Lead Security Incident Response Engineer
Who we are:Motive empowers the people who run physical operations with tools to make their work safer, more productive, and more profitable. For the first time ever, safety, operations and finance teams can manage their drivers, vehicles, equipment, and fleet related spend in a single system. Combined with industry leading AI, the Motive platform gives you complete visibility and control, and significantly reduces manual workloads by automating and simplifying tasks.Motive serves more than 100,000 customers β from Fortune 500 enterprises to small businesses β across a wide range of industries, including transportation and logistics, construction, energy, field service, manufacturing, agriculture, food and beverage, retail, and the public sector.Visit gomotive.com to learn more.About the Role: Motive is looking for a passionate Lead Security Incident Response Engineer to join our Security Engineering team. This team is responsible for the overall security and privacy of all products and services offered by the company. As the Lead Incident Response Engineer, you will be a foundational member, focused on designing, building, and maturing our incident detection and response program. You will be responsible for creating and implementing strategies to identify, analyze, contain, eradicate, and recover from security incidents effectively. This role requires a blend of hands-on technical expertise, strategic program development, and strong cross-functional collaboration.In this position you will be expected to:
Design, implement, and continuously improve our incident detection and response capabilities, including security monitoring, alert tuning, and threat hunting.
Develop and refine incident response policies, processes, and playbooks.
Lead technical investigations into security incidents from initial alert through to post-mortem analysis and remediation.
Drive automation initiatives within the incident response lifecycle, leveraging scripting and SOAR platforms to enhance efficiency and reduce manual effort.
Collaborate closely with engineering, operations, and product teams to integrate security best practices, enhance logging, and ensure swift remediation of vulnerabilities identified during incidents.
Contribute to the continuous improvement of our security posture by identifying systemic weaknesses and advocating for preventative controls.
What youβll do:
Build, mature, and operate a robust incident detection and response program, encompassing people, processes, and technology.
Develop and implement advanced detection methodologies, rules, and alerts to identify sophisticated threats rapidly.
Lead and manage the full lifecycle of security incidents, from initial detection and triage to containment, eradication, recovery, and thorough post-incident review.
Architect and implement security automation solutions to streamline incident response workflows, enrich alerts, and facilitate faster remediation.
Proactively engage in threat hunting activities to uncover hidden threats and vulnerabilities across our multi-cloud environment.
Provide expertise and guidance during critical security events, acting as a primary point of contact for technical incident management.
Document incident findings, lessons learned, and contribute to the development of actionable intelligence to prevent future occurrences.
What weβre looking for:
Proven ability to manage yourself, prioritize tasks, and produce high-quality results in a fast-paced environment.
5+ years of experience in incident response, security operations, or a closely related security discipline.
Strong proficiency in scripting languages (e.g., Python, Go, PowerShell) for automation, data analysis, and security tooling development.
In-depth understanding and hands-on experience with security tooling and platforms, including SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, and Response), EDR (Endpoint Detection and Response), network forensics tools, and cloud security monitoring solutions.
Demonstrated experience building, maturing, and scaling incident response programs, including detection engineering, playbook development, and conducting incident post-mortems.
Expert knowledge of common attack techniques (e.g., MITRE ATT&CK framework), threat intelligence methodologies, and digital forensics principles.
Strong understanding of cloud security best practices and experience securing environments in public clouds (AWS, Azure, GCP).
Experience with container orchestration technologies (Docker, Kubernetes) and securing microservices architectures.
Strong communication and collaboration skills, comfortable working cross-functionally with a track record of delivering results.
Ability to design and write program/design specifications for self and others, with a focus on comprehensive documentation.
Self-starting and independent; able to manage and drive complex projects to completion based on defined specifications.
Able to work across team boundaries, reach consensus amongst disparate viewpoints, and graciously receive feedback.
Understanding of data structures and their application in security analytics and incident investigations.
As a bonus:
Relevant industry certifications (e.g., GCIH, GCFA, GCTI, CySA+, CISSP).
Experience in a highly regulated industry or with compliance frameworks (e.g., SOC 2, ISO 27001).
Familiarity with serverless architectures and their security implications.
Pay TransparencyYour compensation may be based on several factors, including education, work experience, and certifications. For certain roles, total compensation may include restricted stock units. Motive offers benefits including health, pharmacy, optical and dental care benefits, paid time off, sick time off, short term and long term disability coverage, life insurance as well as 401k contribution (all benefits are subject to eligibility requirements). Learn more about our benefits by visiting Motive Perks & Benefits.The compensation range for this position will depend on where you reside. For this role, the compensation range is:United States$126,000β$193,000 USDCreating a diverse and inclusive workplace is one of Motive’s core values. We are an equal opportunity employer and welcome people of different backgrounds, experiences, abilities and perspectives. Please review our Candidate Privacy Notice here .UK Candidate Privacy Notice here.The applicant must be authorized to receive and access those commodities and technologies controlled under U.S. Export Administration Regulations. It is Motive’s policy to require that employees be authorized to receive access to Motive products and technology. #LI-Remote
Apply Now
Design, implement, and continuously improve our incident detection and response capabilities, including security monitoring, alert tuning, and threat hunting.
Develop and refine incident response policies, processes, and playbooks.
Lead technical investigations into security incidents from initial alert through to post-mortem analysis and remediation.
Drive automation initiatives within the incident response lifecycle, leveraging scripting and SOAR platforms to enhance efficiency and reduce manual effort.
Collaborate closely with engineering, operations, and product teams to integrate security best practices, enhance logging, and ensure swift remediation of vulnerabilities identified during incidents.
Contribute to the continuous improvement of our security posture by identifying systemic weaknesses and advocating for preventative controls.
What youβll do:
Build, mature, and operate a robust incident detection and response program, encompassing people, processes, and technology.
Develop and implement advanced detection methodologies, rules, and alerts to identify sophisticated threats rapidly.
Lead and manage the full lifecycle of security incidents, from initial detection and triage to containment, eradication, recovery, and thorough post-incident review.
Architect and implement security automation solutions to streamline incident response workflows, enrich alerts, and facilitate faster remediation.
Proactively engage in threat hunting activities to uncover hidden threats and vulnerabilities across our multi-cloud environment.
Provide expertise and guidance during critical security events, acting as a primary point of contact for technical incident management.
Document incident findings, lessons learned, and contribute to the development of actionable intelligence to prevent future occurrences.
What weβre looking for:
Proven ability to manage yourself, prioritize tasks, and produce high-quality results in a fast-paced environment.
5+ years of experience in incident response, security operations, or a closely related security discipline.
Strong proficiency in scripting languages (e.g., Python, Go, PowerShell) for automation, data analysis, and security tooling development.
In-depth understanding and hands-on experience with security tooling and platforms, including SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, and Response), EDR (Endpoint Detection and Response), network forensics tools, and cloud security monitoring solutions.
Demonstrated experience building, maturing, and scaling incident response programs, including detection engineering, playbook development, and conducting incident post-mortems.
Expert knowledge of common attack techniques (e.g., MITRE ATT&CK framework), threat intelligence methodologies, and digital forensics principles.
Strong understanding of cloud security best practices and experience securing environments in public clouds (AWS, Azure, GCP).
Experience with container orchestration technologies (Docker, Kubernetes) and securing microservices architectures.
Strong communication and collaboration skills, comfortable working cross-functionally with a track record of delivering results.
Ability to design and write program/design specifications for self and others, with a focus on comprehensive documentation.
Self-starting and independent; able to manage and drive complex projects to completion based on defined specifications.
Able to work across team boundaries, reach consensus amongst disparate viewpoints, and graciously receive feedback.
Understanding of data structures and their application in security analytics and incident investigations.
As a bonus:
Relevant industry certifications (e.g., GCIH, GCFA, GCTI, CySA+, CISSP).
Experience in a highly regulated industry or with compliance frameworks (e.g., SOC 2, ISO 27001).
Familiarity with serverless architectures and their security implications.
Pay TransparencyYour compensation may be based on several factors, including education, work experience, and certifications. For certain roles, total compensation may include restricted stock units. Motive offers benefits including health, pharmacy, optical and dental care benefits, paid time off, sick time off, short term and long term disability coverage, life insurance as well as 401k contribution (all benefits are subject to eligibility requirements). Learn more about our benefits by visiting Motive Perks & Benefits.The compensation range for this position will depend on where you reside. For this role, the compensation range is:United States$126,000β$193,000 USDCreating a diverse and inclusive workplace is one of Motive’s core values. We are an equal opportunity employer and welcome people of different backgrounds, experiences, abilities and perspectives. Please review our Candidate Privacy Notice here .UK Candidate Privacy Notice here.The applicant must be authorized to receive and access those commodities and technologies controlled under U.S. Export Administration Regulations. It is Motive’s policy to require that employees be authorized to receive access to Motive products and technology. #LI-Remote
Apply Now