Senior Incident Response Engineer

Snowflake is about empowering enterprises to achieve their full potential - and people too. With a culture that's all in on impact, innovation, and collaboration, Snowflake is the sweet spot for building big, moving fast, and taking technology - and careers - to the next level.

This person will be required to work West Coast hours, at a minimal 8am-5pm PST.

• Join a high impact team of security experts to scale security at one of the fastest-growing software companies ever

• Work west coast hours, at a minimal 8am - 5pm PT

• Assume the role of incident commander, lead analyst, or investigator for incidents or insider threat investigations

• Respond to security incidents across various cloud service providers (CSP)

• Maintain playbooks and develop comprehensive and well-structured incident reports

• Build scripts, tools, and methodologies to enhance Snowflake incident response

• Partner closely with our Threat Detection, Automation, ProductSecurity, Legal, HR, Cloud and Data teams

• Create and improve detections and threat signatures

• Participate in on-call rotation periodically which may involve non-traditional working hours

• Mentoring junior incident response engineers

• Communicate well verbally and in writing

• Has a strong growth mindset and team first attitude

• Strong experience in IR, security/insider threat investigations, and running incidents as the incident commander

• Experience using investigative tools such as EDR, DLP, SIEM, and SOAR

• Automation experience in Python and be comfortable with SQL

• Excellent understanding of cloud security across all cloud service providers

• Ability to convert long term strategy into short and long-term objectives

• Experience leading security projects in a fast moving environment while maintaining collaboration with key stakeholders

• Knowledge of network and web protocols, and an in-depth knowledge of Linux/Unix tools and architecture

• Experience conducting forensics investigations on Mac, Unix or Windows hosts

Every Snowflake employee is expected to follow the company's confidentiality and security standards for handling sensitive data. Snowflake employees must abide by the company's data security plan as an essential part of their duties. It is every employee's duty to keep customer information secure and confidential.

The application window is expected to be open until November 28, 2025. This opportunity will remain posted based on business needs, which may be before or after the specified date.

Snowflake is growing fast, and we're scaling our team to help enable and accelerate our growth. We are looking for people who share our values, challenge ordinary thinking, and push the pace of innovation while building a future for themselves and Snowflake.

How do you want to make your impact?

For jobs located in the United States, please visit the job posting on the Snowflake Careers Site for salary and benefits information: careers.snowflake.com

The following represents the expected range of compensation for this role:

• The estimated base salary range for this role is $211,000 - $303,600.
• Additionally, this role is eligible to participate in Snowflake's bonus and equity plan.

The successful candidate's starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location. This role is also eligible for a competitive benefits package that includes: medical, dental, vision, life, and disability insurance; 401(k) retirement plan; flexible spending & health savings account; at least 12 paid holidays; paid time off; parental leave; employee assistance program; and other company benefits.

To comply with pay transparency requirements and other statutes, you can notify us if you believe that a job posting is not compliant by completing this form.