Cyber Defense and Incident Response Engineer (They/She/He)

If you’re here, it’s because you’re looking for an exciting ride. 

A ride that will fuel up your ambitions to take on a new challenge and stretch yourself beyond your comfort zone. 

We’ll deliver a non-vanilla culture built on talent, where we work to amplify the impact on millions of people, paving the way forward together. 

Not your usual app. We are the fastest-growing multi-category app connecting millions of users with businesses, and couriers, offering on-demand services from more than 170,000 local restaurants, grocers and supermarkets, and high street retail stores. We operate in more than 1500 cities across 21 countries. 

Together we revolutionise the way people connect with their everyday needs, from delivering essentials to connecting our ecosystem of users through innovative solutions powered by technology. For us, every day is filled with purpose.

What makes our ride unique? 

Our culture and strong values. 

Our career development philosophy. 

Our commitment to being a force for good. 

We have a vision: Building the largest marketplace in your city, to give access to anything in minutes. And this is where your ride starts.

YOUR MISSION

Glovo’s success and constant growth introduce complex challenges in defending our ecosystem. We are looking for a CSIRT Engineer to join our Cyber Defense team. Your mission is to be the shield of Glovo—ensuring we are not just ready to respond to threats, but proactive enough to hunt them down before they arrive. You will be a key player in building a "SOCless" future through high-level automation and sophisticated detection engineering.

THE JOURNEY

• Be the First Responder: Support Digital Forensics and Incident Response (DFIR) efforts, conducting deep-dive investigations into security breaches and anomalies following the Cyber Incident Response Cycle.
• Architect Readiness: Design and maintain the playbooks and investigation methodologies that ensure Glovo is prepared for any security incident.
• Precision Monitoring: Create, validate, and fine-tune alerts to ensure high fidelity and low noise, turning raw logs into actionable intelligence.
• Automate & Orchestrate: Contribute our "SOCless" ambition by building tooling and automation for incident response, reducing manual toil through smart orchestration.
• Hunt the Threat: Proactively "play the bad guy" by researching emerging threats and conducting threat-hunting exercises across our infrastructure.
• Manage the Pipeline: Cooperate with the management of our security log ingestion tools and SIEM to ensure full visibility across Glovo.

WHAT YOU WILL BRING TO THE RIDE

• The Responder’s Mindset: Experience in Incident Response and Digital Forensics it’s a plus.
• Cloud Proficiency: Desirable operational experience with AWS; you know how to track an adversary through cloud-native logs.
• Coding Skills: Experience in Python (or Golang) to automate responses and build custom security tooling.
• Detection Engineering: A knack for threat monitoring and fine-tuning alerts to find the needle in the haystack.
• Proactivity: Curiosity to learn about Threat Hunting with understanding of the MITRE ATT&CK framework, among other security topics.
• Communication: Good written and communication skills to support post-mortem discussions and document complex incidents clearly.

Nice-to-Haves

• Relevant certifications (GCIH, GCFA, GNFA, or AWS Certified Security - Specialty).
• Experience with SOAR (Se