• Design, deploy, and optimize bot-mitigation and service-abuse controls, including WAF configurations, rate limiting, behavioral/velocity checks, challenge/attestation frameworks (e.g., Cloudflare Turnstile), device-telemetry validation, and API/form hardening. • Develop and maintain automated detection capabilities leveraging IP/ASN intelligence, identity patterns, traffic analytics, and anomalous behavior models. • Lead bot-related incident response activities, including triage, containment, root-cause analysis, and long-term remediation planning to support platform stability and operational continuity. • Partner closely with Engineering, DevSecOps, Fraud Strategy, Fraud Operations, Data, and Product teams to integrate preventive and detective controls across the customer funnel. • Drive the long-term bot-mitigation roadmap and capability vision in partnership with Engineering, Product, Fraud, Data, and DevOps, ensuring alignment with enterprise risk-reduction, platform resiliency, and operational efficiency goals. • Establish monitoring, reporting, and multi-signal decisioning (signal-fusion) mechanisms to provide visibility into bot activity, control effectiveness, system performance impacts, and operational risk indicators. • Evaluate new tools, technologies, and techniques related to bot detection, behavioral analytics, device attestation, signal fusion, and automated-abuse prevention; develop recommendations based on threat trends, performance considerations, and business requirements. • Produce architectural documentation, detection logic specifications, technical standards, and operational runbooks that support scalable and repeatable defense capabilities. • Guide engineering teams in embedding resilient security patterns into web and API designs and influencing product flows to reduce automated-abuse exposure. • Mentor team members and contribute to the broader security engineering and service-abuse management knowledge base.

• Translate business and compliance requirements into practical, well-documented security architecture designs using recognized frameworks (e.g., ISO 27001, NIST, CIS) • Develop, document, and maintain consistent secure architectural patterns with an emphasis on cloud security (AWS, Azure, GCP) • Implement threat-informed design principles, integrating zero trust architectures and defensive depth strategies to address security gaps and enhance resilience • Maintain alignment between security policies, enterprise architecture principles, and client expectations • Conduct comprehensive risk assessments and threat modeling to evaluate existing or proposed architectures for vulnerabilities • Provide actionable mitigation strategies informed by a risk-based approach and evolving threat intelligence data • Participate in or support incident response initiatives, aiding in root cause analysis and the development of post-incident recommendations • Act as a trusted advisor to clients by engaging in technical discussions to inform strategic security decisions • Collaborate cross-functionally with development, operations, and engineering teams to validate that security controls are effectively implemented across the development lifecycle • Deliver technical insights in presentations, workshops, and reports tailored to both technical and executive audiences • Engage in audits, assessments, and reviews to ensure delivery meets strict alignment with industry frameworks • Provide clients with guidance on the implementation and enforcement of technical standards and cloud-specific security policies • Maintain up-to-date knowledge of regulations and frameworks such as NIS2 and DORA to address compliance risks and initiatives • Recommend improvements in security policies based on compliance evaluations and evolving risks • Contribute to the development of security roadmaps by delivering expert recommendations tailored to each client’s security objectives • Assess emerging technologies and threats, identifying opportunities to evolve architectural strategies through innovation and cutting-edge tools • Participate as an SME in pre-sales activities, assisting in defining technical collateral that supports project delivery

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description As a Senior Security Engineer (d/f/m), your responsibilities will include: - Architecting our technical security operations while supporting the general growth and maturity of our information security program. - Driving the implementation of a SIEM, including log ingestion, tuning, and general log/evidence integration across a broad range of product and enterprise technologies. - Detecting, investigating, and resolving security events and incidents to continuously minimize impact and recovery time. - Leading the technical IR lifecycle (including our product) as the Incident Commander, conducting forensics and comprehensive post-incident analysis. - Creating and maintaining comprehensive incident response runbooks and automated response processes to continuously mature the IR program. - Assisting with the broader security posture through code reviews, implementing technical controls, and building checks into our CI/CD pipeline. Qualifications - 5+ years of experience as a product-facing SOC Analyst, Incident Responder, or Security Engineer (or equivalent) in a SaaS/E-commerce environment. - Proven ability to act as Incident Commander in the technical IR lifecycle—preferably for a SaaS/E-commerce product with high uptime and resilience requirements—leading forensics and driving SIEM implementation and tuning. - A proven track record of taking end-to-end ownership in a fast-paced environment, building processes from the ground up, and constantly adjusting to technological and organizational change. - Proficiency in any programming language for scripting, security tooling development, and automating GRC evidence collection. - A Bachelor's or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a closely related technical field. Requirements - Proficiency in Terraform for securing infrastructure, combined with hands-on experience in integrating security testing. - Experience with preventing “rent-seeking” attacks like cybersquatting, sneaker bots, scalping, or grinch bots. - Experience in executing Red Team operations and/or penetration testing, with the ability to effectively collaborate with development teams to drive the remediation of software vulnerabilities. Benefits - We scale sustainably on a profitable, VC-backed foundation with true product-market fit. - Collaborate with over 160 dedicated professionals, including leaders from Google, Slack, and Salesforce. - We’re a diverse, merit-driven team spread across six global offices. - Consistently ranked among the fastest-growing scale-ups in Europe. - Work alongside some of tech’s brightest minds — from Forbes 30 Under 30 founders to Executive of the Year award winners.

• Serve as the primary escalation resource for Cloudflare issue resolution • Engineer, optimize, and maintain Cloudflare security solutions • Manage and refine enterprise Palo Alto firewall policies • Conduct ongoing security assessments of network and application controls • Support the enterprise certificate lifecycle program • Participate in on-call rotations and help train and mentor engineers