Skip to content
CloudflareCloudflareUnited States

Detection & Mitigation Engineer

Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.

Salary not listed
HybridSecurity Engineering

About the role

Responsibilities

  • Identify, track, and defeat sophisticated threats and abuse across Cloudflare's platform in real-time.
  • Examine and mitigate threats leveraging emerging technologies to build detections protecting millions from attacks and abuse.
  • Identify Tactics, Techniques, and Procedures (TTPs) of ongoing and evolving cyber attacks.
  • Collaborate with team members to develop new ways to present and interact with unique insights.
  • Track and analyze cyber campaigns using technical Indicators of Compromise (IOCs).
  • Synthesize technical information and document it for non-technical audiences through graphical and verbal means.
  • Communicate actionable threat intelligence to technical and executive stakeholders.
  • Share knowledge and mentor others.

Requirements

  • Experience in data analysis, metadata analysis, or network traffic analysis.
  • Passion for analyzing attacker TTPs at varying levels.
  • Ability to understand latest security trends related to platform threats and abuse.
  • Experience using comprehensive data analysis platforms and rule configuration.
  • Understanding of cyber threat landscape, cyber intelligence, threat actors and techniques.
  • Working knowledge of SQL and devising SQL queries.
  • Python or other scripting experience.
  • Strong oral and written communication skills.
  • Desire to learn, improve, share knowledge, and mentor.

Nice-to-Haves

  • Working knowledge of specific platform/product authentication protocols (e.g., email, network, application) and related header/log analysis.
  • Experience analyzing, tracking, and defending against phishing, malware, and abuse.
  • Strong understanding of cyber threat landscape with expertise in APT groups.
  • Working knowledge of OSI Layers.
  • Working knowledge of TCP/UDP/ICMP, DNS, HTTP/HTTPS, SMTP/SMTPS, SSH/SFTP/SCP, FTP.
  • Familiarity with regular expressions for tracking malicious activity.
  • Vibe coding experience for building tools and applications.
  • Experience with detection development using YARA, Snort, Suricata, or equivalent.
  • BS in Computer Science, Information Technology, Information Security, Computer Security or Information Systems.

Compensation and Benefits

  • Eligible to participate in Cloudflare’s equity plan.
  • Medical, dental, and vision insurance.
  • 401(k) plan with company match.
  • Flexible paid time off.
  • Fertility & family-forming benefits.

Skills

SQLPythonYaraSnortSuricataData AnalysisNetwork Traffic AnalysisThreat IntelligenceRegular ExpressionsTCP/IPDNSHttp
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k
HybridSecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k
RemoteSecurity Engineering
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k
On-site3+ YOESecurity Engineering
Anthropic

Red Team Engineer, Safeguards

AnthropicSan Francisco, CA

Red Team Engineer on Anthropic's Safeguards team performing adversarial testing and full kill-chain attacks on AI products to uncover vulnerabilities, jailbreaks, and novel abuse vectors before malicious exploitation. Requires strong pen-testing, red teaming, and LLM-specific security experience.

320k – 405k
Remote5+ YOESecurity Engineering