About RADICL

As the leading provider of Cybersecurity-as-a-Service (CSaaS), RADICL is revolutionizing advanced cyberthreat protection for small and medium-sized businesses (SMBs) in the U.S. Defense Industrial Base (DIB) and other regulated industries. No longer should SMBs be satisfied with lack luster solutions delivering lack luster protection. RADICL is ushering in a new era of turn-key and affordable cyberthreat protection via its AI-powered virtual SOC platform that allows human and digital agents to quickly and seamlessly become SMBs’ day-to-day compliance and security operations team. 

RADICL’s turn-key CSaaS offering uniquely combines compliance management with AI and expert-driven 24/7 security operations. We guide customers to regulatory and best practice adherence with standards like CMMC and NIST CSF while also delivering 24/7 threat monitoring, deep-spectrum™ threat hunting, incident response, vulnerability management, and security awareness training. 

With RADICL, customers can stay mission focused, confident their front, rear, and flank are protected, affordably and without compromise. 

If you’re excited about working with industry experts to help SMBs focus on growing their businesses without the constant worry of security and compliance risks, we invite you to join us in our mission to protect American businesses and drive innovation in cybersecurity.

About the role

We are looking for a Senior Incident Response Engineer to join our team. In this role, you will serve as a frontline expert and strategic driver of our IR capabilities —leading response to active threats across our customer base, building repeatable playbooks, and pushing the boundaries of how AI and automation can accelerate incident response at scale. 

This is not a purely reactive role. You will help shape how we detect, contain, and remediate threats, while also educating and empowering our customers through tabletop exercises and IR readiness programs. For the right candidate, there is also a meaningful opportunity to help build and lead a retained incident response practice — expanding our offerings beyond MDR into a standalone, billable IR consulting capability.

If the above excites you, RADICL Defense is seeking high performing, motivated individuals to join our mission. As an early member, you will work closely alongside an experienced founding team and realize the life-changing experience of building a company. You will work with the latest technologies in software, cybersecurity, and cloud and will have a significant impact on the formation of our platform and offering.

About You
You enjoy fast-paced environments, bring a positive attitude, and excel at getting things done.  You enjoy being part of a high performing team and are also able to self-direct and self-start.  You consider yourself to be top tier talent and are eager to help others raise their game.  You enjoy working with customers, are an excellent communicator, and able to engage and interact with people of various backgrounds and skill levels.  You want your work to have meaning, to be important.  You want to be part of creating something great.

As a RADICL Senior Incident Response Engineer, you will:

• AI-Augmented IR Operations 

· Actively leverage AI and large language model (LLM) tooling to accelerate threat analysis, triage, report generation, IOC enrichment, and playbook execution 

· Identify opportunities to embed AI-driven automation into IR workflows, reducing mean time to respond (MTTR) and analyst alert fatigue 

· Collaborate with our internal AI/engineering teams to scope, test, and refine AI-assisted IR capabilities within our proprietary platform 

· Stay current on emerging AI security tools and techniques — both as a practitioner and as a defender aware of AI-specific threats 

• Threat Intelligence Integration & Collaboration 

· Serve as a primary liaison between the IR function and the Threat Intelligence, Threat Hunting, and Detection Engineering teams, creating a closed-loop feedback cycle between active incidents and proactive defense 

· Extract and operationalize threat intelligence artifacts from incident investigations — including TTPs, IOCs, actor behaviors, and infrastructure patterns — and pass them to threat intelligence and detection engineering teams for enrichment, hunting campaign development, and new detection authoring 

· Consume finished and raw threat intelligence from the intelligence team to inform and accelerate active investigations, including actor attribution, campaign context, and likely next-stage behaviors 

· Collaborate with Detection Engineering to identify coverage gaps exposed during IR engagements and advocate for net-new or tuned detections within the SIEM and EDR platforms 

• Incident Response & Investigation 

· Lead end-to-end incident response engagements across the customer portfolio 

· Perform deep-dive forensic analysis across endpoint, network, identity, and cloud telemetry to reconstruct attacker timelines and identify root cause 

· Leverage CrowdStrike Falcon and Microsoft Defender for Endpoint as primary EDR platforms for threat hunting, live response, and forensic acquisition 

· Operate within and contribute to our proprietary SIEM, Case Management, and SOC platform — providing feedback to product teams to continuously improve detection and workflow efficiency 

· Author high-quality, customer-facing incident reports that clearly communicate technical findings, business impact, and actionable remediation guidance 

• Customer Enablement & Tabletop Exercises 

· Design, develop, and facilitate IR tabletop exercises for customers across a range of industries and maturity levels — from executive-level scenario discussions to technically rigorous red/blue team simulations 

· Tailor exercise scenarios to customer-specific threat profiles, industry verticals, regulatory requirements, and technology environments 

· Deliver actionable after-action reports with prioritized improvement recommendations 

· Serve as a trusted advisor to customers on IR program maturity, helping them build internal capabilities that complement MDR coverage 

· Contribute to threat hunt hypothesis development by surfacing adversary behaviors and novel TTPs observed firsthand during incident response 

· Participate in regular cross-functional syncs with intelligence, hunting, and detection teams to ensure IR findings are systematically flowing into platform improvements and proactive operations 

• Playbooks, Process & Knowledge Management 

· Develop and maintain IR playbooks, runbooks, and SOPs for common and emerging attack patterns (ransomware, BEC, identity compromise, cloud intrusions, etc.) 

· Contribute to internal threat intelligence sharing and post-incident lessons learned to improve detection coverage across the platform 

· Mentor junior analysts and SOC engineers, elevating team capability through knowledge transfer and structured coaching 

Retained IR Practice (Nice to Have) 

· Partner with sales and leadership to help design and build a retained IR practice, including service tiers, SLAs, pricing frameworks, and go-to-market positioning 

· Contribute to the development of IR retainer agreements, scope-of-work templates, and engagement methodologies 

· Support pre-sales efforts including customer IR readiness assessments and solution scoping conversations

Your skillset/experience should include:

• Required 

· 5+ years of hands-on incident response or digital forensics experience, ideally in an MSSP, MDR, or consulting environment 

· Deep proficiency with CrowdStrike Falcon (Insight, Real Time Response, Fusion SOAR) and/or Microsoft Defender for Endpoint / Microsoft Sentinel 

· Strong understanding of attacker TTPs mapped to the MITRE ATT&CK framework and practical experience applying it during active investigations 

· Demonstrated experience with AI/LLM tools in a security context — whether for triage, analysis, summarization, or workflow automation (e.g., GPT-based tooling, LangChain, custom prompting pipelines, or similar) 

· Experience building or running IR tabletop exercises, including scenario development and executive facilitation 

· Proficiency in forensic analysis across Windows, Linux, and macOS environments 

· Familiarity with cloud incident response (AWS, Azure, GCP) and identity-based attacks (Entra ID / Active Directory, Okta) 

· Excellent written and verbal communication skills — able to explain complex technical findings to both technical teams and executive stakeholders 

• Preferred 

· Experience contributing to or building an IR retainer/consulting practice 

· Familiarity with scripting or automation (Python, PowerShell, KQL, or similar) for accelerating IR tasks 

· Exposure to SIEM query languages and log analysis at scale 

· Relevant certifications: GCFE, GCFA, GCIH, DFIR, CISM, CISSP, or equivalent 

· Experience with threat hunting programs and proactive adversary emulation

About the Workplace

At RADICL, we prioritize our culture and believe the strongest teams are built through daily, side-by-side collaboration and experiential sharing. We also value individual freedom and flexibility. For this reason, we have a hybrid work model. As a team, we are in office M/W/Th with work-from-home on Tuesdays and Fridays. For remote positions, periodic travel to Boulder will be expected to participate in company events and meaningful side-by-side collaboration opportunities.

RADICL offices are in downtown Boulder, Colorado with easy-to-access employee parking provided by the company. We offer comprehensive, competitive benefits including health, dental, and vision as well as 401K and a responsible PTO plan.

We encourage motivated, talented, mission-oriented, and fun people to apply. Let’s do this!