Incident Response Engineer

BioCatch is the leader in Behavioral Biometrics, a technology that leverages machine learning to analyze an online user’s physical and cognitive digital behavior to protect individuals online. BioCatch’s mission is to unlock the power of behavior and deliver actionable insights to create a digital world where identity, trust, and ease coexist.

Today, 34 of the world's largest 100 banks and 210 total financial institutions rely on BioCatch Connect™ to combat fraud, facilitate digital transformation, and grow customer relationships.. BioCatch’s Client Innovation Board, an industry-led initiative including American Express, Barclays, Citi Ventures, and National Australia Bank, helps BioCatch to identify creative and cutting-edge ways to leverage the unique attributes of behavior for fraud prevention. With over a decade of analyzing data, more than 80 registered patents, and unparalleled experience, BioCatch continues to innovate to solve tomorrow’s problems. For more information, please visit www.biocatch.com.

We are seeking an Incident Response Engineer to join the IR team. This technical role focuses on active investigation, threat mitigation, and the continuous improvement of the security organization’s posture through detection engineering and automation development.

The successful candidate will be responsible for the full lifecycle of security incidents, from initial triage to recovery. Beyond reactive response, this role involves tuning SIEM correlation rules and developing SOAR workflows to increase operational efficiency.

Primary Responsibilities

• Incident Management: Execute the IR lifecycle (Triage, Containment, Eradication, Recovery) for complex security events.
• Technical Investigation: Perform root cause analysis and forensic examination across Windows, Mac, and Linux environments.
• Detection & Tuning: Collaborate with the IR team to create, test, and tune SIEM rules and dashboards to reduce false positives and improve visibility.
• Automation Engineering: Build and refine SOAR playbooks and automated response actions to streamline repetitive investigation tasks.
• Cloud Security: Monitor and mitigate cloud-native threats across Azure, AWS, and GCP environments.

• Experience as a SecOps/IR Analyst or Engineer with a heavy focus on active investigation.
• Deep understanding of the Incident Response lifecycle (Triage, Containment, Eradication, Recovery).
• Hands-on experience handling and managing security alerts, performing root cause analysis, and leading investigations.
• Experience working across cloud providers (Azure, AWS, GCP) to identify and mitigate cloud-native threats.
• Strong knowledge of operating systems (Mac, Windows, Linux) and their respective artifacts.
• Proficiency with Splunk or other SIEM platforms for log analysis and threat hunting.
• Experience with XSOAR or other security automation tools from an end-user/analyst perspective.
• Strong knowledge of security technologies, including EDR, Mail Relay, Vulnerability Scanning, Secure Access, and MDM.
• Scripting experience with Python or Bash to assist in data parsing and investigation tasks.

Preferred Qualifications

• Detection Engineering: Ability to build and improve SIEM rules, correlations, and dashboards.
• Automation Development: Experience developing new SOAR workflows, automated actions, and response playbooks.
• Technical Literacy: Familiarity with REST APIs and Regex for advanced querying and tool integration.
• Container Security: Familiarity and experience with K8S (Kubernetes).
• Consultative Skills: Ability to provide guidance on best practices in Cloud Security and SIEM operations.