Senior Security Specialist – Incident Management

About HighLevel

HighLevel is a cloud-based, all-in-one white-label marketing and sales platform that empowers marketing agencies, entrepreneurs, and businesses to elevate their digital presence and drive growth. We are proud to support a global and growing community of over 2 million businesses, from marketing agencies to entrepreneurs to small businesses and beyond. Our platform empowers users across industries to streamline operations, drive growth, and crush their goals.

HighLevel processes over 15 billion API hits and handles more than 2.5 billion message events every day. Our platform manages 470 terabytes of data distributed across five databases, operates with a network of over 250 micro-services, and supports over 1 million domain names.

Our People

With over 1,500 team members across 15+ countries, we operate in a global, remote-first environment. We are building more than software; we are building a global community rooted in creativity, collaboration, and impact. We take pride in cultivating a culture where innovation thrives, ideas are celebrated, and people come first, no matter where they call home.

Our Impact

Every month, our platform powers over 1.5 billion messages, helps generate over 200 million leads, and facilitates over 20 million conversations for the more than 2 million businesses we serve. Behind those numbers are real people growing their companies, connecting with customers, and making their mark - and we get to help make that happen.

Learn more about us on our YouTube Channel or Blog Posts

About The Role

We are seeking an experienced and proactive Senior Security Specialist – Incident Management to join our security operations team. This role will be responsible for monitoring, detecting, analyzing, and responding to security incidents. The ideal candidate will have deep expertise in incident management, strong analytical skills, and hands-on experience with enterprise-grade detection and response platforms. The analyst will lead investigations, coordinate with cross-functional teams, and provide actionable insights to reduce risk and strengthen the organization’s overall security posture.

Key Responsibilities

• Monitor and analyze alerts from SIEM, EDR, CSPM, and cloud-native security platforms.
• Perform initial triage, validation, and escalation of security alerts and suspicious activity.
• Develop and tune detection rules, dashboards, and queries for improved monitoring.
• Lead incident containment, eradication, and recovery activities.
• Conduct in-depth investigations of endpoint, cloud, and network-based threats.
• Maintain and improve incident response playbooks aligned with NIST 800-61 and MITRE ATT&CK.
• Perform proactive threat hunting across SIEM, EDR, and cloud environments.
• Conduct forensic analysis, root cause investigations, and evidence collection.
• Apply threat intelligence to enhance detection and reduce dwell time.
• Partner with IT, Cloud, Security, Legal, and Compliance teams for coordinated incident resolution.
• Work with LEA in the US to receive threat intelligence and share updates whenever required.
• Investigate container security incidents (e.g., Kubernetes, Docker) including misconfigurations, runtime threats, and unauthorized access.
• Analyze application-layer attacks such as SQL injection, XSS, RCE, and API abuse.
• Collaborate with DevOps/AppSec teams to assess vulnerabilities identified during incidents and provide remediation guidance.
• Conduct log analysis and forensic review of application and container environments to identify compromise indicators.
• Provide clear, actionable updates to both technical and executive audiences.
• Prepare detailed incident reports and present monthly/quarterly security metrics.
• Recommend improvements in logging, monitoring, and automation (SOAR).
• Track and report KPIs such as MTTR, incident volume, and trend analysis.
• Contribute to tabletop exercises, red/blue team simulations, and readiness drills.

Required Qualifications

• Bachelor’s degree (or equivalent experience) in Information Security, Computer Science, or related field.
• 6+ years of hands-on experience in incident management, SOC operations, or cybersecurity analysis.
• Practical expertise with SIEM (e.g., Google SecOps / Chronicle, Splunk, Microsoft etc.)
• Practical expertise with EDR (e.g., SentinelOne, CrowdStrike, Microsoft etc.)
• Practical expertise with CSPM / Cloud Security (e.g., GCP Security, Orca, Prisma Cloud, Microsoft etc.)
• Strong knowledge of incident response frameworks (NIST 800-61, MITRE ATT&CK).
• Experience writing detection queries, rules, and dashboards in SIEM/EDR tools.
• Excellent problem-solving, documentation, and communication skills.

Preferred Qualifications

• Experience with container security investigations (Kubernetes, Docker) and workload forensics.
• Exposure to application security incident investigation (web app attacks, API misuse, vulnerabilities).
• Certifications such as CompTIA Security+, CySA+, GCIH, GCFA, GCIA, CISSP, or CISM.
• Cloud security certification (e.g., Google Professional Cloud Security Engineer).
• Knowledge of U.S. compliance frameworks: NIST CSF, HIPAA, PCI DSS, SOX, CCPA/CPRA, FedRAMP.
• Familiarity with scripting/automation (Python, PowerShell, bash) for SOC workflows.

EEO Statement

The company is an Equal Opportunity Employer. As an employer subject to affirmative action regulations, we invite you to voluntarily provide the following demographic information. This information is used solely for compliance with government record keeping, reporting, and other legal requirements. Providing this information is voluntary and refusal to do so will not affect your application status. This data will be kept separate from your application and will not be used in the hiring decision.