This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
As a Staff Security Engineer within our CSIRT Team, you will be accountable for leading our most critical, complex, and high-impact security incidents end-to-end across a global, high-transaction food delivery and quick-commerce platform handling millions of daily orders. As a business spanning logistics, e-commerce, and FinTech, our environment is highly regulated, in this role you will navigate the complexities of global compliance frameworks while ensuring rapid, effective incident mitigation. You will operate at the intersection of a hands-on technical practitioner and a strategic leader, making high-consequence decisions during times of ambiguity. We are looking for someone with a strong 'builder mindset'. You don't just respond to security incidents; you approach operational bottlenecks as engineering problems. You will build systems, develop custom tooling, and architect automated workflows to relentlessly eliminate manual toil and scale our response capabilities, ultimately setting the standard for engineering excellence and fostering a security mindset across the organization.
Job Responsibility
Incident Commander: Serve as the single accountable leader during active responses for high-severity incidents, directing investigative focus from detection through recovery while maintaining a calm and decisive demeanor under pressure
Post-Incident Reviews & Remediation: Lead blameless post-incident reviews to ensure continuous improvement, durable engineering solutions, and systemic resilience
Stakeholder Communication: Serve as the primary interface to stakeholders during critical security incidents, translating complex technical realities into clear risk, impact, and decision frameworks
Engineering-Led Response & Automation: Design and develop in-house solutions, automated workflows, and scalable systems to eliminate repetitive processes, reduce triage time, and continuously improve the overall quality and efficiency of our security incident response operations
Mentorship & Leadership: Act as a hands-on technical leader and role model, actively mentoring teams and individuals within your domain
Metrics & Strategic Visibility: Have a Data-Driven Strategic mindset to define, track, and improve core operational metrics (MTTD, MTTR) to identify systemic gaps and propose strategic, long-term security investments
Organizational Readiness & Tabletop Exercises: Proactively design and facilitate complex, realistic tabletop simulations and purple team engagements
On-Call: Participate in a predictable on-call rotation as an Incident Responder
Requirements
7+ years of broad cybersecurity experience with a deep understanding of core security fundamentals, coupled with 5+ years of dedicated experience in a SOC or CSIRT environment
Proven track record acting as a Security Incident Commander
Mastery of the full incident lifecycle and hands-on playbook creation for complex, high-availability hybrid-cloud environments, distributed microservices, and platforms processing vast amounts of PII and payment data
Operational expertise with SIEM, EDR, Cloud Security platforms, SOAR, and WAF/DDoS protection solutions
Advanced proficiency in writing production-quality code (e.g., Python, Go, Rust) to build scalable in-house solutions
Hands-on experience securing and responding to incidents across public cloud platforms (AWS, GCP) and cloud-native technologies like Kubernetes, Docker, and Infrastructure-as-Code (e.g., Terraform)
Familiarity with Git/GitHub usage, CI/CD systems, and modern SecOps workflows
An exceptional communicator with the ability to influence cross-functional stakeholders
Nice to have
Digital forensics skills and hands-on experience integrating Threat Intelligence to anticipate attacks and proactively hunt for threats
Proven skills in static and dynamic (runtime) malware analysis, reverse engineering, and analyzing malicious payloads within isolated sandbox environments
Strong background in Web and Mobile application security, understanding complex API architectures, modern authentication frameworks, and defending against high-volume automated attacks (e.g., credential stuffing, scraping)
Experience integrating AI/LLM capabilities and MCP (Model Context Protocol) usage into Incident Response for automated evidence summarization, data enrichment, or investigation
Deep operational understanding of global cybersecurity and privacy frameworks (e.g., PCI-DSS, GDPR, NIS2, DORA, MAS TRM)
Active or in-progress industry-recognized technical certifications focused on incident handling, forensics, or offensive security (e.g., GIAC GCIH/GCFA/GCIA, CISSP, OSCP)