Principal Incident Responder

Principal Incident Responder

Fluidstack operates the compute infrastructure powering frontier AI. The work running on it is among the most consequential being done today, and the adversaries interested in it are among the most sophisticated, persistent, and well-resourced anywhere. We are building Detection & Response Engineering from the ground up: engineering-led, agent-first, and built to scale across IT, OT, and physical surfaces. As the Principal Incident Responder, you are the most senior incident commander in the program. You define what material-incident response looks like at Fluidstack, set the runbook standard the rest of the IR function operates inside, and lead the room when those systems come under attack.

Responsibilities include:

• Running material incidents as incident commander, coordinating across detection, response, physical security, data center operations, legal, communications, and customers.
• Building the IR program: runbook standards, severity definitions, materiality methodology, evidence contracts, and post-incident review cadence.
• Defining the agent-human contract for response: escalation criteria, evidence packages required from agents, and human verdict feedback into agent quality.
• Designing and operating the senior-IR on-call rotation (ack SLAs, escalation chain, fan-out logic) and remaining an active senior IC inside it.
• Analyzing incident trends and patterns to surface systemic risks and recurring root causes, and turning the learnings into runbook, detection, or program improvements.
• Driving cross-functional follow-through after every significant incident, tracking remediation and systemic fixes to completion across detection, response, infrastructure, and other teams.
• Defining and tracking the IR program's KPIs and reporting on them to security and engineering leadership.
• Setting the tabletop and exercise cadence for IR readiness, executive crisis-comms, and audit-readiness drills.
• Carrying the external face of IR for regulatory and customer disclosure obligations, and audit responses.

Qualifications include:

• Running material incidents at companies with sophisticated threat models, as the most senior commander on the call.
• Making disclosure-grade calls under regulatory and customer reporting clocks.
• Writing runbooks that other engineers followed under pressure, and rewriting them after they did not work.
• Building operational processes from the ground up in environments where structure did not previously exist.
• Reading the agent-first thesis as one of the most interesting design choices in incident response today.
• Having well-founded opinions on what makes a runbook actually used or an incident response process actually effective.
• Moving fluently between technical containment and executive, legal, or customer-facing conversations during a declared incident.
• Seeing what is needed, scoping it yourself, and running with it.

Strong candidates may also have:

• Experience running incidents that bridge cyber, physical, and OT or ICS surfaces.
• Experience at critical-infrastructure operators, data centers, or industrial environments.
• Experience designing or operating agent-augmented incident response, including triage, investigation, or response automation.
• Experience tuning LLM-based IR systems against measured precision and recall.

Salary & Benefits:

• Competitive total compensation package (salary + equity)
• Retirement or pension plan, in line with local norms
• Health, dental, and vision insurance
• Generous PTO policy, in line with local norms

The base salary range for this position is $270,000 - $370,000 per year, depending on experience, skills, qualifications, and location. This range represents our good faith estimate of the compensation for this role at the time of posting. Total compensation may also include equity in the form of stock options.

We are committed to pay equity and transparency.

Fluidstack is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Fluidstack will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

You will receive a confirmation email once your application has successfully been accepted. If there is an error with your submission and you did not receive a confirmation email, please email View email address on click.appcast.io with your resume/CV, the role you've applied for, and the date you submitted your application-- someone from our recruiting team will be in touch.