The Staff Security Engineer at Bloomreach is responsible for owning current and target-state data architectures and reporting, designing and implementing cloud security controls, managing SIEM and security resources, triaging and remediating vulnerabilities, leading incident response, and mentoring junior staff. This role ensures a strong security posture across AWS and GCP environments while driving automation, detection engineering, and compliance with security standards.
What You'll Do
- Own current and target-state data architectures and reporting
- Design, implement, and monitor cloud (AWS/GCP) infrastructure security controls
- Deploy, secure, configure, and operate SIEM and other security resources
- Identify, triage, and remediate infrastructure and web vulnerabilities
- Lead incident triage and external-researcher engagement
- Mentor junior staff
- Design secure cloud architectures using AWS and GCP
- Perform threat modeling and apply platform-native controls
- Build and validate secure Infrastructure as Code (IaC)
- Deploy, configure, tune, and maintain SIEM systems
- Author and test detection rules and incident response playbooks
- Integrate data sources into SIEM
- Operate with SLA-driven alerting and incident workflows
- Drive CVE lifecycle management and patching
- Perform root cause analysis for vulnerabilities
- Measure MTTR and remediation rates
- Design and manage firewalls, WAFs, cloud network controls, and URL/web filtering
- Demonstrate operational experience with network, web, and endpoint protections
- Author automation for detection, alert enrichment, and remediation
- Build or extend security tooling using Python, Go, or Bash
- Implement guardrails and policy-as-code in CI/CD pipelines
- Perform static IaC scanning
- Enforce security baselines before deployment
- Define logging and telemetry requirements
- Ensure telemetry coverage for critical assets
- Validate detection efficacy and alert fidelity
- Develop, document, and operationalize organization-wide security standards
- Create and maintain runbooks and playbooks
- Partner with engineering teams to ensure adoption of security standards
- Apply threat modeling and adversary-focused testing to guide security controls
- Communicate clearly with engineering teams, leadership, external researchers, and customers
- Lead vulnerability disclosure programs and external researcher engagement
- Mentor junior engineers
- Prioritize security projects based on risk and business impact
- Drive continuous improvement of infrastructure security posture
What We're Looking For
- 6+ years of relevant experience
- Proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
- Practical experience with Infrastructure as Code (IaC) and scripting for automation
- Strong cross-functional and external communication skills
- Experience mentoring junior staff
Nice to Have
- AWS Certified Security
- Google Professional Cloud Security Engineer
- Splunk Certified Admin or Splunk Certified Enterprise Security Admin
- CISSP (Certified Information Systems Security Professional)
- Certified Cloud Security Professional (CCSP)
- Cloud Security Alliance CCSK
Technical Stack
- AWS
- GCP
- SIEM
- Splunk
- Python
- Go
- Bash
- Infrastructure as Code (IaC)
- CI/CD pipelines
- Static IaC scanning
- Firewalls
- WAFs
- URL filtering
- Web filtering
- Endpoint protection
- Logging and telemetry tools
- Detection engineering platforms
- Vulnerability management tools
- CVE lifecycle tools
Benefits & Compensation
- Freedom and trust with no clocking in and out or corporate rules
- Flexible working hours
- Virtual-first work model
- Access to Bloomreach Hubs across three continents
- Company events to experience global culture
- 5 paid days off annually for volunteering
- Participation in the People Development Program with internal workshops
- Access to communication coach Ivo Večeřa for work-related challenges
- Managers encouraged to join the Leader Development Program
- $1,500 annual professional education budget for books, courses, certifications
- Employee Assistance Program (EAP) for non-work-related challenges
- Subscription to Calm – sleep and meditation app
- Quarterly ‘DisConnect’ days (additional day off each quarter)
- Sports, yoga, and meditation opportunities
- Extended parental leave up to 26 calendar weeks for Primary Caregivers
- Restricted Stock Units or Stock Options depending on role, seniority, and location
- Company performance bonus participation
- Employee referral bonus of up to $3,000 paid immediately after new hire starts
- Celebration of work anniversaries (Bloomversaries)
Compensation: €4000 gross per month, Restricted stock units, Company performance bonus, employee referral bonus up to $3,000
Work Mode
Flexible working hours, virtual-first model, option to work from home or office. Locations: Bratislava, Brno, Prague, Central and Eastern Europe (remote).
Any unsolicited resumes/candidate profiles submitted through our website or to personal email accounts of employees of Bloomreach are considered property of Bloomreach and are not subject to payment of agency fees.
