Staff Security Engineer, CSIRT
As a Staff Security Engineer within our CSIRT Team, you will be accountable for leading our most critical, complex, and high-impact security incidents end-to-end across a global, high-transaction food delivery and quick-commerce platform handling millions of daily orders. As a business spanning logistics, e-commerce, and FinTech, our environment is highly regulated, in this role you will navigate the complexities of global compliance frameworks while ensuring rapid, effective incident mitigation.
You will operate at the intersection of a hands-on technical practitioner and a strategic leader, making high-consequence decisions during times of ambiguity. We are looking for someone with a strong 'builder mindset'. You don't just respond to security incidents; you approach operational bottlenecks as engineering problems. You will build systems, develop custom tooling, and architect automated workflows to relentlessly eliminate manual toil and scale our response capabilities, ultimately setting the standard for engineering excellence and fostering a security mindset across the organization.
Your mission:
Incident Commander: Serve as the single accountable leader during active responses for high-severity incidents, directing investigative focus from detection through recovery while maintaining a calm and decisive demeanor under pressure. You will ensure our response strategies and forensic evidence gathering align with strict reporting requirements for GDPR, PCI-DSS, NIS2, DORA, MAS TRM, and other regional mandates.
Post-Incident Reviews & Remediation: Lead blameless post-incident reviews to ensure continuous improvement, durable engineering solutions, and systemic resilience.
Stakeholder Communication: Serve as the primary interface to stakeholders during critical security incidents, translating complex technical realities into clear risk, impact, and decision frameworks.
Engineering-Led Response & Automation: Design and develop in-house solutions, automated workflows, and scalable systems to eliminate repetitive processes, reduce triage time, and continuously improve the overall quality and efficiency of our security incident response operations.
Mentorship & Leadership: Act as a hands-on technical leader and role model, actively mentoring teams and individuals within your domain to raise the overall technical bar and share your experience.
Metrics & Strategic Visibility: Have a Data-Driven Strategic mindset to define, track, and improve core operational metrics (MTTD, MTTR) to identify systemic gaps and propose strategic, long-term security investments.
Organizational Readiness & Tabletop Exercises: Proactively design and facilitate complex, realistic tabletop simulations and purple team engagements to stress-test our playbooks, uncover detection blind spots, and train the wider security and engineering organizations.
On-Call: Participate in a predictable on-call rotation as an Incident Responder, leading the charge on high-severity, out-of-hours escalations.
Qualifications
7+ years of broad cybersecurity experience with a deep understanding of core security fundamentals, coupled with 5+ years of dedicated experience in a SOC or CSIRT environment.
Incident Commander Experience: Proven track record acting as a Security Incident Commander, confidently managing incident timelines, decisions, and cross-functional communications during complex security events.
Deep Security Incident Response Expertise: Mastery of the full incident lifecycle and hands-on playbook creation for complex, high-availability hybrid-cloud environments, distributed microservices, and platforms processing vast amounts of PII and payment data.
Security Tooling Mastery: Operational expertise with SIEM, EDR, Cloud Security platforms, SOAR, and WAF/DDoS protection solutions.
Software Engineering & Tooling (Builder Mindset): Advanced proficiency in writing production-quality code (e.g., Python, Go, Rust) to build scalable in-house solutions.
Cloud-Native Security: Hands-on experience securing and responding to incidents across public cloud platforms (AWS, GCP) and cloud-native technologies like Kubernetes, Docker, and Infrastructure-as-Code (e.g., Terraform).
Source Control & CI/CD: Familiarity with Git/GitHub usage, CI/CD systems, and modern SecOps workflows.
Strategic Leadership: An exceptional communicator with the ability to influence cross-functional stakeholders and simplify complex systems across domains without requiring formal authority.
Nice to have:
Investigative Depth: Digital forensics skills and hands-on experience integrating Threat Intelligence to anticipate attacks and proactively hunt for threats.
Malware Analysis & Reverse Engineering: Proven skills in static and dynamic (runtime) malware analysis, reverse engineering, and analyzing malicious payloads within isolated sandbox environments.
Web/Mobile Security: Strong background in Web and Mobile application security, understanding complex API architectures, modern authentication frameworks, and defending against high-volume automated attacks (e.g., credential stuffing, scraping).
AI & Next-Gen Tooling: Experience integrating AI/LLM capabilities and MCP (Model Context Protocol) usage into Incident Response for automated evidence summarization, data enrichment, or investigation.
Regulated Environment Expertise: Deep operational understanding of global cybersecurity and privacy frameworks (e.g., PCI-DSS, GDPR, NIS2, DORA, MAS TRM). You know how to balance aggressive incident containment with the legal and forensic requirements necessary for regulatory compliance and breach notification.
Relevant Technical Certifications: Active or in-progress industry-recognized technical certifications focused on incident handling, forensics, or offensive security (e.g., GIAC GCIH/GCFA/GCIA, CISSP, OSCP).
Ensuring you and all our Heroes are looked after, happy, and healthy is always on the menu. Because if you’re in good shape, then we’re in good shape.
Make the most of our hybrid working model and join the team for face-to-face connection and collaboration in our beautiful Berlin campus 2 days a week
We offer 27 days holiday
We will support you in developing yourself and your career growth opportunities: 1.000 € Educational Budget, Language Courses, Parental Support, access to the Udemy Business platform to explore a variety of online courses
Get moving and release those wonderful, mind-boosting endorphins: Health Checkups, Mindfulness and Gym & Bicycle Subsidy
The power of getting together over some food is unrivalled. Here are a few ways to help you do that. All the yum: Digital Meal Vouchers, Food Vouchers, Corporate Discounts. Courses and access to Internal Housing Hub
Ready to join our team? If you’re excited to grow, collaborate and be part of the world’s leading delivery platform, we’d love to hear from you. Apply today!
We believe diversity and inclusion are key to creating not only an exciting product, but also an amazing customer and employee experience. Fostering this starts with hiring - therefore we do not discriminate on the basis of racial identities, religious beliefs, color, national origin, gender identities or expressions, sexual orientations, age, marital or disability statuses, or any other aspect that makes you, you.
We encourage you to let us know if you need any accommodations or specific accessibility support to ensure a smooth interview experience—just let us know with an email to our Inclusion Officer at [email protected]. Severely disabled applicants with equal qualifications will be given preferential consideration. You're welcome to share your pronouns (he/she/they) right from the start so we can address you respectfully from our first contact.We believe diversity and inclusion are key to creating not only an exciting product, but also an amazing customer and employee experience. Fostering this starts with hiring - therefore we do not discriminate on the basis of racial identities, religious beliefs, color, national origin, gender identities or expressions, sexual orientations, age, marital or disability statuses, or any other aspect that makes you, you.
We encourage you to let us know if you need any accommodations or specific accessibility support to ensure a smooth interview experience—just let us know with an email to our Inclusion Officer at [email protected]. Severely disabled applicants with equal qualifications will be given preferential consideration. You're welcome to share your pronouns (he/she/they) right from the start so we can address you respectfully from our first contact.Empfohlene Jobs
Assistenz der Geschäftsführung (m/w/d)*
Unser Mandant ist ein Family Office, das seit über 30 Jahren das Vermögen einer Familie verwaltet. Einen besonderen Schwerpunkt legt das Unternehmen auf den Bereich Real Estate. Hier erbringt man sämt…
Engineering Manager (Java/Kotlin) - Fintech
Job Description We are on the lookout for an Engineering Manager to lead one of our Payments engineering teams — a group of 6–10 backend engineers building the payments infrastructure that powers…
Operationstechnische Assistenz (m/w/d) - Wir leben nach dem Motto: Von Profis für Profis!
Über uns Herzlich willkommen bei profimed Personalleasing! Wir sind ein innovatives Personaldienstleistungsunternehmen und verhelfen Fach- und Pflegepersonal zu tollen Berufen in der Pflege in Berli…
Telefonist /in - Automobil (m/w/d)
Für ein Automobilunternehmen in Berlin suchen wir derzeit motivierte Telefonisten/Telefonistinnen, die mit einem Stundenlohn von 15,06€/St. vergütet werden. Die Anstellung erfolgt in Voll-oder Tei…
(Senior) Recruiter (m/w/d)
Unternehmensbeschreibung Headmatch ist eine renommierte Personalberatung im Herzen Berlins mit knapp 60 Mitarbeitern. Wir sind Profis, wenn es um die Vermittlung von hochqualifizierten Fach- & Führung…
Triebwerkmechaniker (m/w/d) + viele Benefits
W.I.R suchen Sie als Triebwerkmechaniker (m/w/d) - bis zu 24,00 EUR / Std. + Benefits - Ab sofort, in Vollzeit für ein mittelständisches Unternehmen in Berlin. Mehr erfahren per Tel. +49 30 8145 7…
Techniker - Notdienst übertarifliches Gehalt m/w/d
Für (einen) unserer Kunden suchen wir einen Haustechniker (m/w/d) für den operativen Notdienst in der Elektrotechnik. Ihr Job wird in unterschiedlichen Schichten ausgeführt. Sie arbeiten Werktags (Mo…
Sales Manager (m/w/d) - Deutschsprachig - 1KOMMA5° Berlin
1KOMMA5° Bei 1KOMMA5° verfolgen wir eine Vision: Living on wind and sunlight forever for free . Dafür bauen wir mit Heartbeat AI das Energiesystem der Zukunft. Bist du dabei? Wir bringen reg…
Mechatroniker (m/w/d) für Kältetechnik (Versorgungstechniker/in) CBF, CCM,CVK
Unsere Benefits Sinnstiftende & abwechslungsreiche Tätigkeit im Herzen Berlins Sportangebote: Wellhub-Mitgliedschaft und Meditations-App Events & Vernetzungsformate: Weihnachtsfeier, Fußball…
Ausbildung zum Hotelfachmann/zur Hotelfachfrau(m/w/d) ...
SPREAD THE ROOMERS AND DO IT LOUD! Diese Haltung leben wir im Roomers Berlin jeden Tag. Das ehemalige Hotel am Steinplatz ist seit 1. Januar 2025 das ROOMERS BERLIN und somit Teil der Gekko Grou…