Why This Job is Featured on The SaaS Jobs
Security roles in SaaS are increasingly defined by how well a company can protect its own cloud-first operations while maintaining customer trust. This CSIRT Analyst position sits at that intersection, focused on internal incident response for a cybersecurity SaaS provider that operates at meaningful endpoint and identity scale. The remit signals a mature security posture where incident handling, telemetry quality, and readiness exercises are treated as product-adjacent capabilities rather than ad hoc support work.
For a long-term SaaS security career, the role builds experience that translates across subscription businesses that run on AWS, Azure, and M365. Owning the incident response lifecycle, partnering with detection engineering and product security, and driving post-incident remediation creates a practical view of how SaaS organizations operationalize resilience. The emphasis on playbooks, reporting, and repeatable processes also maps closely to how security programs scale alongside distributed engineering and support functions.
This is best suited to professionals who prefer cross-functional coordination and clear operational ownership, not just deep technical investigation. It will appeal to someone comfortable acting as an escalation point, shaping preparedness through exercises, and communicating outcomes to both engineers and leadership in a remote-first environment.
The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.
Job Description
Reports to: Director of Product Security and Incident Response
Location: Remote US
Compensation Range: $195,000 to $210,000 plus bonus and equity
What We Do:
Huntress is a fully remote, global team of passionate experts and ethical badasses on a mission to break down the barriers to cybersecurity. Whether creating purpose-built security solutions, hunting down hackers, or impacting our community, our people go above and beyond to change the security game and make a real difference.
Founded in 2015 by former NSA cyber operators, Huntress protects all businesses—not just the 1%—with enterprise-grade, fully owned, and managed cybersecurity products at the price of an affordable SaaS application. The Huntress difference is our One Team advantage: our technology is designed with our industry-defining Security Operations Center (SOC) in mind and is never separated from our service.
We protect 4M+ endpoints and 7M+ identities worldwide, elevating underresourced IT teams with protection that works as hard as they do. As long as hackers keep hacking, Huntress keeps hunting.
What You’ll Do:
As a Staff CSIRT Analyst, you will be the cornerstone of Huntress’ internal security resilience. You will act as the primary internal escalation point from our SOC, ensuring we protect ourselves with the same rigor and products we use for our customers. In this role, you will strategize with leaders across multiple functions to identify work streams and own the end-to-end incident response lifecycle. You will guide teams, determine key milestones, and proactively anticipate blockers that could hinder our response capabilities.
Responsibilities:
- Incident Response & Triage: Lead the identification, triage, and validation of security incidents through various telemetry sources, acting as the ultimate escalation point for the SOC.
- Strategic Preparedness: Drive organizational incident readiness by designing and executing practical response exercises (tabletops and purple teaming) to ensure first responders are prepared at all levels of our organization.
- Telemetry Optimization: Partner with engineering, product security, and detection engineering teams to tune existing telemetry sources to a high true-positive rate, reducing noise and increasing detection efficacy.
- Offensive Security Partnership: Collaborate closely with the Offensive Security team to identify visibility gaps and ensure proper coverage against modern threat actor TTPs. Partner with product security, engineering, detection engineering, and other applicable business units to close these gaps rather than treating them as a blocker.
- Continuous Improvement & Leadership: Lead cross-functional Post-Incident Reviews (PIRs) to extract critical lessons learned; own the lifecycle of resulting remediation tasks, driving specific tooling and process enhancements that harden organizational defenses and response against future threats.
- Stakeholder Communication: Develop and present comprehensive reports and "lessons learned" to stakeholders at all levels following major incidents or exercises.
- Documentation: Create and maintain playbooks, system configurations, and incident response standards to ensure scalability and supportability.
What You Bring To The Team:
- Experience: 8+ years of experience in Incident Response, SOC Operations, or Digital Forensics (DFIR).
- Technical Expertise: Advanced knowledge of EDR/MDR platforms, log aggregation (SIEM/ELK), and cloud security environments (AWS/Azure/M365).
- Problem Solving: Proven ability to articulate the root cause of complex problems using first principles and translate insights into technical solutions.
- Strategic Thinking: Experience leading small project teams and aligning tech stacks across functions.
- Communication: Exceptional ability to convey complex technical incident details to both technical teams and executive leadership.
- Tooling: Familiarity with automation/SOAR platforms and documentation tools like Confluence, Jira, and Lucid Chart.
- Mindset: A proactive, forward-thinking approach to security with a passion for building "stewardship of culture" through inclusive and actionable security behaviors.
What We Offer:
- 100% remote work environment - since our founding in 2015
- Generous paid time off policy, including vacation, sick time, and paid holidays
- 12 weeks of paid parental leave
- Highly competitive and comprehensive medical, dental, and vision benefits plans
- 401(k) with a 5% contribution regardless of employee contribution
- Life and Disability insurance plans
- Stock options for all full-time employees
- One-time $500 reimbursement for building/upgrading home office
- Annual allowance for education and professional development assistance
- $75 USD/month digital reimbursement
- Access to the BetterUp platform for coaching, personal, and professional growth
Huntress is committed to creating a culture of inclusivity where every single member of our team is valued, has a voice, and is empowered to come to work every day just as they are.
We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, disability, veteran status, genetic information, marital status, or any other legally protected status.
We do discriminate against hackers who try to exploit businesses of all sizes.
Accommodations:
If you require reasonable accommodation to complete this application, interview, or pre-employment testing or participate in the employee selection process, please direct your inquiries to accommodations@huntresslabs.com. Please note that non-accommodation requests to this inbox will not receive a response.
Huntress uses artificial intelligence tools to assist in reviewing and evaluating job applications, including resume screening, skills assessment, and candidate matching and comparisons. These AI tools support our human recruiters in the initial review process but do not make final hiring decisions without human involvement. By submitting your application, you acknowledge this use of AI in our recruitment process. Please review our Candidate Privacy Notice for more details on our practices and your data privacy rights.
#BI-Remote
