Senior Incident Response Engineer (San Jose, CA)
Company: Archer
Location: San Jose
Posted on: April 1, 2026
|
|
|
Job Description:
Archer is an aerospace company based in San Jose, California
building an all-electric vertical takeoff and landing aircraft with
a mission to advance the benefits of sustainable air mobility. We
are designing, manufacturing, and operating an all-electric
aircraft that can carry four passengers while producing minimal
noise. Our sights are set high and our problems are hard, and we
believe that diversity in the workplace is what makes us smarter,
drives better insights, and will ultimately lift us all to success.
We are dedicated to cultivating an equitable and inclusive
environment that embraces our differences, and supports and
celebrates all of our team members. Senior Incident Response
Engineer (This is an Onsite role from our San Jose, CA location)
Job Overview Archer is seeking a Senior Incident Response Engineer
to lead our detection and remediation efforts across enterprise and
aviation technology environments. In this high-visibility role, you
will serve as the primary technical liaison between Archer’s
internal security team and our Managed Security Service Provider
(MSSP). You will be responsible for translating security alerts
into actionable threat intelligence and coordinated response
actions while ensuring strict compliance with NIST SP 800-171, CMMC
Level 2, and SOX ITGC requirements. This is a highly technical,
hands-on position. You will lead investigations from initial
detection through recovery, produce forensic reports for legal and
regulatory stakeholders, and design automated response playbooks.
Because Archer operates in a regulated aerospace environment, you
must balance rapid response with meticulous evidence preservation.
Why This Role Matters at Archer Archer is building the future of
urban air mobility. Our intellectual property and safety-critical
systems are high-value targets for nation-state actors and
ransomware groups. A single incident could impact aircraft
certification or delay FAA approvals. You are the first line of
defense when preventive controls fail. Your work ensures our
security maturity is "audit-ready" for investors, government
agencies, and the DoD. Key Responsibilities MSSP Liaison & Alert
Management: Serve as the internal SIEM engineer and MSSP
relationship owner. Validate alerts by independently querying SIEM
data using YARA-L, SPL, or KQL . Incident Response & Forensics:
Lead technical response for breaches, malware, and insider threats.
Execute containment (isolating endpoints, blocking IPs) and conduct
deep-dive forensics including memory analysis and disk imaging.
Threat Hunting: Execute proactive hunts using EDR telemetry and the
MITRE ATT&CK framework to identify lateral movement or
persistence mechanisms that evade automated detections. Detection
Engineering & SOAR: Develop and tune custom detection rules. Design
SOAR workflows to automate evidence collection and remediation,
reducing MTTD and MTTR. Compliance & Audit Support: Design log
retention policies to satisfy NIST 800-171 AU and CMMC IR
practices. Facilitate external audits by providing evidence of root
cause analysis and post-incident reviews. Continuous Improvement:
Facilitate tabletop exercises for leadership and engineering teams.
Lead post-incident reviews to document lessons learned and drive
strategic program improvements. Required Qualifications Experience:
5 years of direct experience in Incident Response or SOC roles,
with proven experience managing MSSP SLAs and performance. OS
Internals: Demonstrated expertise in Windows, Mac, and Linux
internals (process behavior, registry analysis, and log sources).
Scripting: Proficiency in Python, PowerShell, or Bash to automate
analysis workflows and evidence collection. SIEM/SOAR Mastery:
Hands-on experience with platforms like Google SecOps (Chronicle),
Splunk, or Microsoft Sentinel , and SOAR tools (Cortex XSOAR or
Phantom). Threat Intelligence: Knowledge of CTI standards (
STIX/TAXII ) and the ability to translate actor TTPs into
actionable detection logic. Communication: Ability to produce
clear, concise written reports for Legal, HR, and regulatory
stakeholders that translate technical findings into business risk.
Preferred Qualifications Advanced Malware Analysis: Experience with
static/dynamic analysis and reverse engineering using IDA Pro,
Ghidra, or REMnux . Aerospace/Regulated Industry: Familiarity with
ITAR compliance , CUI handling, or aviation-specific threats
(avionics tampering, firmware security). Cloud IR: Experience
conducting forensic analysis within AWS, Azure, or GCP
environments. Certifications: GCIH, GCFA, GCIA, GNFA, or equivalent
advanced forensic certifications. Please note that this job
description is intended to provide a general overview of the
position and does not include an exhaustive list of
responsibilities and qualifications At Archer we aim to attract,
retain, and motivate talent that possess the skills and leadership
necessary to grow our business. We drive a pay-for-performance
culture and reward performance that supports the Company’s business
strategy. For this position we are targeting a base pay between
$144,000.00 - $180,00.00. Actual compensation offered will be
determined by factors such as job-related knowledge, skills, and
experience. Archer is proud to be an Equal Opportunity employer
committed to diversity and inclusivity in the workplace. All
aspects of employment are decided on the basis of merit,
qualifications, and business needs. We do not discriminate based
upon race, color, religion, sex, sexual orientation, age, national
origin, disability status, protected veteran status, gender
identity or any other characteristic protected by federal, state or
local laws. Archer is committed to working with and providing
reasonable accommodations to job applicants with physical or mental
disabilities, and those with sincerely held religious beliefs.
Applicants who may require reasonable accommodation for any part of
the application or hiring process should provide their name and
contact information to Archer’s People Team at people@archer.com .
Reasonable accommodations will be determined on a case-by-case
basis. Information collected and processed as part of any job
applications you choose to submit is subject to Archer's Candidate
Privacy Policy . Archer is unable to provide work visa sponsorship
for this position at the present time. Archer is proud to be an
Equal Opportunity employer committed to diversity and inclusivity
in the workplace. All aspects of employment are decided on the
basis of merit, qualifications, and business needs. We do not
discriminate based upon race, color, religion, sex, sexual
orientation, age, national origin, disability status, protected
veteran status, gender identity or any other characteristic
protected by federal, state or local laws. Archer Aviation does not
engage with external recruiting agencies/individual recruiters with
whom it does not have a prior written agreement. Archer reserves
the right to make use of any unsolicited resumes that it receives
and bears no responsibility for payment of any fees asserted from
the use of unsolicited resumes. If you are a recruiting agency or
individual recruiter wishing to do business with Archer, please
reach out to People@archer.com . All employment processes are
managed by the Archer People Team.
Keywords: Archer, Vallejo , Senior Incident Response Engineer (San Jose, CA), IT / Software / Systems , San Jose, California
