Senior Incident Response Engineer (San Jose, CA)
Archer Technologies
San Jose, CA, USA
USD 144k-180k / year
Posted on Mar 4, 2026
Archer is an aerospace company based in San Jose, California building an all-electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. We are designing, manufacturing, and operating an all-electric aircraft that can carry four passengers while producing minimal noise.
Our sights are set high and our problems are hard, and we believe that diversity in the workplace is what makes us smarter, drives better insights, and will ultimately lift us all to success. We are dedicated to cultivating an equitable and inclusive environment that embraces our differences, and supports and celebrates all of our team members.
Senior Incident Response Engineer (This is an Onsite role from our San Jose, CA location)
Job Overview
Archer is seeking a Senior Incident Response Engineer to lead our detection and remediation efforts across enterprise and aviation technology environments. In this high-visibility role, you will serve as the primary technical liaison between Archer’s internal security team and our Managed Security Service Provider (MSSP). You will be responsible for translating security alerts into actionable threat intelligence and coordinated response actions while ensuring strict compliance with NIST SP 800-171, CMMC Level 2, and SOX ITGC requirements.
This is a highly technical, hands-on position. You will lead investigations from initial detection through recovery, produce forensic reports for legal and regulatory stakeholders, and design automated response playbooks. Because Archer operates in a regulated aerospace environment, you must balance rapid response with meticulous evidence preservation.
Why This Role Matters at Archer
Archer is building the future of urban air mobility. Our intellectual property and safety-critical systems are high-value targets for nation-state actors and ransomware groups. A single incident could impact aircraft certification or delay FAA approvals. You are the first line of defense when preventive controls fail. Your work ensures our security maturity is "audit-ready" for investors, government agencies, and the DoD.
Key Responsibilities
- MSSP Liaison & Alert Management: Serve as the internal SIEM engineer and MSSP relationship owner. Validate alerts by independently querying SIEM data using YARA-L, SPL, or KQL.
- Incident Response & Forensics: Lead technical response for breaches, malware, and insider threats. Execute containment (isolating endpoints, blocking IPs) and conduct deep-dive forensics including memory analysis and disk imaging.
- Threat Hunting: Execute proactive hunts using EDR telemetry and the MITRE ATT&CK framework to identify lateral movement or persistence mechanisms that evade automated detections.
- Detection Engineering & SOAR: Develop and tune custom detection rules. Design SOAR workflows to automate evidence collection and remediation, reducing MTTD and MTTR.
- Compliance & Audit Support: Design log retention policies to satisfy NIST 800-171 AU and CMMC IR practices. Facilitate external audits by providing evidence of root cause analysis and post-incident reviews.
- Continuous Improvement: Facilitate tabletop exercises for leadership and engineering teams. Lead post-incident reviews to document lessons learned and drive strategic program improvements.
Required Qualifications
- Experience: 5+ years of direct experience in Incident Response or SOC roles, with proven experience managing MSSP SLAs and performance.
- OS Internals: Demonstrated expertise in Windows, Mac, and Linux internals (process behavior, registry analysis, and log sources).
- Scripting: Proficiency in Python, PowerShell, or Bash to automate analysis workflows and evidence collection.
- SIEM/SOAR Mastery: Hands-on experience with platforms like Google SecOps (Chronicle), Splunk, or Microsoft Sentinel, and SOAR tools (Cortex XSOAR or Phantom).
- Threat Intelligence: Knowledge of CTI standards (STIX/TAXII) and the ability to translate actor TTPs into actionable detection logic.
- Communication: Ability to produce clear, concise written reports for Legal, HR, and regulatory stakeholders that translate technical findings into business risk.
Preferred Qualifications
- Advanced Malware Analysis: Experience with static/dynamic analysis and reverse engineering using IDA Pro, Ghidra, or REMnux.
- Aerospace/Regulated Industry: Familiarity with ITAR compliance, CUI handling, or aviation-specific threats (avionics tampering, firmware security).
- Cloud IR: Experience conducting forensic analysis within AWS, Azure, or GCP environments.
- Certifications: GCIH, GCFA, GCIA, GNFA, or equivalent advanced forensic certifications.
Please note that this job description is intended to provide a general overview of the position and does not include an exhaustive list of responsibilities and qualifications
At Archer we aim to attract, retain, and motivate talent that possess the skills and leadership necessary to grow our business. We drive a pay-for-performance culture and reward performance that supports the Company’s business strategy. For this position we are targeting a base pay between $144,000.00 - $180,00.00. Actual compensation offered will be determined by factors such as job-related knowledge, skills, and experience.
Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit, qualifications, and business needs. We do not discriminate based upon race, color, religion, sex, sexual orientation, age, national origin, disability status, protected veteran status, gender identity or any other characteristic protected by federal, state or local laws.
Archer is committed to working with and providing reasonable accommodations to job applicants with physical or mental disabilities, and those with sincerely held religious beliefs. Applicants who may require reasonable accommodation for any part of the application or hiring process should provide their name and contact information to Archer’s People Team at people@archer.com. Reasonable accommodations will be determined on a case-by-case basis.
Information collected and processed as part of any job applications you choose to submit is subject to Archer's Candidate Privacy Policy.
Archer is unable to provide work visa sponsorship for this position at the present time.
Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit, qualifications, and business needs. We do not discriminate based upon race, color, religion, sex, sexual orientation, age, national origin, disability status, protected veteran status, gender identity or any other characteristic protected by federal, state or local laws.
Archer Aviation does not engage with external recruiting agencies/individual recruiters with whom it does not have a prior written agreement. Archer reserves the right to make use of any unsolicited resumes that it receives and bears no responsibility for payment of any fees asserted from the use of unsolicited resumes. If you are a recruiting agency or individual recruiter wishing to do business with Archer, please reach out to People@archer.com. All employment processes are managed by the Archer People Team.
© 2023 AlleyCorp. All rights reserved. | Privacy Policy | Terms of Service