Entry Level Incident Response Engineer Jobs
New grad incident response engineer jobs welcome recent graduates and entry level candidates with zero to two years of experience, where a strong portfolio of lab projects or internship work can matter more than a long resume. Most openings mix on-site and remote settings across Technology & Software, Retail, and E-Commerce & Online Marketplaces, with employers like Amazon, ClickHouse, and Flexential hiring at this level now.
Find JobsOverview
Showing 5 of 7+ Entry Level Incident Response Engineer jobs


At American Express, our mission is to deliver the world’s best customer experience every day. At the heart of this mission is our Information Security organization, enabling exceptional experiences built on a foundation of trust, service, and security. We leverage advanced technologies and data-driven insights to stay ahead of an evolving threat landscape. We foster a culture of passion, curiosity, and courage—empowering you to innovate, grow, and help shape the future of a Fortune 100 company.
Trust. Service. Security.
American Express seeks to recruit a passionate and experienced Leader for its Incident Response team. This is a senior-level, hands-on, highly technical role performing incident response activities ranging from pre-incident preparation, active incident response, and post-incident analysis and recovery. You will be a key technical resource conducting investigations, performing advanced analysis, identifying attacker TTPs, building attack narratives, and executing response actions.
As part of our evolution toward a Next Generation Agentic SOC, this role will also help drive the adoption of AI-enabled security operations, intelligent automation, and autonomous analyst workflows. The ideal candidate combines deep incident response expertise with curiosity and practical experience in AI-assisted detection, security automation, and modern SOC engineering practices.
You are a motivated leader who will directly manage, mentor, and develop a team of SOC analysts while driving the people, processes, and technology that empower the team to investigate sophisticated threats at scale. This role requires critical thinking, innovative problem solving, technical leadership, people leadership, and effective communication across both technical and executive audiences.
- 3+ years of experience in information security, security operations, incident response, threat hunting, or cyber defense.
- Experience with host, network, and/or memory forensics.
- Experience with various network and/or host-based security tools used to detect and respond to security events (e.g., SIEM, EDR, NDR, SOAR, web proxy, IDS/IPS, cloud-native security platforms, etc.).
- Theoretical and practical security knowledge and investigation experience with Mac, Linux, Windows, and cloud environments.
- Strong understanding of incident response lifecycles, attacker methodologies, and cyber kill chain concepts.
- Experience performing analysis of complex security incidents in enterprise environments.
- Familiarity with scripting or programming languages such as Python, PowerShell, Go, or similar.
- Ability to convey complex technical concepts to audiences with varying levels of technical expertise.
- Strong analytical, investigative, documentation, and communication skills.
- Demonstrated curiosity and adaptability toward emerging AI-enabled security technologies and workflows.
- Demonstrated ability to lead, motivate, and develop technical teams in high-tempo, operationally demanding environments.
- Strong interpersonal and conflict-resolution skills, with the ability to foster a collaborative, inclusive, and psychologically safe team environment.
Preferred:
- 1+ years of experience in a people leadership, team lead, or supervisory role, including direct responsibility for coaching, mentoring, or managing technical staff.
- Experience working within a modern SOC leveraging AI-assisted analysis, security automation, and/or SOAR technologies.
- Familiarity with AI/ML concepts and practical applications within cybersecurity operations.
- Experience with prompt engineering, LLM-assisted workflows, or AI copilots for security investigations and operational efficiency.
- Understanding of AI agent architecture, orchestration frameworks, retrieval-augmented generation (RAG), vector databases, or autonomous workflow concepts.
- Experience integrating APIs, automation pipelines, or AI-enabled tooling into SOC workflows.
- Knowledge of adversarial AI threats, prompt injection risks, model misuse, or AI security governance principles.
- Experience building or operationalizing automated detection, enrichment, triage, or response capabilities.
- Knowledge and investigation experience in a global, multi-cloud environment.
- Experience with detection engineering, threat hunting, or behavioral analytics.
- Familiarity with cloud-native security technologies and telemetry sources.
- Multiple applicable certifications (GSE, GDAT, GCIA, GCIH, GCFA, GNFA, GCFE, GREM, CCSP, CISSP, CEH, etc.).
- AI-related certifications or hands-on experience with enterprise AI platforms, orchestration frameworks, or automation tooling.
- Experience managing performance cycles, conducting calibrations, and building talent development plans within a security operations or SOC environment. Experience managing geographically distributed or shift-based teams supporting 24×7 operations.
Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions.
See All 7 Entry Level Incident Response Engineer Jobs
Find roles that match your experience and apply in just a few clicks.
Find JobsEntry Level Incident Response Engineer Job Market
Who's Hiring
- Amazon3
- ClickHouse1

- Flexential1
- American Express1
- Kaiser Permanente1
Top Industries Hiring
- Technology & Software5
- Retail3
- E-Commerce & Online Marketplaces3
- Hospitality & Tourism1
- Non-Profit & Social Services1
Entry Level Incident Response Engineer Jobs: Frequently Asked Questions
How do I get an entry level incident response engineer job?
Employers hiring at the entry level look for hands-on familiarity with security monitoring tools, log analysis, and common attack frameworks like MITRE ATT&CK. A home lab, a capture-the-flag portfolio, or an internship in a security operations center can substitute for formal experience. Certifications such as CompTIA Security+ or CySA+ signal foundational readiness and help your application stand out against other new candidates.
Which companies hire entry level incident response engineers?
Companies hiring entry level incident response engineers right now include Amazon, ClickHouse, and Flexential, based on current listings on Migrate Mate as of July 2026. Hiring at this level comes from a broad mix of employers, including managed security service providers, financial institutions, healthcare organizations, and technology firms building out their security operations teams.
Are there remote entry level incident response engineer jobs?
Yes, though on-site roles remain common at this stage since many employers prefer to train junior analysts in person. About 33% of entry level incident response engineer openings are remote or hybrid as of July 2026, so candidates without a local presence still have real options worth applying to across the country.
Are these new grad incident response engineer jobs?
Yes, this page includes new grad, recent graduate, and junior incident response engineer roles alongside other entry level postings. A new grad friendly posting typically welcomes zero to two years of experience, accepts internships or academic project work in place of full-time history, and does not require a professional certification as a hard prerequisite, making them realistic first roles for candidates just entering the field.
Which industries hire the most entry level incident response engineers?
Entry Level incident response engineer roles concentrate in Technology & Software, Retail, and E-Commerce & Online Marketplaces, based on current listings on Migrate Mate as of July 2026. Those sectors drive entry level hiring because they face high volumes of security events, operate under strict compliance requirements, and need junior analysts to staff around-the-clock security operations centers and triage queues.