Sr. Security Operations Engineer, Incident Response

About the Role

The security team at Affirm is passionate about redefining fintech security through collaboration, innovation, and a team-first mindset. As a Senior Security Operations Engineer, you will be a hands-on practitioner and technical contributor who drives incident response efforts from triage through resolution. You will have the opportunity to help solve complex security challenges and build capabilities that protect millions of customers, merchants, and partners.

Affirm's commitment to security is reflected in its mission to make credit more honest and friendly. The company's long-term success depends on its ability to safeguard its assets and infrastructure, and the Senior Security Operations Engineer plays a vital role in achieving this goal.

What You Will Do

• Lead security incidents end-to-end, from detection and triage through containment, remediation, and post-incident review
• Act as incident commander, driving clear decisions and alignment across teams during high-pressure situations
• Conduct hands-on investigations across cloud and endpoint environments to determine root cause and impact
• Partner with Observability & Automation to improve detections, reduce noise, and build automated response playbooks
• Contribute to and refine incident response playbooks, runbooks, and documentation to improve readiness and consistency
• Collaborate with Security, Infrastructure, and Product teams to identify gaps and strengthen the incident response lifecycle
• Communicate effectively during incidents, providing clear updates to both technical and non-technical stakeholders
• Develop and maintain a deep understanding of Affirm's security posture and threat landscape
• Stay up-to-date with emerging security threats and trends, applying this knowledge to improve incident response efforts

What We Are Looking For

• 5+ years of experience in Security Operations or Detection & Response, with strong hands-on incident response in cloud environments
• Proven ability to lead security incidents, including containment and remediation, in fast-moving environments
• Strong investigative and analytical skills, with the ability to synthesize signals from multiple data sources
• Experience with security tooling such as SIEM and EDR platforms (e.g., Splunk, Elastic, SentinelOne, CrowdStrike, or similar)
• Solid understanding of cloud security concepts and their application in real-world scenarios
• Strong communication skills, with the ability to clearly convey information across technical and non-technical audiences
• Experience building or improving automation for incident response workflows (e.g., scripting in Python; infrastructure-as-code is a plus)
• Ability to work in a remote environment, with a strong focus on collaboration and teamwork

Nice to Have

• Experience with AWS and EKS environments
• Knowledge of security frameworks and compliance regulations (e.g., SOC 2, PCI-DSS)
• Experience with incident response tools and platforms (e.g., Demisto, Phantom)
• Familiarity with agile development methodologies and version control systems (e.g., Git)

Benefits and Perks

• Competitive salary and equity package
• Comprehensive health insurance and benefits
• Flexible PTO and remote work arrangements
• Professional development opportunities and training budget
• Access to cutting-edge security tools and technologies
• Collaborative and dynamic work environment
• Opportunity to work on complex and challenging security projects
• Recognition and reward for outstanding performance and contributions

• Be prepared to provide specific examples of your experience with incident response and security operations, including your approach to managing security incidents and improving detections.
• Familiarize yourself with Affirm's security posture and threat landscape, and be prepared to discuss your understanding of these topics.
• Showcase your ability to communicate complex technical information to non-technical stakeholders, including your experience with incident response communication plans.
• Highlight your experience with security tooling and automation, including your proficiency with scripting languages like Python.
• Be ready to discuss your experience working in a remote environment, including your ability to collaborate with cross-functional teams and manage your time effectively.
• Research Affirm's company culture and values, and be prepared to discuss how your skills and experience align with these.
• Prepare to discuss your salary expectations and requirements, including any benefits or perks you are looking for in a remote role.