CrawlJobs Logo
Bloomreach Logo Bloomreach · IT - Administration

Staff Security Engineer

Czechia, Bratislava · Job Posted January 20, 2026
Apply Position
Job Link Share

Job Description

Bloomreach is building the world’s premier agentic platform for personalization. We’re revolutionizing how businesses connect with their customers, building and deploying AI agents to personalize the entire customer journey. We're taking autonomous search mainstream, making product discovery more intuitive and conversational for customers, and more profitable for businesses. We’re making conversational shopping a reality, connecting every shopper with tailored guidance and product expertise — available on demand, at every touchpoint in their journey. We're designing the future of autonomous marketing, taking the work out of workflows, and reclaiming the creative, strategic, and customer-first work marketers were always meant to do. And we're building all of that on the intelligence of a single AI engine — Loomi AI — so that personalization isn't only autonomous…it's also consistent. From retail to financial services, hospitality to gaming, businesses use Bloomreach to drive higher growth and lasting loyalty. We power personalization for more than 1,400 global brands, including American Eagle, Sonepar, and Pandora.

Job Responsibility

  • owns current and target-state data architectures and reporting
  • designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls
  • deploying, securing, configuring, and operating SIEM and other security resources
  • identifying, triaging, and remediating infrastructure and web vulnerabilities
  • leading incident triage and external-researcher engagement
  • mentoring junior staff

Requirements

  • 6+ years of relevant experience
  • proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
  • practical IaC and scripting for automation
  • strong cross-functional and external communication
  • experience mentoring junior staff
  • Hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC
  • SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM
  • author and test detection rules and playbooks
  • integrate data sources
  • and operate with SLA-driven alerting and incident workflows
  • Vulnerability and incident lifecycle ownership: identify, triage, and remediate infrastructure and web vulnerabilities
  • Drive CVE lifecycle management and patching: perform root cause analysis and measure MTTR and remediation rates
  • Network, web, and endpoint protections: design and manage firewalls, WAFs, cloud network controls, URL/web filtering, with demonstrable operational experience
  • Secure automation and tooling: author automation for detection, alert enrichment, and remediation
  • build or extend security tooling using scripting or languages such as Python, Go, or Bash
  • Infrastructure as code and secure CI pipelines: implement guardrails and policy-as-code in CI/CD pipelines, perform static IaC scanning, and enforce security baselines before deployment
  • Detection, telemetry, and observability: define logging and telemetry requirements, ensure coverage for critical assets, and validate detection efficacy and alert fidelity
  • Security standards, playbooks, and enforcement: develop, document, and operationalize organization-wide security standards, runbooks, and playbooks
  • partner with engineering pillars to ensure adoption
  • Threat-informed defensive engineering: apply threat modeling and adversary-focused testing to guide controls, detection, and resilient designs
  • Cross-functional and external communication: communicate clearly with engineering teams, leadership, external researchers, and customers
  • lead vulnerability disclosure and researcher engagement
  • Mentorship and prioritization: mentor junior engineers, prioritize security projects based on risk and business impact, and drive continuous improvement of infrastructure security posture
  • Familiarity with frameworks and common weaknesses: working knowledge of CIS/NIST, common security libraries and controls, and typical flaws exploited in infrastructure and web applications

Nice to have

  • AWS Certified Security
  • Google Professional Cloud Security Engineer
  • Splunk Certified Admin or Splunk Certified Enterprise Security Admin
  • CISSP (Certified Information Systems Security Professional)
  • Certified Cloud Security Professional (CCSP)
  • Cloud Security Alliance CCSK

What we offer

  • A great deal of freedom and trust
  • flexible working hours
  • work virtual-first with several Bloomreach Hubs available across three continents
  • company events
  • 5 paid days off to volunteer
  • People Development Program
  • communication coach
  • Leader Development Program
  • $1,500 professional education budget
  • Employee Assistance Program
  • Subscription to Calm
  • ‘DisConnect’ days
  • sports, yoga, and meditation opportunities
  • extended parental leave up to 26 calendar weeks for Primary Caregivers
  • Restricted Stock Units or Stock Options
  • company performance bonus
  • employee referral bonus of up to $3,000
  • work anniversary rewards
Bloomreach - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Staff Security Engineer

8 matching positions

Staff Security Engineer

Our mission is to protect, defend, and secure Uber’s products, infrastructure, a...
Location
Location
United States , New York; Seattle; San Francisco; Sunnyvale
Salary
Salary:
232000.00 - 258000.00 USD / Year
uber.com Logo
Uber
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • BS/MS Degree in Computer Science, Engineering, or a related field.
  • 7+ years of industry experience in a software development or security engineering environment.
  • Proficiency in programming languages such as Golang, Java, or Python.
  • Deep understanding of distributed systems, high-availability, and high-performance system design.
  • Hands-on experience with Endpoint Security such as EDR, secure browser, and binary authentication.
Job Responsibility
Job Responsibility
  • Security Solution Development: Design, develop, and implement software solutions to automate and scale enterprise security defenses.
  • System Architecture: Own the platform and tools for securing enterprise systems across macOS, Windows, and Linux.
  • Technical Leadership: Set technical direction for specific projects by identifying priorities, managing expectations, and considering tradeoffs.
  • Innovation: Leverage automation and AI/ML to transform enterprise defense from human-driven to AI-driven.
  • Engineering Excellence: Champion best software engineering practices and empower teams to build a culture of quality and operational excellence.
  • Cross-Functional Collaboration: Partner with IT, product, and operations teams to integrate security posture improvements across the entire environment.
What we offer
What we offer
  • Uber's bonus program
  • equity award
  • 401(k) plan
  • Fulltime
Read More
Arrow Right

Staff Security Engineer

Mozilla is looking for an Incident Responder to monitor and mitigate attacks acr...
Location
Location
Canada; United States
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of demonstrated ability managing security incidents at a global scale and/or experience working in Security Operations Centers (SOC), Product Security Incident Response Teams (PSIRT), and Computer Security Incident Response Teams (CSIRT)
  • Expertise with security information and event management (SIEM) systems (eg. ELK, Google BigQuery, Splunk, etc.). Splunk proficiency is preferred
  • Expertise with integrating and leveraging threat intelligence for detection engineering
  • Expertise with security orchestration and automation (SOAR) platforms such as Tines or Splunk SOAR
  • Superb communication and leadership capacity
  • ability to partner effectively with diverse company stakeholders
  • Real-world experience in software development and/or engineering operations for consumer products and services
  • B.S. in a technology-focused field is helpful
  • Practical experience working with cloud technologies (eg. Google Cloud Platform, Amazon Web Services, Heroku, Microsoft Azure, etc.)
  • Ownership and Accountability
Job Responsibility
Job Responsibility
  • Identify and respond to security incidents on a global scale
  • Act as an incident commander to drive incidents through the entire response lifecycle
  • Design and maintain a portfolio of security alerts, automated actions, playbooks and escalation workflows in support of a high-performing 24/7 incident response capability
  • Conduct threat hunting activities, anticipate future threats, and maintain forward-thinking strategies for tools/technology/processes that combat sophisticated threat actors
  • Research threat intelligence reports, triage and manage resulting workflows
  • Partner with key stakeholders and communicate effectively to maintain a continuously improving feedback loop of preparation, identification, analysis, containment, and post mortem activities
  • Participate in on-call rotation
What we offer
What we offer
  • Generous performance-based bonus plans
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting
  • Quarterly all-company wellness days
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
  • Fulltime
Read More
Arrow Right

Staff Security Engineer

We’re looking for an experienced security-focused engineer to help shape and sca...
Location
Location
United States , San Francisco
Salary
Salary:
235000.00 - 280000.00 USD / Year
parafin.com Logo
Parafin
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of experience in security operations or application security, preferably in a cloud-native and regulated environment
  • Strong understanding of AWS security, including IAM, VPC, and network segmentation best practices
  • Experience with threat detection and response, vulnerability management, and incident response workflows
  • Familiarity with Kubernetes and container security principles, including RBAC, admission controls, and runtime monitoring
  • Knowledge of compliance frameworks (SOC 2, PCI DSS, ISO 27001) and how to operationalize them in engineering environments
  • Strong communication and collaboration skills — comfortable working across engineering, product, and compliance teams
Job Responsibility
Job Responsibility
  • Lead efforts to improve Parafin’s overall security posture across infrastructure, applications, and data systems
  • Develop and maintain frameworks for identity, access management, and least-privilege enforcement
  • Establish and operate best-in-class security monitoring, alerting, and incident response processes
  • Partner with product and infrastructure engineers to embed secure-by-default patterns in our systems and applications
  • Define and enforce standards for vulnerability management, secrets handling, and dependency integrity
  • Collaborate with compliance and risk teams to build and maintain controls aligned with frameworks such as SOC 2, PCI DSS, and other fintech regulations
  • Support audits and security assessments by ensuring controls are properly implemented and evidenced
  • Contribute to security awareness and training efforts across engineering teams
  • Influence long-term strategy on secure architecture, detection, and response automation
What we offer
What we offer
  • Equity grant
  • Medical, dental & vision insurance
  • Unlimited PTO
  • Work From Home flexibility
  • Commuter benefits
  • Free lunches
  • Paid parental leave
  • 401(k)
  • Employee assistance program
  • Fulltime
Read More
Arrow Right

Staff Security Engineer

Credit Genie is a mobile-first financial wellness platform designed to help indi...
Location
Location
United States , New York, NY; Philadelphia, PA; Plymouth Meeting, PA; Pittsburgh, PA; San Francisco, CA
Salary
Salary:
150000.00 - 250000.00 USD / Year
creditgenie.com Logo
Credit Genie
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • BS/MS/PhD in a Computer Science, Engineering or related scientific field or equivalent professional experience
  • Passionate about advocating for and implementing solutions to complex problems, at-scale, in a large multi-cloud environment
  • Prior experience in Development Operations, Software Engineering, Systems Engineering, Security Architecture, Cloud Security or Offensive Security
  • Fluent in one or more modern coding languages (Python, Go, Java, JavaScript, etc.)
  • Experience with one or more infrastructure as code tools (Terraform, Ansible, etc.)
  • Experience with AWS, GCP, Azure and/or containers (e.g. Kubernetes)
  • Able to work both independently and collaboratively, willing to work in a fast paced, high growth environment
Job Responsibility
Job Responsibility
  • Design new and improve existing security tools, ensure their operational reliability, adherence to SLAs, and strengthen the organization’s security posture through proactive monitoring and continuous improvement
  • Drive innovation by automating security processes and developing advanced methods for analyzing and responding to security findings
  • Maintain and refine custom cloud security baselines, develop and implement cloud security policies and detection rules. Build security controls that detect, prevent, and correct cloud vulnerabilities
  • Collaborate closely with engineering teams to ensure security is embedded into solution design and deployment from the ground up
  • Empathize with the full spectrum of our customers and our engineers by advocating for effective solutions that scale with the needs of our business and our customers
  • Lead threat modeling, vulnerability assessments, and penetration testing to identify and address security risks proactively. Monitor security logs and alerts to detect anomalies and coordinate incident investigations
  • Develop and maintain incident response plans, ensuring rapid detection, analysis, and mitigation of security threats
What we offer
What we offer
  • Offers Equity
  • Offers Bonus
  • 100% company-paid medical, dental, and vision coverage for you and your dependents on your first day of employment
  • Receive up to $100 per month in fitness reimbursement or enjoy a complimentary full membership to LifeTime Fitness or Equinox
  • 401(k) with a 3.5% match and immediate vesting
  • Meal program available for both lunch and dinner
  • Pre-tax benefits, including a $1,000 HSA match
  • Life and accidental insurance
  • Flexible PTO
  • Fulltime
Read More
Arrow Right

Staff Security Engineer

Location
Location
Canada; United States , Ottawa; Austin; Toronto; Calgary
Salary
Salary:
Not provided
fullscript.com Logo
Fullscript
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • hands-on experience in secure software development using a core programming language (e.g., Go, Java, Ruby)
  • experience helping scale a security program in a product-led or fast-growing tech environment
  • experience working closely with engineering teams to embed security into the development lifecycle
  • experience building or leading a security initiative from scratch
  • legally eligible to work full time in Canada or US without sponsorship
  • Fulltime
Read More
Arrow Right

Staff Security Engineer

At Cloudera, we empower people to transform complex data into clear and actionab...
Location
Location
United States , Remote
Salary
Salary:
Not provided
cloudera.com Logo
Cloudera
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience developing, deploying, or supporting security tools and services (e.g., security scanners, secrets management, policy engines) used by other engineering & security teams
  • Knowledge of DevSecOps principles and practical experience implementing security controls in CI/CD pipelines (e.g., Jenkins, GitLab CI, GitHub Actions)
  • Experience with large-scale cloud security engineering in AWS, Azure, and Google Cloud, including automated network provisioning and secure configuration management
  • Experience with code review of one or more programming languages (Java, Python, Go, JS/TS)
  • Knowledge or experience in Kubernetes operations, security, and using tools like Helm for deployment and policy enforcement
  • Experience using and supporting Infrastructure as Code (IaC) & configuration management tools like Terraform, Cloudformation, or Ansible
  • Experience with operating or supporting security tools and platforms, including HashiCorp Vault for secrets management, Splunk for security monitoring and analytics, and CrowdStrike or similar EDR solutions for endpoint security
  • Working knowledge of web service frameworks, distributed architectures (event-driven, microservices, serverless), and their corresponding security challenges
  • Experience performing security reviews, developing and reviewing threat models, and conducting risk assessments against complex systems
Job Responsibility
Job Responsibility
  • Develop, deploy, and support self-service security tools and services that constitute the internal security platform
  • Contribute knowledge and support for security projects, including support of tool integration and implementation of new security capabilities within the platform
  • Support & improve security integrations into CI/CD pipelines (SAST, DAST, SCA, IAST, etc.) and developer workflows
  • Maintain deployment of secure multi-cloud environments (AWS, Azure, GCP) using Infrastructure as Code (e.g., Terraform, Ansible)
  • Assist with security architecture reviews of new products and features, contribute to threat models, and support adoption of security-as-code best practices
  • Work with the Site Reliability Engineering (SRE) team to maintain & respond to automated monitoring and security integrations for production systems
  • Collaborate with internal security teams to support compliance, incident response, and operational security requirements
  • Enable and support the adoption of security engineering best practices and standards across the organization
  • Evangelize the use of security platform tooling and deliver high-impact DevSecOps training and outreach to internal development & engineering teams
  • Participate members of the Security team and security advocates in advanced DevSecOps principles, platform engineering, and secure coding practices
What we offer
What we offer
  • Generous PTO Policy
  • Support work life balance with Unplugged Days
  • Flexible WFH Policy
  • Mental & Physical Wellness programs
  • Phone and Internet Reimbursement program
  • Access to Continued Career Development
  • Comprehensive Benefits and Competitive Packages
  • Paid Volunteer Time
  • Employee Resource Groups
  • Fulltime
Read More
Arrow Right

Staff Security Engineer

At hyperexponential, we’re building the AI-powered platform that enables the wor...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
hyperexponential.com Logo
hyperexponential
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Built or significantly contributed to security programmes from the ground up, establishing foundational security controls, compliance readiness, and incident response capabilities
  • Designed and implemented security architecture for cloud-based distributed systems (AWS or equivalent), including multi-account strategies, identity and access management, network security, and data protection
  • Driven technical security improvements by writing code, building tools, and implementing controls that scaled with company growth
  • Integrated security into development workflows through DevSecOps practices including automated testing, secrets management, container security, and infrastructure-as-code security
  • Led or supported compliance initiatives (SOC2, ISO27001, GDPR, or similar), mapping technical controls to compliance requirements and guiding teams through audit cycles
  • Built trust with engineering teams by contributing technically and making security collaborative and frictionless
  • Balanced security rigor with business goals, making risk-based trade-offs that enabled growth while protecting customers and the business
  • Evaluated security implications of AI/ML systems, including understanding AI-specific risks and implementing controls to secure them
Job Responsibility
Job Responsibility
  • Build hx's security programme from the ground up, setting direction for security architecture, compliance, and incident response as we scale globally
  • Design and implement security controls across AWS cloud infrastructure, Kubernetes workloads, and our multi-product platform, ensuring systems are secure by design
  • Integrate security into engineering workflows by embedding automated security testing, vulnerability management, and threat detection into CI/CD pipelines without slowing teams down
  • Lead or contribute to compliance initiatives (SOC2, ISO27001) by implementing technical controls and working cross-functionally with legal, engineering, and business teams to enable enterprise sales
  • Build security automation and tooling by writing code and scripts that scale security practices, detect vulnerabilities, and enforce policies efficiently
  • Partner with Engineering Managers, Principal Engineers, and Product Managers to embed security thinking early in design and architecture decisions
  • Act as a trusted voice in critical moments: responding to incidents, unblocking teams on security questions, and keeping high-stakes initiatives secure and on track
  • Assess and secure AI-powered systems across hx's platform, implementing controls that enable safe adoption of AI while mitigating risks like prompt injection, data leakage, and model vulnerabilities
What we offer
What we offer
  • £5,000 training and conference budget for individual and group development
  • 25 days of holiday plus 8 bank holidays (33 days total)
  • Company pension scheme via Penfold
  • Mental health support and therapy via Spectrum.life
  • Individual wellbeing allowance via Juno
  • Private healthcare insurance through AXA
  • Income protection and Life Insurance
  • Cycle to Work Scheme
  • Top-spec equipment (laptop, screens, adjustable desks, etc.)
  • Regular remote and in-person hackathons, lunch and learns, socials, and game nights
  • Fulltime
Read More
Arrow Right

Staff Security Engineer

At hyperexponential, we’re building the AI-powered platform that enables the wor...
Location
Location
Poland , Warsaw
Salary
Salary:
Not provided
hyperexponential.com Logo
hyperexponential
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Built or significantly contributed to security programmes from the ground up
  • Designed and implemented security architecture for cloud-based distributed systems (AWS or equivalent)
  • Driven technical security improvements by writing code, building tools, and implementing controls
  • Integrated security into development workflows through DevSecOps practices
  • Led or supported compliance initiatives (SOC2, ISO27001, GDPR, or similar)
  • Evaluated security implications of AI/ML systems
Job Responsibility
Job Responsibility
  • Build hx's security programme from the ground up
  • Design and implement security controls across AWS cloud infrastructure, Kubernetes workloads, and our multi-product platform
  • Integrate security into engineering workflows by embedding automated security testing, vulnerability management, and threat detection into CI/CD pipelines
  • Lead or contribute to compliance initiatives (SOC2, ISO27001)
  • Build security automation and tooling by writing code and scripts
  • Partner with Engineering Managers, Principal Engineers, and Product Managers to embed security thinking early in design and architecture decisions
What we offer
What we offer
  • Share Options
  • 25 days of non-working + 14 Polish bank holidays (B2B) / 26 days of holiday + 14 Polish bank holidays (UoP)
  • £5,000 budget for Learning & Development
  • Mental Health Support and Therapy via Spectrum Life
  • Optional access to Healthcare package provided by Luxmed + Multisport (B2B)
  • Top-spec laptop (MacOS or Windows)
  • Company pension (UoP)
  • 10 days company sick pay at 100% salary (UoP)
  • Monthly wellbeing allowance via Juno (UoP)
  • Healthcare package provided by Luxmed (UoP)
  • Fulltime
Read More
Arrow Right