Senior Incident Response Engineer (San Jose, CA)

<div class="content-intro"><p><span style="font-weight: 400;">Archer is an aerospace company based in San Jose, California building an all-electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. We are designing, manufacturing, and operating an all-electric aircraft that can carry four passengers while producing minimal noise.</span></p> <p><span style="font-weight: 400;">Our sights are set high and our problems are hard, and we believe that diversity in the workplace is what makes us smarter, drives better insights, and will ultimately lift us all to success. We are dedicated to cultivating an equitable and inclusive environment that embraces our differences, and supports and celebrates all of our team members.</span></p></div><h2><strong>Senior Incident Response Engineer (This is an Onsite role from our San Jose, CA location)</strong></h2> <h3><strong>Job Overview</strong></h3> <p>Archer is seeking a <strong>Senior Incident Response Engineer</strong> to lead our detection and remediation efforts across enterprise and aviation technology environments. In this high-visibility role, you will serve as the primary technical liaison between Archer’s internal security team and our Managed Security Service Provider (MSSP). You will be responsible for translating security alerts into actionable threat intelligence and coordinated response actions while ensuring strict compliance with <strong>NIST SP 800-171, CMMC Level 2, and SOX ITGC</strong> requirements.</p> <p>This is a highly technical, hands-on position. You will lead investigations from initial detection through recovery, produce forensic reports for legal and regulatory stakeholders, and design automated response playbooks. Because Archer operates in a regulated aerospace environment, you must balance rapid response with meticulous evidence preservation.</p> <h3><strong>Why This Role Matters at Archer</strong></h3> <p>Archer is building the future of urban air mobility. Our intellectual property and safety-critical systems are high-value targets for nation-state actors and ransomware groups. A single incident could impact aircraft certification or delay FAA approvals. You are the first line of defense when preventive controls fail. Your work ensures our security maturity is "audit-ready" for investors, government agencies, and the DoD.</p> <h3><strong>Key Responsibilities</strong></h3> <ul> <li><strong>MSSP Liaison Alert Management:</strong> Serve as the internal SIEM engineer and MSSP relationship owner. Validate alerts by independently querying SIEM data using <strong>YARA-L, SPL, or KQL</strong>.</li> <li><strong>Incident Response Forensics:</strong> Lead technical response for breaches, malware, and insider threats. Execute containment (isolating endpoints, blocking IPs) and conduct deep-dive forensics including memory analysis and disk imaging.</li> <li><strong>Threat Hunting:</strong> Execute proactive hunts using EDR telemetry and the <strong>MITRE ATTCK</strong> framework to identify lateral movement or persistence mechanisms that evade automated detections.</li> <li><strong>Detection Engineering SOAR:</strong> Develop and tune custom detection rules. Design <strong>SOAR workflows</strong> to automate evidence collection and remediation, reducing MTTD and MTTR.</li> <li><strong>Compliance Audit Support:</strong> Design log retention policies to satisfy <strong>NIST 800-171 AU</strong> and <strong>CMMC IR</strong> practices. Facilitate external audits by providing evidence of root cause analysis and post-incident reviews.</li> <li><strong>Continuous Improvement:</strong> Facilitate tabletop exercises for leadership and engineering teams. Lead post-incident reviews to document lessons learned and drive strategic program improvements.</li> </ul> <h3><strong>Required Qualifications</strong></h3> <ul> <li><strong>Experience:</strong> 5+ years of direct experience in Incident Response or SOC roles, with proven exper ... (truncated, view full listing at source)