Senior Incident Response Engineer; San Jose, CA

Archer is an aerospace company based in San Jose, California building an all‑electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. We are designing, manufacturing, and operating an all‑electric aircraft that can carry four passengers while producing minimal noise.

Our sights are set high and our problems are hard, and we believe that diversity in the workplace is what makes us smarter, drives better insights, and will ultimately lift us all to success. We are dedicated to cultivating an equitable and inclusive environment that embraces our differences, and supports and celebrates all of our team members.

Archer is seeking a Senior Incident Response Engineer to lead our detection and remediation efforts across enterprise and aviation technology environments. In this high‑visibility role, you will serve as the primary technical liaison between Archer’s internal security team and our Managed Security Service Provider (MSSP). You will be responsible for translating security alerts into actionable threat intelligence and coordinated response actions while ensuring strict compliance with NIST SP 800-171, CMMC Level 2, and SOX ITGC requirements.

This is a highly technical, hands‑on position. You will lead investigations from initial detection through recovery, produce forensic reports for legal and regulatory stakeholders, and design automated response playbooks. Because Archer operates in a regulated aerospace environment, you must balance rapid response with meticulous evidence preservation.

Archer is building the future of urban air mobility. Our intellectual property and safety‑critical systems are high‑value targets for nation‑state actors and ransomware groups. A single incident could impact aircraft certification or delay FAA approvals. You are the first line of defense when preventive controls fail. Your work ensures our security maturity is audit‑ready for investors, government agencies, and the DoD.

• MSSP Liaison & Alert Management: Serve as the internal SIEM engineer and MSSP relationship owner. Validate alerts by independently querying SIEM data using YARA‑L, SPL, or KQL
  .
• Incident Response & Forensics: Lead technical response for breaches, malware, and insider threats. Execute containment (isolating endpoints, blocking IPs) and conduct deep‑dive forensics including memory analysis and disk imaging.
• Threat Hunting: Execute proactive hunts using EDR telemetry and the MITRE ATT&CK framework to identify lateral movement or persistence mechanisms that evade automated detections.
• Detection Engineering & SOAR: Develop and tune custom detection rules. Design SOAR workflows to automate evidence collection and remediation, reducing MTTD and MTTR.
• Compliance & Audit Support: Design log retention policies to satisfy NIST 800-171 AU and CMMC IR practices. Facilitate external audits by providing evidence of root cause analysis and post‑incident reviews.
• Continuous Improvement: Facilitate tabletop exercises for leadership and engineering teams. Lead post‑incident reviews to document lessons learned and drive strategic program improvements.

• Experience: 5+ years of direct experience in Incident Response or SOC roles, with proven experience managing MSSP SLAs and performance.
• OS Internals: Demonstrated expertise in Windows, Mac, and Linux internals (process behavior, registry analysis, and log sources).
• Scripting: Proficiency in Python, Power Shell, or Bash to automate analysis workflows and evidence collection.
• SIEM/SOAR Mastery: Hands‑on experience with platforms like Google Sec Ops (Chronicle), Splunk, or Microsoft Sentinel
  , and SOAR tools (Cortex XSOAR or Phantom).
• Threat Intelligence: Knowledge of CTI standards (
  STIX/TAXII
  ) and the ability to translate actor TTPs into actionable detection logic.
• Communication: Ability to produce clear, concise written reports for Legal, HR, and regulatory stakeholders that translate technical findings into business risk.

• A…