Sr. Security Operations Engineer, Incident Response

About Affirm

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

At Affirm, Security is integral to our mission of building honest financial products and driving the company's long-term success. The Security Operations and Resilience Engineering (SOR) program serves as the foundation of our preventive and responsive efforts to safeguard Affirm's assets and infrastructure. As part of our Security Team, you'll join a group of passionate, highly skilled professionals redefining fintech security through collaboration, innovation, and a team-first mindset.

Role Overview

We're seeking a Senior Security Operations Engineer to join the Incident Response function within the broader Security Operations & Resilience org. In this role, you'll be a hands-on practitioner and technical contributor who drives incident response efforts from triage through resolution - with the depth, ownership, and composure to lead when it matters most.

This is a highly technical, execution-focused role where you’ll lead hands-on investigations and drive incident response from detection through remediation. You’ll collaborate across engineering, product, and infrastructure teams, and partner with Observability & Automation to improve detections, build automated playbooks, and strengthen our security posture. You will have the opportunity to help solve complex security challenges and build capabilities that protect millions of customers, merchants, and partners.

Note: This role is based in Canada and requires alignment with Pacific Time Zone working hours to support the current team’s operations coverage. Candidates must be able to reliably work Pacific Time hours.

What you’ll do

You will lead and execute incident response efforts to protect Affirm’s systems, customers, and data.

• Lead security incidents end-to-end, from detection and triage through containment, remediation, and post-incident review.
• Act as incident commander, driving clear decisions and alignment across teams during high-pressure situations.
• Conduct hands-on investigations across cloud and endpoint environments to determine root cause and impact.
• Partner with Observability & Automation to improve detections, reduce noise, and build automated response playbooks.
• Contribute to and refine incident response playbooks, runbooks, and documentation to improve readiness and consistency.
• Collaborate with Security, Infrastructure, and Product teams to identify gaps and strengthen the incident response lifecycle.
• Communicate effectively during incidents, providing clear updates to both technical and non-technical stakeholders.

What we look for

We’re looking for a hands-on security engineer who can lead through ambiguity and drive effective incident response outcomes.

• 5+ years of experience in Security Operations or Detection & Response, with strong hands-on incident response in cloud environments (AWS and EKS experience strongly preferred).
• Proven ability to lead security incidents, including containment and remediation, in fast-moving environments.
• Strong investigative and analytical skills, with the ability to synthesize signals from multiple data sources.
• Experience with security tooling such as SIEM and EDR platforms (e.g., Splunk, Elastic, SentinelOne, CrowdStrike, or similar).
• Solid understanding of cloud security concepts and their application in real-world scenarios.
• Strong communication skills, with the ability to clearly convey information across technical and non-technical audiences.