Staff Incident Response Analyst

About AlphaSense:

The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on proven AI, AlphaSense delivers insights that matter from content you can trust. Our universe of public and private content includes equity research, company filings, event transcripts, expert calls, news, trade journals, and clients’ own research content.

The acquisition of Tegus by AlphaSense in 2024 advances our shared mission to empower professionals to make smarter decisions through AI-driven market intelligence. Together, AlphaSense and Tegus will accelerate growth, innovation, and content expansion, with complementary product and content capabilities that enable users to unearth even more comprehensive insights from thousands of content sets. Our platform is trusted by over 6,000 enterprise customers, including a majority of the S&P 500. Founded in 2011, AlphaSense is headquartered in New York City with more than 2,000 employees across the globe and offices in the U.S., U.K., Finland, India, Singapore, Canada, and Ireland. Come join us!

About the Role:

We are hiring a Staff Incident Response Analyst to serve as the technical escalation point for our L2 SOC analysts and 24/7 managed detection and response (MDR) partner. When a case exceeds what an L2 can handle — complex forensics, multi-system intrusions, ambiguous attacker behavior, or high-stakes containment decisions — it lands with you. You are the last line of technical defense before the Security Operations Manager is pulled in.

This is a deeply hands-on role. You will spend the majority of your time in tooling: hunting through the SIEM, pulling host artifacts via EDR remote access, tracing IAM chains in cloud audit logs, and reconstructing attacker timelines from raw evidence. You are expected to know what you are looking at without being told, and to be faster and more thorough than the analysts escalating to you.

Core Responsibilities:

Escalation Handling & Incident Leadership

• Receive and own L2 escalations across all severity levels; take over technical lead role on Sev2+
• Scope incidents accurately and quickly: determine blast radius, affected assets, and attacker objectives from available telemetry
• Make and document containment decisions — endpoint isolation, account suspension, token revocation, network block — with clear rationale
• Maintain a forensically sound incident timeline: ordered evidence, source attribution, and chain-of-custody throughout
• Communicate incident status to the Security Operations Manager with enough fidelity to brief upward without needing to re-investigate
• Drive incidents to documented closure: root cause, attacker path, affected assets, and defensive gaps identified

Host & Endpoint Forensics

• Perform deep-dive endpoint triag