Incident Response Engineer, SIRT Lisboa

Overview

Incident Response Engineer, SIRT – Cloudflare

Join to apply for the Incident Response Engineer, SIRT role at Cloudflare.

About Cloudflare: At Cloudflare, we are on a mission to help build a better Internet. We protect and accelerate Internet applications without adding hardware, installing software, or changing a line of code. Cloudflare’s network powers millions of websites and Internet properties, serving customers from individuals to Fortune 500 companies. Cloudflare is recognized for its culture and innovation.

Location: Hybrid in Lisbon, Portugal.

Team Mission

The Security Response Team’s mission is to respond to security threats and safeguard Cloudflare. We operate 24/7 across the globe to respond to security incidents, continuously improve our response capabilities, lead digital investigations and enhance our overall security posture. Our
- and
- first philosophy makes us a cohesive team with high impact.

The Role

The Incident Response Engineer on the Security Response Team focuses on triaging alerts, refining security processes and leading critical incidents—from threat detection and
- attack analysis to containment and forensics. This role collaborates with IT, Engineering, Product, and Legal teams to build scalable response systems, leveraging expertise in tooling, automation, custom log analysis, and SIEM systems. It requires effective communication of technical topics to a
- technical audience and participation in a shared
- call rotation with rotating weekend and holiday shifts.

Responsibilities

• Monitor and investigate security and privacy incidents, vulnerabilities, and threats, and take appropriate action to mitigate risks and minimize potential impact.
• Partake in incident response
  - call schedule.
• Make critical decisions during incidents, balancing rapid response with thorough analysis and risk assessment.
• Support log analysis to identify indicators of compromise and anomalous behavior across systems, networks, and applications.
• Assist in analyzing and interpreting system and network logs and other data sources to identify and track potential threats.
• Automate manual tasks using standard tools or by developing custom scripts.
• Design, build and introduce processes to automate data collection, processing and reporting.
• Design, build and introduce mechanisms to clean up existing data and maintain automations.

Requirements

• Understanding of log analysis, email (SPAM, phishing), OS security and Incident Response.
• Good documentation and reporting skills with the ability to prepare reports.
• Strong understanding of cybersecurity concepts.
• Programming and scripting skills in Javascript, Python, Bash and/or SQL.
• Ability to analyze security data, identify trends, patterns, and anomalies, and provide actionable recommendations.
• Ability to hunt for anomalous activity within a wide data set.
• Excellent verbal/written communication, problem solving, analytical and
  - oriented skills.
• Ability to work in a
  - speed and
  - pressure environment.

Examples Of Desirable Skills And Experience

• Experience in Incident response, including triage and investigation of security incidents.
• Workflow automation with tools like Jira.
• Programming experience (Javascript, Bash, Python, or Golang).
• Dev
  Ops and configuration management with Terraform, Ansible, git, and CI/CD pipelines.
• Experience with Cloudflare's development platform.
• Knowledge of EDR tools like Crowd
  Strike.
• Experience with SIEM tools.

What Makes Cloudflare Special

We’re an ambitious technology company with a soul. We’re committed to protecting the free and open Internet. Cloudflare supports initiatives like Project Galileo, the Athenian Project, and 1. 1. 1. 1, reflecting our broader mission to help protect and improve the Internet for everyone.

EEO and Accommodations

Cloudflare is an equal opportunity employer. We provide reasonable accommodations to qualified individuals with disabilities. If you require an accommodation to apply, please contact hr@cloudflare.com or visit our office at 101 Townsend St. San Francisco, CA 94107.

Seniority level

• Associate

Employment type

• Full-time

Job function

• Information Technology

Industries

• IT Services and IT Consulting
• Technology, Information and Internet
• Computer and Network Security