Incident Response Engineer

PostHog Inc.

Job Overview

Location

Indiana, USA

Job Type

Full-time

Full Job Description

📋 Description

• PostHog is on a mission to build the operating system for companies that build software, providing every product a business needs from inception to IPO and beyond. We've evolved from an open-source product analytics tool to a comprehensive suite including a data warehouse, customer data platform, and AI-powered analytics. With a product-led growth strategy, strong market fit, and significant funding, we are poised for ambitious expansion. We are seeking our inaugural Incident Response Engineer to establish and lead our security operations, focusing on detection, response, and cloud security within our rapidly growing, high-growth environment.
• This is a unique opportunity to build a security function from the ground up in a company that values transparency, autonomy, and rapid iteration. You will not be maintaining legacy systems; instead, you will define the security team's culture, tooling, and processes for a dynamic, open-source organization. Your work will have a direct and tangible impact, safeguarding the data of over 100,000 customer companies and contributing to the overall security posture of the PostHog ecosystem.
• As the first dedicated Incident Response Engineer, you will be instrumental in shaping our approach to security. You will own the triage and tuning of security alerts from tools like Wiz, transforming raw data into actionable insights and ensuring that our security team focuses on genuine threats rather than alert fatigue. This involves developing sophisticated detection pipelines that engineers can trust and rely upon, moving beyond basic monitoring to proactive threat identification.
• A core responsibility will be leading incident detection and response efforts. You will be the primary point of contact for security incidents, from initial detection through containment, eradication, and post-mortem analysis. This includes developing comprehensive incident response runbooks and playbooks, ensuring a structured and effective approach to handling security breaches, whether they stem from compromised software dependencies or sophisticated cloud infrastructure attacks.
• You will play a pivotal role in building out our cloud security observability. This involves creating robust detection pipelines that provide deep visibility into our AWS environment, enabling us to trace suspicious activities back to their source, potentially down to specific code paths. This proactive approach to observability is crucial for understanding and mitigating complex threats.
• Threat hunting will be a key component of your role. You will proactively search for threats within our AWS infrastructure, defining what constitutes a secure environment and developing the necessary telemetry and tools to validate our security posture. This goes beyond reactive alert handling to actively seeking out potential vulnerabilities and malicious activities before they can cause harm.
• You will also support and evolve our Vulnerability Disclosure Program (VDP). This includes triaging incoming reports from security researchers and working towards establishing a formal bug bounty program, fostering a community-driven approach to vulnerability discovery and remediation.
• Beyond direct incident response, you will act as a security enabler for our product squads. This involves conducting threat modeling exercises and secure design reviews, ensuring that security is integrated into the development lifecycle from the outset. Our philosophy is not to block innovation but to provide clear, actionable guidance on how to build securely, embodying the principle of 'Security says: here is how to do this safely.'
• You will contribute significantly to building and nurturing our security culture. By collaborating closely with engineering teams and demonstrating the value of security as an enabler, you will help maintain and strengthen the trust and positive working relationship that PostHog currently enjoys. While the primary focus is on cloud security and incident response, there will be opportunities to engage with other security domains such as supply chain security and CI/CD hardening, in true PostHog fashion.
• This role is ideal for an experienced security engineer who thrives in autonomous, fast-paced environments and is excited by the prospect of building a critical function from the ground up. You will have the autonomy to make decisions, implement solutions, and directly influence the security trajectory of a rapidly scaling company. Your contributions will be highly visible and directly contribute to the trust and reliability of the PostHog platform for thousands of businesses worldwide.

🎯 Requirements

• 3-5+ years of experience in security engineering with a strong emphasis on cloud-native environments, particularly AWS, including deep familiarity with IAM, VPC logs, and CloudTrail.
• Proven experience with CSPM/CNAPP tools (e.g., Wiz, Prisma) and a demonstrated ability to build effective, trusted detection pipelines.
• Demonstrated experience leading incident response efforts, including coordinating cross-team responses under pressure and conducting post-incident analysis.
• High degree of autonomy and self-direction, with the ability to define priorities and execute independently in a startup environment.
• Strong engineering skills, including the ability to write code proficiently and analyze code for vulnerabilities or exploits.
• Excellent communication and interpersonal skills, with a collaborative mindset focused on enabling engineering teams rather than imposing restrictions.

🏖️ Benefits

• Fully remote role within the EMEA region.
• Opportunity to build and shape a critical security function from scratch.
• High degree of autonomy and influence in a fast-paced, product-led company.
• Transparent company culture with open access to roadmaps, strategy, and financial information.
• Competitive salary and equity package.
• Opportunity to work with cutting-edge technologies and solve complex security challenges.

Skills & Technologies

AWS

GitHub

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

PostHog Inc.

Visit Website

About PostHog Inc.

PostHog provides an open-source product analytics platform that lets teams track user behavior, run A/B tests, and gather feedback without sending data to third parties. The self-hosted or cloud service captures events, pageviews, feature flags, and session recordings, then surfaces insights through dashboards, funnels, retention, and cohort analysis. Engineers can instrument code once and non-technical teammates can query results using SQL or visual builders. The company maintains the core project under an MIT license and offers paid tiers for enterprise support, higher volumes, and advanced features such as correlation analysis, data pipelines, and team collaboration tools.

View Company Profile