Senior Security Engineer - Security Event Analysis Team; SEAT

Senior Security Engineer – Security Event Analysis Team (SEAT)

We are seeking an experienced Senior Security Engineer to join our Security Event Analysis Team (SEAT) within the broader Security Incident Response Team (SIRT). The role involves responding to cyber-attacks, restoring services, forensically investigating root causes, and collaborating with other engineers to design and implement solutions that improve incident response readiness.

Southern California: $146,000 – $197,500 per year. Eligible for cash bonus, equity rewards, and benefits in accordance with Intuit plans and programs.

• Oversee and promptly respond to escalated security events, activating the Security Incident Response Plan as required.
• Provide on‑call support for critical severity issues, manage communications, and report incident status to stakeholders.
• Lead forensic analysis to determine root cause, scope, and impact of security incidents.
• Develop, maintain, and improve incident response plans, procedures, and playbooks for swift action and regulatory compliance.
• Present guidance and training on security best practices and incident response to partners, ensuring alignment with business objectives and compliance.
• Mentor and train incident responders on handling techniques, forensic analysis, and cloud security forensics.
• Collaborate with Compliance, Legal, and Risk teams to align incident response with business and regulatory needs.
• Assess vulnerabilities, propose remediation strategies, and stay current on emerging security trends, threats, and countermeasures.

• Bachelor’s degree in Technology, Computer Science, Cybersecurity, or related field.
• Industry‑recognized certifications such as AWS Security Specialty, GCIH, GCFA, GFCE, CISSP are advantageous.
• 3–5 years dedicated cybersecurity experience with a focus on digital forensics and incident response.
• 1–3 years scripting experience in bash, Power Shell, and Python.
• Experience with EDR or Cloud Security Posture Management tools such as Crowd Strike Falcon, Sentinel One, or Wiz.
• Strong knowledge of cybersecurity, networking principles, protocols, ports, and frameworks (OWASP, MITRE ATT&CK, NIST, CIS).
• Experience defending Public Cloud services (AWS, Azure, GCP) including IAM, CI/CD, network security, DLP.
• Deep understanding of SIEM solutions such as Splunk, Log Scale.
• Analytical, problem‑solving, and risk assessment skills.
• Excellent written and verbal communication with ability to explain technical details to non‑technical audiences.
• Self‑motivated, autonomous, and able to handle pressure and tight deadlines.
• Profound knowledge of digital forensics and incident response lifecycle (NIST, SANS).
• Adaptability, proactive attitude, and continuous learning mindset.
• Understanding of AI technologies applied to threat detection and incident response.

Mid‑Senior Level