At Deliveroo, it is our mission to build the definitive food company. To do that, we’re building a company where everyone can belong, grow, and do the best work of their lives.
As a Security Operations Automation Specialist (Security Operations Specialist), you’ll be part of a growing Security Operations team focused on detecting attacks against an ever-advancing cyber threat landscape with automation at the heart of everything we do. You’ll be responsible for engineering our security processes, supporting threat detection capabilities, and providing effective workflows for our incident response, forensics, and threat intelligence processes spanning the breadth of the cyber kill chain. While we have some practices in place, you’ll need to help design and mature security processes and technology requirements across the business to support our security maturity journey best.
The role is a unique opportunity to be part of the overall Security strategy where you can harness our existing process and technology investments and bring new ways of working to help us protect our employees, customers, riders, and restaurants. As we continue to grow our business, your specialist capabilities will play a key part in our story.
What you’ll be doing
- Contributing to our real-time security threats and incidents processes, as part of the Security Operations and Response acting as a first security line-of-defense.
- Developing detection and response use-cases leveraging our real-time security tooling capabilities and business processes to identify suspicious activity across Deliveroo’s cloud-based and SaaS environments
- Automating detection workflows for effective alert triage and IR management process to help mitigate, enrich and help respond to threats
- Identifying threat detection domains based on frameworks (NIST, MITRE) and metrics derived from existing operations.
- Collaborating with multiple stakeholders across the business to develop efficient security and time saving automation capabilities
- Developing Infrastructure-as-code processes and contribute to the engineering of global security infrastructure configurations
- Retaining security operations playbooks and guidance for threat cases used by the Security Operations and Response team
- Supporting the development of orchestration and automation across key platforms to streamline security incident response processes
- Keeping up to date with current security trends, advisories, publications, and security research across the threat landscape
Requirements
- Demonstrable hands-on experience as part of Security Operations/Incident Response/Security Engineering/Automation teams using monitoring platforms and identifying efficient ways to triage real-time alerts
- Proven experience building threat detection capabilities in a cloud-centric, fast-moving organization
- Hands-on experience writing complex Splunk and SQL queries
- Demonstrated experience in Automation/Coding experience i.e. Python, Go
- Demonstrated experience with IaC configuration management i.e. Terraform, JSON, YAML/YARA-L
- Practical experience operating defensive security solutions
- Demonstrable experience in system administration, particularly across Linux
- Proven knowledge of optimal cloud security configurations, particularly across AWS
- Exceptional communication skills and a collaborative, knowledge-sharing mindset
- Familiarity with security compliance standards and frameworks
- Capable of working well both independently and collaboratively, while keeping calm under the pressure of an incident with a potentially high impact on the business
- Experience in a DevOps environment with familiarity with CI/CD pipelines
- Experience in operating-based platforms and usage of audit logging
- Expert at distilling clarity from complex situations to brief stakeholders at all levels of technical knowledge
- Supporting security incidents and also helping mentor and train more Security Analysts
- Understaing security threats and attack vectors
- Supporting and maintaining Security tooling
- Coordinating with the UK central security function as needed
Preferred, but not required
- Natural leadership with experience in technical project management
- Able to act as lead incident handler when required and manage high-priority incidents
- Experience in engineering solutions to/from data lakes, focusing on storage and retention
- Experience with web and mobile app offensive security techniques
- Experience with Google Workspace
- Hands-on experience with container technologies and orchestration services
- Knowledge of cloud security data encryption standards and principles
Why Deliveroo?
Our mission is to be the definitive food company. We are transforming the way the world eats by making food more convenient and accessible. We give people the opportunity to eat what they want, when and where they want it.
We are a technology-driven company at the forefront of the most rapidly expanding industry in the world. We are still a small team, making a very large impact, and seeking to answer some of the most interesting questions out there. We move fast, value autonomy and ownership, and we are always looking for new ideas.
Workplace & Diversity
At Deliveroo, we know that people are the heart of the business, and we prioritize their welfare. We offer a wide range of competitive benefits in areas including health, family, finance, community, convenience, growth, and relocation.
We believe a great workplace represents the world we live in and how beautifully diverse it can be. That means we have no judgment when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion, or a secret aversion to coriander. All you need is a passion for (most) food and a desire to be part of one of the fastest-growing startups in an incredibly exciting space.
Please click here to view our candidate privacy policy.