Partner 20, Staff Engineer, Incident Response at Andreessen Horowitz

<p><span style="font-family: 'times new roman', times, serif;">Founded in Silicon Valley in 2009 by Marc Andreessen and Ben Horowitz, Andreessen Horowitz (aka a16z) is a venture capital firm that backs bold entrepreneurs <a href="https://a16z.com/news-content">building the future</a> through technology. We are <a href="https://a16z.com/portfolio">stage agnostic</a>. We invest in seed to venture to <a href="https://a16z.com/growth/">growth-stage technology</a> companies, across <a href="https://a16z.com/ai/">AI</a>, <a href="https://a16z.com/bio-health/">bio + healthcare</a>, <a href="https://a16z.com/consumer/">consumer</a>, <a href="https://a16zcrypto.com/">crypto</a>, <a href="https://a16z.com/enterprise/">enterprise</a>, <a href="https://a16z.com/fintech/">fintech</a>, <a href="https://a16z.com/games">games</a>, and companies building toward <a href="https://a16z.com/american-dynamism/">American dynamism</a>. a16z has $100B+ under management across multiple funds.</span></p> <p><span style="font-family: 'times new roman', times, serif;">We’ve established a team that <a href="https://a16z.com/about/">is defined by</a> respect for the entrepreneur and the company-building process; we know what it’s like to be in the founder’s shoes. We’ve invested in <a href="https://a16z.com/portfolio/">companies</a> like Anduril, Airbnb, Coinbase, Cursor, Databricks, Deel, Figma, GitHub, Roblox, SpaceX, and Stripe. Our team is at the forefront of new technology, helping founders and their companies impact and change the world.</span></p> <h2><span style="font-family: 'times new roman', times, serif;">The Role</span></h2> <p><span style="font-family: 'times new roman', times, serif;">We're hiring a Staff Incident Response Engineer to anchor a16z's detection and response work. You'll own incident triage and response across AWS and GCP, write the detections that catch real threats in our SIEM, and run point when something serious happens.</span></p> <p><span style="font-family: 'times new roman', times, serif;">The threats here are not theoretical. We see capital call wire fraud attempts, vishing campaigns, social engineering against IT and partners, and occasionally more sophisticated actors (nation-state groups, organized criminal operations) who specifically target venture capital firms. Your work protects the firm, our LPs, and our portfolio companies. You'll work day to day with the Head of Cybersecurity, Security Engineering, IT, and Legal.</span></p> <p><span style="font-family: 'times new roman', times, serif;">This role requires an in-office presence 2 days a week in our San Francisco, CA office.</span></p> <h2><span style="font-family: 'times new roman', times, serif;">To join our team, you should be excited to:&nbsp;</span></h2> <ul> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Run incidents end to end, from first alert to post-mortem, across cloud and SaaS environments</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Write the detections that catch real threats, with a strong bias toward signal over noise and broad MITRE ATT&amp;CK coverage</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Help shape the next generation of our SOC, including AI agent integration into triage and response workflows</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Partner across the firm during incidents: investing teams, Legal, Compliance, Finance, IT, and firm leadership all get pulled in, and this role keeps every audience aligned under pressure</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Drive post-mortems that lead to operational change, not process for its own sake</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Work against real adversaries, including nation-state groups, organized criminal operations, and threat actors who specifically target venture capital firms</span></li> </ul> <h2><span style="font-family: 'times new roman', times, serif;">Minimum Qualifications</span></h2> <ul> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">5+ years of incident response experience or equivalent demonstrated impact, with cloud IR depth across both AWS and GCP</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Experience leading live incidents end to end — triage, containment, eradication, forensic investigation, and post-mortem — across cloud, SaaS, identity, and endpoint surfaces</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Experience running proactive, hypothesis-driven threat hunts using current TTPs and intel</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Hands-on detection authoring in modern SIEM platforms (Sigma, KQL, or equivalent) and experience working with detection-as-code</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Experience building detection frameworks and contributing to SIEM architecture decisions</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Strong Python scripting. This is a role where you build automation, not one where you only operate someone else's</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Demonstrated capability across modern security tooling categories (cloud telemetry, EDR, SOAR, SIEM). We weight transferable capability over experience with any specific product</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">GCIH or equivalent IR certification preferred</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Comfortable in a fast-moving environment where security is expected to enable the business</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Experience defending against nation-state threat actors or organized criminal groups</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Working knowledge of AI/agent systems and their security implications, particularly in SOC workflows</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Experience translating the technical reality of an incident (blast radius, containment status, disclosure decisions) into language non-technical stakeholders can act on.</span></li> <li style="font-family: 'times new roman', times, serif;"><span style="font-family: 'times new roman', times, serif;">Low ego, high empathy, and the capacity to collaborate effectively with diverse teams</span></li> </ul> <p><span style="font-family: 'times new roman', times, serif;">The anticipated salary range for this role is between $243,000 - $284,000, actual starting pay may vary based on a range of factors which can include experience, skills, and scope.</span></p> <p><span style="font-family: 'times new roman', times, serif;">This role is eligible to participate in the a16z carry program and various discretionary bonus programs as well as benefit and perquisite plans including health, dental, vision, disability, life insurance, 401K plan, vacation, and sick leave.</span></p><div class="content-conclusion"><h2><span style="font-family: 'times new roman', times, serif;"><strong>a16z culture&nbsp;</strong></span></h2> <ul> <li style="font-weight: 400; font-family: 'times new roman', times, serif;"><span style="font-weight: 400; font-family: 'times new roman', times, serif;">We do only first class business and only in a first class way</span></li> <li style="font-weight: 400; font-family: 'times new roman', times, serif;"><span style="font-weight: 400; font-family: 'times new roman', times, serif;">We take a long view of relationships, because we are in the relationship business&nbsp;</span></li> <li style="font-weight: 400; font-family: 'times new roman', times, serif;"><span style="font-weight: 400; font-family: 'times new roman', times, serif;">We believe in the future and bet the firm that way</span></li> <li style="font-weight: 400; font-family: 'times new roman', times, serif;"><span style="font-weight: 400; font-family: 'times new roman', times, serif;">We are all different, we recognize that, and we win</span></li> <li style="font-weight: 400; font-family: 'times new roman', times, serif;"><span style="font-weight: 400; font-family: 'times new roman', times, serif;">We celebrate the good times</span></li> <li style="font-weight: 400; font-family: 'times new roman', times, serif;"><span style="font-weight: 400; font-family: 'times new roman', times, serif;">We do it for the team</span></li> <li style="font-weight: 400; font-family: 'times new roman', times, serif;"><span style="font-weight: 400; font-family: 'times new roman', times, serif;">We play to win</span></li> </ul> <p><span style="font-weight: 400; font-family: 'times new roman', times, serif;">At a16z we are always looking to hire the absolute best talent and recognize that diversity in our experiences and backgrounds is what makes us stronger. We hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. These differences are what enables us to work towards the future we envision for ourselves, our portfolio companies, and the World.</span></p> <p><span style="font-family: 'times new roman', times, serif;">Our organization participates in E-Verify. Click<a href="https://www.e-verify.gov/employees" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://www.e-verify.gov/employees&amp;source=gmail&amp;ust=1674233464432000&amp;usg=AOvVaw1-yT1T3ug2xE734Ge62fLD"> here</a> to learn about E-Verify.</span></p> <p><span style="font-family: 'times new roman', times, serif;">Andreessen Horowitz hereby reserves the right to make use of any unsolicited resumes received from outside recruiting agencies and / or individual recruiters without being responsible for payment of any fees asserted from the use of unsolicited resumes.</span></p></div>