Staff Security Engineer, CSIRT

About the role

**Company Description** As the world's pioneering local delivery platform, our mission is to deliver an amazing experience, fast, easy, and to your door. We operate in around 65 countries worldwide powered by tech, designed by people. As one of Europe's largest tech platforms, headquartered in Berlin, Germany. Delivery Hero has been listed on the Frankfurt Stock Exchange since 2017 and is part of the MDAX stock market index. We enable creative minds to deliver solutions that create impact within our ecosystem. We move fast, take action and adapt. No matter where you're from or what you believe in, we build, we deliver, we lead. We are Delivery Hero. **Job Description** As a Staff Security Engineer within our CSIRT Team, you will be accountable for leading our most critical, complex, and high-impact security incidents end-to-end across a global, high-transaction food delivery and quick-commerce platform handling millions of daily orders. As a business spanning logistics, e-commerce, and FinTech, our environment is highly regulated, in this role you will navigate the complexities of global compliance frameworks while ensuring rapid, effective incident mitigation. You will operate at the intersection of a hands-on technical practitioner and a strategic leader, making high-consequence decisions during times of ambiguity. We are looking for someone with a strong 'builder mindset'. You don't just respond to security incidents; you approach operational bottlenecks as engineering problems. You will build systems, develop custom tooling, and architect automated workflows to relentlessly eliminate manual toil and scale our response capabilities, ultimately setting the standard for engineering excellence and fostering a security mindset across the organization. ** **Your mission:**** - Incident Commander: Serve as the single accountable leader during active responses for high-severity incidents, directing investigative focus from detection through recovery while maintaining a calm and decisive demeanor under pressure. You will ensure our response strategies and forensic evidence gathering align with strict reporting requirements for GDPR, PCI-DSS, NIS2, DORA, MAS TRM, and other regional mandates. - Post-Incident Reviews & Remediation: Lead blameless post-incident reviews to ensure continuous improvement, durable engineering solutions, and systemic resilience. - Stakeholder Communication: Serve as the primary interface to stakeholders during critical security incidents, translating complex technical realities into clear risk, impact, and decision frameworks. - Engineering-Led Response & Automation: Design and develop in-house solutions, automated workflows, and scalable systems to eliminate repetitive processes, reduce triage time, and continuously improve the overall quality and efficiency of our security incident response operations. - Mentorship & Leadership: Act as a hands-on technical leader and role model, actively mentoring teams and individuals within your domain to raise the overall technical bar and share your experience. - Metrics & Strategic Visibility: Have a Data-Driven Strategic mindset to define, track, and improve core operational metrics (MTTD, MTTR) to identify systemic gaps and propose strategic, long-term security investments. - Organizational Readiness & Tabletop Exercises: Proactively design and facilitate complex, realistic tabletop simulations and purple team engagements to stress-test our playbooks, uncover detection blind spots, and train the wider security and engineering organizations. - On-Call: Participate in a predictable on-call rotation as an Incident Responder, leading the charge on high-severity, out-of-hours escalations. **Qualifications** - 7+ years of broad cybersecurity experience with a deep understanding of core security fundamentals, coupled with 5+ years of dedicated experience in a SOC or CSIRT environment. - Incident Commander Experience: Proven track record acting as a Security Incident Commander, confidently managing incident timelines, decisions, and cross-functional communications during complex security events. - Deep Security Incident Response Expertise: Mastery of the full incident lifecycle and hands-on playbook creation for complex, high-availability hybrid-cloud environments, distributed microservices, and platforms processing vast amounts of PII and payment data. - Security Tooling Mastery: Operational expertise with SIEM, EDR, Cloud Security platforms, SOAR, and WAF/DDoS protection solutions. - Software Engineering & Tooling (Builder Mindset): Advanced proficiency in writing production-quality code (e.g., Python, Go, Rust) to build scalable in-house solutions. - Cloud-Native Security: Hands-on experience securing and responding to incidents across public cloud platforms (AWS, GCP) and cloud-native technologies like Kubernetes, Docker, and Infrastructure-as-Code (e.g., Terraform). - Source Control & CI/CD: Familiarity with Git/GitHub usage, CI/CD systems,

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Delivery Hero SE? Share your experience