Security Researcher – SOC & Incident Response

Skeletons, lasers, monster trucks — the Torq brand grabs attention like nothing else in cybersecurity. And we’re growing like crazy, with $70M in Series C funding, 200% employee growth, and 300% revenue growth in 2024. Fueling Torq’s growth are our game changing agentic AI security solutions, backed by a team and culture that makes Torq one of Forbes’ Best Startup Employers in America, and a Business Insider ‘startup to bet your career on’.

Life at Torq is all gas, no brakes. We’re a team of relentless, collaborative go-getters pushing the boundaries of what’s possible for security automation. Every role is an essential driver of Torq’s success as the AI-native autonomous SecOps platform of choice for security teams across the Fortune 500. Excited about our vision and ready to make an impact as we grow? We’d love to see what you can bring to the team.

We’re hiring our first Security Researcher to join our newly formed Security Research function- a critical role for someone passionate about advancing real-world SOC operations with deep cybersecurity expertise.
We are building a world-class Security Research team that will power our advanced product with deep, actionable cybersecurity expertise. This team will serve as the Subject Matter Experts (SMEs) behind our triage and Incident Response platform, defining logic, contributing threat intelligence, building use-case coverage, and continuously optimizing detection and investigation workflows.
You’ll collaborate closely with Product, Engineering, and Customer Success to ensure our Auto-Triage engine reflects the latest adversarial techniques and real-world SOC operations.

Responsibilities

• Serve as a domain expert in SOC workflows, alert triage, and incident response.
• Design and maintain triage logic, playbook blueprints, AI Agents and more for responding to security events.
• Develop and maintain alert enrichment, correlation, and classification rules across multiple data sources (EDR, SIEM, Identity, etc.).
• Collaborate with product teams to define use cases, threat coverage, and analyst workflows.
• Analyze real-world alerts, telemetry, and incident data to enhance product accuracy, reduce false positives and improve incident handling.
• Evaluate and curate threat intelligence feeds and sources to support automated decision-making.
• Conduct post-incident reviews to extract lessons and update triage logic accordingly.
• Stay current with emerging threats, attacker TTPs, MITRE ATT&CK, and other frameworks.
• Assist with quality assurance, testing, and validation of triage logic before deployment.
  
  

Requirements

• 5+ years of experience in SOC operations, incident response, or threat detection.
• Hands-on experience triaging alerts, conducting investigations, and working with tools like SIEM, EDR, SOAR, and XDR.
• Strong understanding of logs, telemetry, and data formats (Syslog, JSON, Zeek, Windows Event Logs, etc.).
• Experience defining detection or triage logic in Python, YAML, or other rule-based formats is a plus.
• Familiarity with cloud security signals (AWS, Azure, GCP) and SaaS application logs is a bonus.
  
  

Preferred Skills

• Prior experience building security content for SOAR/SIEM platforms.
• Exposure to AI/ML use in security triage (optional but valued).
• Passion for building scalable, repeatable, and impactful security solutions.