Underpaidby HiringX
← All Jobs

Staff Incident Response Analyst

Alphasense

Remote - IndiaRemoteCorporate Services, Technology, & Security

About the role

About AlphaSense:

The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on proven AI, AlphaSense delivers insights that matter from content you can trust. Our universe of public and private content includes equity research, company filings, event transcripts, expert calls, news, trade journals, and clients’ own research content.

The acquisition of Tegus by AlphaSense in 2024 advances our shared mission to empower professionals to make smarter decisions through AI-driven market intelligence. Together, AlphaSense and Tegus will accelerate growth, innovation, and content expansion, with complementary product and content capabilities that enable users to unearth even more comprehensive insights from thousands of content sets. Our platform is trusted by over 6,000 enterprise customers, including a majority of the S&P 500. Founded in 2011, AlphaSense is headquartered in New York City with more than 2,000 employees across the globe and offices in the U.S., U.K., Finland, India, Singapore, Canada, and Ireland. Come join us!

About the Role:

We are hiring a Staff Incident Response Analyst to serve as the technical escalation point for our L2 SOC analysts and 24/7 managed detection and response (MDR) partner. When a case exceeds what an L2 can handle — complex forensics, multi-system intrusions, ambiguous attacker behavior, or high-stakes containment decisions — it lands with you. You are the last line of technical defense before the Security Operations Manager is pulled in.

This is a deeply hands-on role. You will spend the majority of your time in tooling: hunting through the SIEM, pulling host artifacts via EDR remote access, tracing IAM chains in cloud audit logs, and reconstructing attacker timelines from raw evidence. You are expected to know what you are looking at without being told, and to be faster and more thorough than the analysts escalating to you.

Core Responsibilities:

Escalation Handling & Incident Leadership

Receive and own L2 escalations across all severity levels; take over technical lead role on Sev2+

Scope incidents accurately and quickly: determine blast radius, affected assets, and attacker objectives from available telemetry

Make and document containment decisions — endpoint isolation, account suspension, token revocation, network block — with clear rationale

Maintain a forensically sound incident timeline: ordered evidence, source attribution, and chain-of-custody throughout

Communicate incident status to the Security Operations Manager with enough fidelity to brief upward without needing to re-investigate

Drive incidents to documented closure: root cause, attacker path, affected assets, and defensive gaps identified

Host & Endpoint Forensics

Perform deep-dive endpoint triage via EDR: process tree analysis, remote artifact collection, behavioral event review, and custom detection rule evaluation

Reconstruct attacker acti