Cloudflare

Incident Response Engineer

Posted Yesterday

Be an Early Applicant

Hiring Remotely in Singapore

Remote or Hybrid

Junior

Cloud • Information Technology • Security • Software • Cybersecurity

Helping Build a Better Internet

The Role

The Incident Response Engineer leads security incident investigations, communicates technical topics, and collaborates with teams to enhance security operations while managing incident processes.

Summary Generated by Built In

Available Location: Singapore
Team Mission
The Security Response Team's mission is to systematically respond to security threats safeguarding Cloudflare. We operate 24/7 across the globe to respond to security incidents, continuously improve our response capabilities, lead digital investigations and enhance our overall security posture. Our "Cloudflare on Cloudflare", data and automation first philosophy makes us a cohesive team with high impact.
The Role
This intermediate role on the Security Response Team focuses on refining security processes and leading critical incidents-from threat detection and cyber-attack analysis to containment and forensics. This role collaborates with IT, Engineering, Product, and Legal teams to build scalable response frameworks, leveraging expertise in tooling, automation, custom log analysis, and SIEM systems. Additionally, it requires effective communication of technical topics based on business requirements and participation in a shared on-call rotation with rotating weekend and holiday shifts.
Responsibilities
Security Operations

Oversee security event triage, validation, and response workflows, ensuring timely investigation of high-priority alerts and security anomalies.
Collaborate with detection engineers and threat intelligence teams to refine investigative signals and improve security visibility.
Maintain incident management processes, ensuring incidents are properly categorized, documented, and escalated as needed.
Perform continuous operational improvements, such as tuning detection rules, optimizing log ingestion, and enhancing alert enrichment pipelines.
Conduct security gap analysis, identifying weaknesses in monitoring coverage and recommending solutions to enhance detection and response capabilities.
Work closely with engineering and infrastructure teams to improve log collection, normalization, and visibility across diverse environments.
Ensure adherence to incident response playbooks, compliance standards, and security best practices (e.g., CISA, GDPR, NIST, ISO 27001).

Incident Investigation & Threat Hunting

Lead/Co-Lead forensic investigations into intrusions, insider threats, APTs, and account compromises.
Perform log analysis, correlation, and anomaly detection across endpoint, network, and cloud telemetry.
Use Python, SQL, and data engineering techniques to extract insights from large-scale logs, identifying attacker TTPs and movement across environments.
Investigate real-time security incidents, working closely with detection teams to validate alerts and escalate threats.
Conduct post-incident analysis to determine root causes, document findings, and recommend mitigation strategies.

Security Monitoring & Continuous Threat Analysis

Oversee security monitoring operations, ensuring alert triage, enrichment, and validation align with investigative workflows.
Optimize SIEM queries, log ingestion pipelines, and case management systems to improve threat visibility.
Develop playbooks and workflows to streamline investigations and reduce manual effort in repetitive tasks.
Maintain Standard Operating Procedures (SOPs) for effective response to security alerts and ongoing monitoring.
Collaborate with the Detection Engineering team to refine detection rules and investigative signals based on real-world attack patterns.

Security Engineering & Automation for Investigations

Provide requirements for automated solutions to enhance investigation efficiency, such as log parsing scripts, data enrichment tools, and case correlation frameworks.
Use log analysis pipelines for efficient parsing, enrichment, and correlation of multi-source security data.
Review and comprehend custom detection logic for brute-force attempts, lateral movement, and anomaly-based intrusion detection.

Forensic Analysis & Threat Intelligence Correlation

Perform disk, memory, and network forensics to uncover hidden indicators of compromise (IOCs) and attacker behaviors.
Correlate multi-source logs (firewall, EDR, web, authentication logs, cloud telemetry) to reconstruct attack chains and identify attacker footholds.
Analyze network traffic (PCAP, NetFlow, proxy logs) to detect exfiltration attempts, lateral movement, and suspicious patterns.
Use threat intelligence APIs (e.g., VirusTotal, AbuseIPDB) to enrich investigations and automate IOC processing.

Must-Have Qualifications

1+ years of experience in incident response, security operations, and forensic analysis
Willingness to lead crisis situations, make data-driven security decisions, and drive technical and operational improvements.
Knowledge of incident management, root cause analysis, and forensic investigation methodologies.
Hands-on experience with SIEM (SQL, ELK, etc), SOAR, and EDR (CrowdStrike,) for real-time security monitoring and response.
Understanding of OKR methodologies, Agile workflows, and project prioritization strategies.
Understanding of threat intelligence, attacker tactics (MITRE ATT&CK), and real-world attack chains.

Nice-to-Have Qualifications

Experience in security operations, ensuring effective escalation, resolution, and business alignment.
Certifications: GCFA, GNFA, GREM, GCIH, or equivalent forensic/security certifications.
Familiarity with SOAR platforms and security case management automation.
Experience in Red Teaming, Threat Intelligence, or Malware Analysis.
Understanding of cloud-native security monitoring (AWS, GCP, Azure).
Knowledge of cloud security (AWS, GCP, Azure) and containerized workloads (Kubernetes, Docker) security incident handling.

Top Skills

AWS

Azure

Crowdstrike

Docker

Edr

Elk

GCP

Kubernetes

Python

SIEM

Soar

SQL

Threat Intelligence Apis

View all jobs at Cloudflare

View Cloudflare Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

HQ: San Francisco, CA

4,400 Employees

Year Founded: 2010

What We Do

Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company on a mission to help build a better Internet. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations – from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.

Why Work With Us

Cloudflare employees come from all walks of life. We are mission-driven, and our team is energized by a collaborative, creative environment that celebrates our differences and fosters new ways to grow together.

Gallery

Cloudflare Offices

Learn More

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

We are committed to developing a global team that is distributed with a flexible working approach. Doing this equitably and inclusively is essential to our success. Visit our careers site for more on 'How & Where We Work.'

Typical time on-site: Flexible

HQSan Francisco, CA

Singapore

Austin, TX

Bengaluru, Karnataka

Boston, MA

Denver, Colorado

Lisbon, PT

London, GB

Los Angeles, CA

New York, NY

Seattle, WA