneously
Job Responsibility
Job Responsibility
  • Participate in 24/7 on-call monitoring and observe platform and merchant performance and detect any issues proactively to mitigate risks in partnership with Engineering teams
  • Coordinate the mitigation, recovery, and resolution of high-impact incidents, ensuring a rapid and effective response across teams
  • Represent the customer perspective during incidents, maintaining a strong customer-centric approach
  • Communicate with merchants real time during an incident and present the most accurate and updated information to keep them informed
  • Escalate critical incidents when needed and provide structured communication to senior management
  • Go beyond reactive incident response by analyzing incident trends to identify recurring issues and systemic weaknesses and partner with engineering and product teams to advocate for long-term fixes
  • Work together with Operations, Product, and Engineering teams to integrate, grow, and continuously improve monitoring strategy and increase reliability
  • Investigate alerts and provide feedback to engineering teams to build effective logging and alerts across the platform architecture
  • Mitigate merchant impact risk by actioning on alerts in partnership with Engineering teams and contribute to the monitoring playbook by documenting learnings
  • Improve operations by leading/project managing initiatives and tools development of automation for effective monitoring
  • Fulltime
Read More
Arrow Right

Incident Response Lead - Global Security

The Incident Response (IR) Lead is accountable for leading and maturing the orga...
Location
Location
Poland; Sweden; United Kingdom , Łódź; Stockholm; London
Salary
Salary:
Not provided
arrive.com Logo
Arrive
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in cybersecurity, with significant hands-on involvement in Incident Response and Detection & Response functions
  • Demonstrated experience leading and managing IR or SOC teams in complex environments
  • Strong expertise in incident response methodologies, digital forensics, threat hunting, and attacker tactics, techniques, and procedures (TTPs)
  • Solid understanding of security technologies (EDR, SIEM, SOAR), network protocols, operating systems, and enterprise infrastructure
  • Proven ability to translate technical findings into business-relevant insights and communicate effectively with senior stakeholders
  • Experience developing and operationalizing playbooks, detection use cases, and response frameworks
  • Strong analytical and problem-solving capabilities, with attention to detail under pressure
  • Ability to lead in high-stress situations, make informed decisions quickly, and manage competing priorities
  • Experience fostering a high-performing team culture focused on collaboration, ownership, and continuous improvement
  • Excellent written and verbal communication skills, including experience delivering executive briefings
Job Responsibility
Job Responsibility
  • Own and lead the Incident Response function, including strategy, governance, and operational execution
  • Direct and optimize daily IR operations, ensuring efficient handling of security incidents, escalations, and threat hunting activities
  • Act as the central coordination point during major incidents, ensuring structured response, clear communication, and minimal business disruption
  • Design, maintain, and continuously improve incident response playbooks, workflows, and escalation procedures
  • Review and quality-assure investigations, ensuring consistency in analysis, evidence handling, and decision-making
  • Collaborate with internal teams and external partners to ensure seamless incident management
  • Lead, mentor, and develop the IR team, promoting technical excellence, accountability, and continuous learning
  • Support crisis management activities, including participation in tabletop exercises and real-world incident coordination
  • Ensure alignment with regulatory, legal, and compliance requirements related to incident response and breach handling
  • Drive integration between detection engineering, threat intelligence, and response to enhance overall security effectiveness
  • Fulltime
Read More
Arrow Right

Incident Manager

This is an incredible opportunity for a progressive, pragmatic, and service-orie...
Location
Location
Philippines , Manila
Salary
Salary:
Not provided
apexclearing.com Logo
Apex Clearing
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5 years of relevant work experience, designing, implementing and executing incident management programs
  • 5 years of experience in partnering with Support/Client Partners/Engineering/Product teams and customers to deliver incident response outcomes
  • Leadership presence with the ability to command and control highly stressful situations with a calming influence
  • Ability to effectively communicate multi-functionally with both internal stakeholders and external customers or partners
  • Evidence of a bias to action with strong attention to detail and data-driven decision making
  • Ability to make logical, quick decisions to progress investigations
  • Prior experience in documenting and collecting relevant data for accurate metrics and reporting
  • Handle majority of IM planning and coordination (PD admin, documentation, training, processes, readiness, proactivity, reporting)
  • Own incident management as a practice and report into ITSM and Tech-Ops leadership. Oversee mentorship and onboarding of new incident manager
  • Provide the depth of Incident Management experience developed working incidents, conducting lessons learned reviewed, coordinating changes and constantly iterating on the process
Job Responsibility
Job Responsibility
  • Deliver results. Use ticket data, client feedback, and experiences to influence and drive improvements in our processes. Produce reports displaying service metrics on key service measures such as response and resolution time
  • Collaborate with engineering and product teams. As a member of the IT Service Management Team you’ll work closely with other support teams to triage, investigate and restore critical service outages
  • Focus on continuous improvement. You'll be expected to identify and report on the frequency and severity of technical incidents which negatively impact internal and external customers
  • Support our world class client base. Promote a culture of quick and effective response to client impacting situations
  • Identify smart and creative ways to solve issues and client challenges
  • Stay updated on new technologies and tools. You’re in tune at all times with new functionality within our current tool kit as well as opportunities using 3rd party tools to improve our level of service to our clients
What we offer
What we offer
  • market-leading salary with an annual bonus
  • 20 days of vacation leave plus regular and special non-working holidays
  • training and development budget
  • private health insurance for medical and dental
  • life insurance
  • flexible working hours
  • parental leave
  • modern city center office
  • hybrid work schedule
  • monthly team lunch-outs
  • Fulltime
Read More
Arrow Right