Staff Security Engineer, GSOC
Back to Jobs
Delivery HeroGet Smart Job AI Coach in the appFree on iOS and Android 





Staff Security Engineer, GSOC
Location
Berlin, , Germany
Experience
Senior
Posted
Jul 7, 2026
Apply by
August 6, 2026
Applicants
0
Early applicantFull-timeHybrid
Job Description
## Company Description
As the world’s pioneering local delivery platform, our mission is to deliver an amazing experience, fast, easy, and to your door. We operate in around 65 countries worldwide powered by tech, designed by people. As one of Europe’s largest tech platforms, headquartered in Berlin, Germany. Delivery Hero has been listed on the Frankfurt Stock Exchange since 2017 and is part of the MDAX stock market index. We enable creative minds to deliver solutions that create impact within our ecosystem. We move fast, take action and adapt. No matter where you're from or what you believe in, we build, we deliver, we lead. We are Delivery Hero.
## Job Description
We are looking for a Staff Security Engineer, Global SOC (all genders) to join the Security Engineering domain on our journey to always deliver amazing experiences.
As a Staff Security Engineer within our Global SOC, you will be the technical anchor for our Security Monitoring and Threat Detection capabilities across a high-transaction food delivery and quick-commerce platform handling millions of daily orders. As a business spanning logistics, e-commerce, and FinTech, our environment is highly regulated, in this role you will build and govern the systems that ensure rapid, high-fidelity threat detection in compliance with global frameworks.
You will operate at the intersection of a hands-on technical practitioner and a strategic engineering leader. We are looking for someone with a strong 'builder mindset' who views threat detection as a software engineering discipline. Instead of staring at dashboards, you will architect and define our log pipelines, SIEM & SOAR infrastructure, and implement Detection Engineering methodologies as code. You will develop threat detection use cases, integrate Cyber Threat Intelligence, and build the automated triage workflows that seamlessly escalate validated, high-severity incidents to our CSIRT team for final containment. Ultimately, you will provide a robust, scalable detection platform globally.
**Your mission:**
- Detection & Platform Architecture: Architect, implement, strengthen and scale the Security Log Management (on AWS), SIEM and SOAR (Google SecOps) infrastructure. You will own the log ingestion pipelines, ensuring high availability, performance, and optimal retention based on business requirements.
- Engineering-Led Detection & Automation: Architect, build, and maintain log ingestion pipelines, detection rules (e.g., YARA-L), API integrations, and SOAR workflows & Plugins. You will lead the charge in treating "Detection as Code", ensuring all alerts and automated enrichments are version-controlled, tested, and deployed through CI/CD pipelines.
- Cyber Threat Intelligence: Establish and integrate CTI capabilities to drive an intelligence-led detection strategy. You will map detections to the MITRE ATT&CK framework and proactively hunt for threats specific to Delivery Hero and its entities.
- Triage & Escalation Engineering: Design high-fidelity alert workflows. For all security events, you will ensure our automated systems gather, enrich, and seamlessly conduct the right response and containment workflow.
- Stakeholder Communication: Serve as the primary interface between the Global SOC and Engineering teams, CISOs, and the CSIRT team, translating complex detection & response architectures, log ingestion pipeline requirements into clear technical and business terms.
- Mentorship & Leadership: Act as a hands-on technical leader and role model, actively mentoring detection engineers and regional security teams to raise the overall technical bar and promote a collective security mindset.
- Metrics & Strategic Visibility: Maintain a Data-Driven Strategic mindset to define, track, and improve core operational metrics (Log Pipeline Health, Alert Fidelity, True Positive Rates, MTTD) to identify systemic gaps and propose strategic security investments.
- On-Call: Participate in an on-call rotation focused on maintaining critical SIEM/SOAR infrastructure health, handling high-severity alert triage, and executing emergency escalations to CSIRT.
## Qualifications
**What you need to be successful:**
- 7+ years of broad cybersecurity experience with a deep understanding of core security fundamentals, coupled with 5+ years of dedicated experience in a SOC or Threat Detection Engineering environment.
- Security Tool Mastery: Deep operational and architectural expertise with modern SIEM & SOAR platforms (specifically Google SecOps / Chronicle), EDR and Cloud infrastructure (AWS/GCP),
- Engineering Skills: Proven experience utilizing Git/GitHub, CI/CD pipelines, to deploy rules, manage infrastructure and automation as code.
- CTI & Triage Workflows: Strong background in operationalizing Cyber Threat Intelligence and building scalable alert triage processes that reduce false positives and prevent alert fatigue.
- Strategic Leadership: An exceptional communicator with the ability to influence cross-functional stakeholders (Regional Security Teams, Platform Engineering) and simplify complex systems across domains without requiring formal authority.
- Advanced Threat Detection (Cloud, Identity & EDR): Proven deep operational experience triaging alerts and building high fidelity detections across public cloud environments (AWS/GCP), modern Identity Providers (e.g., Okta, Entra ID, Google Workspace), and EDR platforms (e.g., CrowdStrike, SentinelOne, Defender).
- AI & Next-Gen Tooling: Experience integrating AI/LLM capabilities and MCP (Model Context Protocol) usage into Threat Detection and SOAR for automated alert triage, payload analysis, or data enrichment (highly regarded skill).
**Nice to have:**
- Advanced Cyber Threat Intelligence: Experience building threat intel programs, managing intelligence platforms (e.g., MISP), and translating raw IOCs/TTPs into high-fidelity detection logic.
- Regulated Environment Expertise: Deep operational understanding of global cybersecurity and privacy frameworks (e.g., PCI-DSS, GDPR, NIS2, DORA, MAS TRM). You know how to implement logging, retention, and audit capabilities that meet strict regulatory compliance requirements.
- Relevant Technical Certifications: Active or in-progress industry-recognized technical certifications focused on security engineering, cloud architecture, or threat detection (e.g., AWS Certified Security/Solutions Architect, GCIA/GCDA/GMON, CISSP).
## Additional Information
Ensuring you and all our Heroes are looked after, happy, and healthy is always on the menu. Because if you’re in good shape, then we’re in good shape.
- *Make the most of our* [hybrid working model](https://careers.deliveryhero.com/delivery-hero/2025-9/hybrid-work-at-delivery-hero)*and join the team for face-to-face connection and collaboration in our beautiful Berlin campus 2 days a week*
- *We offer 27 days holiday with an extra day on 2nd and 3rd year of service*
- *We will support you in developing yourself and your career growth opportunities: 1.000 € Educational Budget, Language Courses, Parental Support and access to the Udemy Business platform to explore a variety of online courses.*
- *Get moving and release those wonderful, mind-boosting endorphins: Health Checkups, Meditation, Gym & Bicycle Subsidy*
- *Cash. Dough. Cheddar. Whatever you call it, we’ll help you with it: Employee Share Purchase Plan, Sabbatical Bank, Public Transportation Ticket Discount, Life & Accident Insurance, Corporate Pension Plan*
- *The power of getting together over some food is unrivaled. Here are a few ways to help you do that. All the yum: Digital Meal Vouchers, Food Vouchers, Corporate Discounts. Courses.*
- *Wondering what relocating to Berlin is like? In this article, we’ve put together*[10 things you should know about moving to Berlin](https://careers.deliveryhero.com/delivery-hero/2025-10/blogmoving-to-berlin-guide?utm_source=jobdescription&utm_medium=bullet+text&utm_campaign=JD+Enhancements) *and how Delivery Hero can support you. You can also visit our* [relocation hub](https://careers.deliveryhero.com/relocation-hub?utm_source=jobdescription&utm_medium=bullettext&utm_campaign=JD+Enhancements) *and check out more information about moving to Berlin.*
- *Ready to prepare for your interview? Check out the list of the* [5 most common interview questions and answers](https://careers.deliveryhero.com/delivery-hero/2025-10/the-5-most-common-interview-questions-and-how-to-answer-them?utm_source=jobdescription&utm_medium=bullettext&utm_campaign=JD+Enhancements)*created in collaboration with our recruiters.*
[Ready to join our team?](https://careers.deliveryhero.com/howwehire) If you’re excited to grow, collaborate and be part of the world’s leading delivery platform, we’d love to hear from you. Apply today!
We believe diversity and inclusion are key to creating not only an exciting product, but also an amazing customer and employee experience. Fostering this starts with hiring - therefore we do not discriminate on the basis of racial identities, religious beliefs, color, national origin, gender identities or expressions, sexual orientations, age, marital or disability statuses, or any other aspect that makes you, you.
We encourage you to let us know if you need any accommodations or specific accessibility support to ensure a smooth interview experience—just let us know with an email to our Inclusion Officer at inclusion@deliveryhero.cominclude it in your application.
Severely disabled applicants with equal qualifications will be given preferential consideration.
You're welcome to share your pronouns (he/she/they) right from the start so we can address you respectfully from our first contact.
We believe diversity and inclusion are key to creating not only an exciting product, but also an amazing customer and employee experience. Fostering this starts with hiring - therefore we do not discriminate on the basis of racial identities, religious beliefs, color, national origin, gender identities or expressions, sexual orientations, age, marital or disability statuses, or any other aspect that makes you, you.
We encourage you to let us know if you need any accommodations or specific accessibility support to ensure a smooth interview experience—just let us know with an email to our Inclusion Officer at inclusion@deliveryhero.com.
**Severely disabled applicants with equal qualifications will be given preferential consideration.**
You're welcome to share your pronouns (he/she/they) right from the start so we can address you respectfully from our first contact.
We believe diversity and inclusion are key to creating not only an exciting product, but also an amazing customer and employee experience. Fostering this starts with hiring - therefore we do not discriminate on the basis of racial identities, religious beliefs, color, national origin, gender identities or expressions, sexual orientations, age, marital or disability statuses, or any other aspect that makes you, you.
We encourage you to let us know if you need any accommodations or specific accessibility support to ensure a smooth interview experience—just let us know with an email to our Inclusion Officer at inclusion@deliveryhero.com.
**Severely disabled applicants with equal qualifications will be given preferential consideration.**
You're welcome to share your pronouns (he/she/they) right from the start so we can address you respectfully from our first contact.
Key Responsibilities
- Architect and scale Security Log Management, SIEM, and SOAR infrastructure on AWS and Google SecOps.
- Build and maintain log ingestion pipelines, detection rules, and SOAR workflows using Detection as Code principles.
- Integrate Cyber Threat Intelligence and map detections to the MITRE ATT&CK framework.
- Design high-fidelity alert workflows and automated triage processes for security events.
- Serve as the primary interface between the Global SOC, Engineering teams, and the CSIRT.
- Mentor detection engineers and regional security teams to raise technical standards.
- Define and track operational metrics such as Log Pipeline Health and Alert Fidelity.
- Participate in on-call rotation for critical infrastructure health and emergency escalations.
Skills Required
SIEMSOARGoogle SecOpsChronicleAWSGCPGitGitHubCI/CDYARA-LMITRE ATT&CKCyber Threat IntelligenceEDROktaEntra IDGoogle WorkspaceCrowdStrikeSentinelOneMicrosoft DefenderCommunicationLeadershipMentorshipStrategic thinkingProblem solvingInfluenceMISPPCI-DSSGDPRNIS2DORAMAS TRMAI/LLM integrationMCP (Model Context Protocol)
Benefits
- Hybrid working model
- 27 days holiday
- Educational Budget
- Language Courses
- Parental Support
- Udemy Business access
- Health Checkups
- Meditation
- Gym Subsidy
- Bicycle Subsidy
- Employee Share Purchase Plan
- Sabbatical Bank
- Public Transportation Ticket Discount
- Life & Accident Insurance
- Corporate Pension Plan
- Digital Meal Vouchers
- Food Vouchers
- Corporate Discounts
App exclusive · Free
Smart Job AI Coach
Your personal interview coach on every job — readiness tips, profile improvements, and role-specific prep. Available only in the Pulse Job app.
Interview readiness
See how prepared you are and what to improve for each role.
Personalized tips
Actionable suggestions based on your profile and the job.
After you apply
Keep coaching momentum from job detail through application success.
Similar roles for you
Matched using this role's title and skills. Open the job search anytime to see every listing.
Senior CSIRT Engingeer
Premium employer
110,000–130,000 / Year
PremiumFull-timeEasy applyWork from Home
Remote - United StatesSenior

Engineering Manager – Digital (CommBank App- Android/iOS)
Commonwealth Bank of Australia
Full-timeEasy applyHybrid
Sydney CBD AreaSenior

Senior DevOps Engineer (AWS), based in Da Nang
KMS Technology
Full-timeEasy applyHybrid
Da Nang CitySenior

Amazon Connect AWS Developer
Nationwide Mutual Insurance
Full-timeEasy applyHybrid
United KingdomSenior

DevOps : Profil Confirmé - Python, GCP, SQL, GITHUB - H/F - 5 ans expérience
Everience
38.500–55.500 / Year
Full-timeEasy applyHybrid
Marcq-en-BarœulMid

DevOps : Profil Confirmé - Python, GCP, SQL, GITHUB - H/F - 4-5 ans expérience
Everience
38.500–55.500 / Year
Full-timeEasy applyHybrid
Marcq-en-BarœulMid