Incident Response Engineer

<div class="content-intro"><div><strong>About Us</strong></div> <div> <p>At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world’s largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures list and ranked among the World’s Most Innovative Companies by Fast Company. </p> <p><span style="font-weight: 400;">We realize people do not fit into neat boxes. We are looking for curious and empathetic individuals who are committed to developing themselves and learning new skills, and we are ready to help you do that. We cannot complete our mission without building a diverse and inclusive team. We hire the best people based on an evaluation of their potential and support them throughout their time at Cloudflare. Come join us! </span></p> </div></div><p><strong>Available Location: Singapore</strong></p> <p><strong>Team Mission</strong></p> <p>The Security Response Team’s mission is to systematically respond to security threats safeguarding Cloudflare. We operate 24/7 across the globe to respond to security incidents, continuously improve our response capabilities, lead digital investigations and enhance our overall security posture. Our “Cloudflare on Cloudflare”, data and automation first philosophy makes us a cohesive team with high impact. </p> <p><strong>The Role</strong></p> <p>This intermediate role on the Security Response Team focuses on refining security processes and leading critical incidents—from threat detection and cyber-attack analysis to containment and forensics. This role collaborates with IT, Engineering, Product, and Legal teams to build scalable response frameworks, leveraging expertise in tooling, automation, custom log analysis, and SIEM systems. Additionally, it requires effective communication of technical topics based on business requirements and participation in a shared on-call rotation with rotating weekend and holiday shifts.</p> <p><strong>Responsibilities </strong></p> <p><strong>Security Operations</strong></p> <ul> <li>Oversee security event triage, validation, and response workflows, ensuring timely investigation of high-priority alerts and security anomalies.</li> <li>Collaborate with detection engineers and threat intelligence teams to refine investigative signals and improve security visibility.</li> <li>Maintain incident management processes, ensuring incidents are properly categorized, documented, and escalated as needed.</li> <li>Perform continuous operational improvements, such as tuning detection rules, optimizing log ingestion, and enhancing alert enrichment pipelines.</li> <li>Conduct security gap analysis, identifying weaknesses in monitoring coverage and recommending solutions to enhance detection and response capabilities.</li> <li>Work closely with engineering and infrastructure teams to improve log collection, normalization, and visibility across diverse environments.</li> <li>Ensure adherence to incident response playbooks, compliance standards, and security best practices (e.g., CISA, GDPR, NIST, ISO 27001).</li> </ul> <p><strong>Incident Investigation Threat Hunting</strong></p> <ul> <li>Lead/Co-Lead forensic investigations into intrusions, insider threats, APTs, and account compromises.</li> <li>Perform log analysis, correlation, and anomaly detection across endpoint, network, and cloud telemetry.</li> <li>Use Python, SQL, and data engineering techniques to extract insights from l ... (truncated, view full listing at source)