Founded in Silicon Valley in 2009 by Marc Andreessen and Ben Horowitz, Andreessen Horowitz (aka a16z) is a venture capital firm that backs bold entrepreneurs building the future through technology. We are stage agnostic. We invest in seed to venture to growth-stage technology companies, across AI, bio + healthcare, consumer, crypto, enterprise, fintech, games, and companies building toward American dynamism. a16z has $45B in assets under management across multiple funds.

We’ve established a team that is defined by respect for the entrepreneur and the company-building process; we know what it’s like to be in the founder’s shoes. We’ve invested in companies like Affirm, Airbnb, Coinbase, Databricks, Devoted Health, Insitro, Figma, GitHub, Instacart, OpenSea, Roblox, Stripe, and Substack. Our team is at the forefront of new technology, helping founders and their companies impact and change the world.

The Role

As the Cybersecurity Operations Analyst at a16z, you will stabilize and strengthen the core of the firm’s cybersecurity operations. This hands-on role is responsible for leading day-to-day incident response and detection engineering efforts, while also identifying and remediating operational gaps in coverage, continuity, and tooling.

You will provide frontline support across detection, triage, and containment, and help build resilience into CyberOps function through documentation, automation, and process standardization. You will also help shape the next generation of CyberOps by leveraging AI technologies, including generative AI, advanced predictive analytics, and large language models, to augment detection, accelerate triage, and surface hidden threats. This is a critical role focused on reducing operational risk, expanding visibility, and ensuring the security team can respond quickly and consistently at scale.

This role requires an in-office presence 2 days a week in our New York City, NY office.

To join our team, you should be excited to:

• Lead cyber incident response operations from alert triage through containment, including post-incident analysis and coordination with stakeholders
• Stabilize and scale core CyberOps workflows by improving documentation, response playbooks, and team-level knowledge sharing
• Tune and optimize detection rules and telemetry pipelines, ensuring high-quality signal and reducing noise across alerts
• Automate repetitive response and triage workflows to improve response time, analyst efficiency, and operational consistency
• Leverage AI technologies, including generative AI and large language models, to enhance detection, accelerate investigation workflows, and identify patterns and threats
• Build operational redundancy and reduce risk, ensuring that no single individual is a point of failure for incident response or CyberOps coverage
• Participate in threat hunting and log analysis to identify anomalies, gaps, and opportunities to improve coverage
• Continuously improve visibility and response capabilities, working closely with the broader security, IT, verticals, and platform teams
• Contribute to post-incident reviews and lessons learned, helping improve detection logic, containment playbooks, and response strategy over time

Minimum Qualifications

• 5+ years of hands-on experience in a security operations, incident response, or threat detection role
• Strong technical understanding of detection engineering, response workflows, and the end-to-end incident lifecycle
• Experience with SIEM platforms (e.g., Splunk, Chronicle, Crowdstrike, Sumo Logic) and ability to create and optimize correlation rules and detection content
• Familiarity with SOAR platforms (e.g., Cortex XSOAR, Tines, Swimlane) and experience automating common alert triage and response actions
• Deep understanding of event logging and telemetry collection from endpoints, cloud platforms, and identity systems
• Experience conducting threat hunting across multiple data sources using tools like KQL, SPL, or custom scripting
• Strong written and verbal communication skills, especially in documenting playbooks and summarizing incident findings for technical and non-technical stakeholders
• Ability to operate independently and collaboratively in a fast-paced, high-trust environment
• Familiarity with security frameworks such as NIST 800-53, MITRE ATT&CK, or CIS Benchmarks to guide detection coverage and response alignment
• Strong documentation skills, with the ability to create and maintain technical content, user communications, training guides, and instructional materials that support operational clarity and knowledge sharing
• Curiosity, accountability, and a commitment to continuous improvement in security operations
• Low ego, high empathy, and the capacity to collaborate effectively with diverse teams

The anticipated salary range for this role is between $203,000 - $236,000, actual starting pay may vary based on a range of factors which can include experience, skills, and scope.

This role is eligible to participate in the a16z carry program and various discretionary bonus programs as well as benefit and perquisite plans including health, dental, vision, disability, life insurance, 401K plan, vacation, and sick leave.