Staff Security Engineer

• We're taking autonomous search mainstream, making product discovery more intuitive and conversational for customers, and more profitable for businesses.
• We’re making conversational shopping a reality, connecting every shopper with tailored guidance and product expertise — available on demand, at every touchpoint in their journey.
• We're designing the future of autonomous marketing, taking the work out of workflows, and reclaiming the creative, strategic, and customer-first work marketers were always meant to do.

The Staff Security Engineer owns current and target-state data architectures and reporting while also designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls; deploying, securing, configuring, and operating SIEM and other security resources; identifying, triaging, and remediating infrastructure and web vulnerabilities; leading incident triage and external-researcher engagement; and mentoring junior staff. 

Your salary starts from €4000 gross per month with restricted stock units and other benefits included. You can work in one of our Central Europe offices (Bratislava, Brno, Prague) or from home in Central and Eastern Europe on a full-time basis.

Role summary and core responsibilities 

6+ years of relevant experience; candidates must demonstrate proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management; practical IaC and scripting for automation; strong cross-functional and external communication; and experience mentoring junior staff.

Technical Skills:

• Hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC.
• SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM; author and test detection rules and playbooks; integrate data sources; and operate with SLA-driven alerting and incident workflows.
• Vulnerability and incident lifecycle ownership: identify, triage, and remediate infrastructure and web vulnerabilities 
• Drive CVE lifecycle management and patching:  perform root cause analysis and measure MTTR and remediation rates.
• Network, web, and endpoint protections: design and manage firewalls, WAFs, cloud network controls, URL/web filtering, with demonstrable operational experience.
• Secure automation and tooling: author automation for detection, alert enrichment, and remediation; build or extend security tooling using scripting or languages such as Python, Go, or Bash.
• Infrastructure as code and secure CI pipelines: implement guardrails and policy-as-code in CI/CD pipelines, perform static IaC scanning, and enforce security baselines before deployment.
• Detection, telemetry, and observability: define logging and telemetry requirements, ensure coverage for critical assets, and validate detection efficacy and alert fidelity.
• Security standards, playbooks, and enforcement: develop, document, and operationalize organization-wide security standards, runbooks, and playbooks; partner with engineering pillars to ensure adoption.
• Threat-informed defensive engineering: apply threat modeling and adversary-focused testing to guide controls, detection, and resilient designs.
• Cross-functional and external communication: communicate clearly with engineering teams, leadership, external researchers, and customers; lead vulnerability disclosure and researcher engagement.
• Mentorship and prioritization: mentor junior engineers, prioritize security projects based on risk and business impact, and drive continuous improvement of infrastructure security posture.
• Familiarity with frameworks and common weaknesses: working knowledge of CIS/NIST, common security libraries and controls, and typical flaws exploited in infrastructure and web applications.

Skills and qualifications:

• AWS Certified Security 
• Google Professional Cloud Security Engineer
• Splunk Certified Admin or Splunk Certified Enterprise Security Admin
• CISSP (Certified Information Systems Security Professional)
• Certified Cloud Security Professional (CCSP)
• Cloud Security Alliance CCSK

More things you'll like about Bloomreach:

Culture:

• A great deal of freedom and trust. At Bloomreach we don’t clock in and out, and we have neither corporate rules nor long approval processes. This freedom goes hand in hand with responsibility. We are interested in results from day one. 
• We have defined our 5 values and the 10 underlying key behaviors that we strongly believe in. We can only succeed if everyone lives these behaviors day to day. We've embedded them in our processes like recruitment, onboarding, feedback, personal development, performance review and internal communication. 
• We believe in flexible working hours to accommodate your working style.
• We work virtual-first with several Bloomreach Hubs available across three continents.
• We organize company events to experience the global spirit of the company and get excited about what's ahead.
• We encourage and support our employees to engage in volunteering activities - every Bloomreacher can take 5 paid days off to volunteer*.
• The Bloomreach Glassdoor page elaborates on our stellar 4.4/5 rating. The Bloomreach Comparably page Culture score is even higher at 4.9/5

Personal Development:

• We have a People Development Program -- participating in personal development workshops on various topics run by experts from inside the company. We are continuously developing & updating competency maps for select functions.
• Our resident communication coach Ivo Večeřa is available to help navigate work-related communications & decision-making challenges.*
• Our managers are strongly encouraged to participate in the Leader Development Program to develop in the areas we consider essential for any leader. The program includes regular comprehensive feedback, consultations with a coach and follow-up check-ins.
• Bloomreachers utilize the $1,500 professional education budget on an annual basis to purchase education products (books, courses, certifications, etc.)*

Well-being:

• The Employee Assistance Program -- with counselors -- is available for non-work-related challenges.*
• Subscription to Calm - sleep and meditation app.*
• We organize ‘DisConnect’ days where Bloomreachers globally enjoy one additional day off each quarter, allowing us to unwind together and focus on activities away from the screen with our loved ones.
• We facilitate sports, yoga, and meditation opportunities for each other.
• Extended parental leave up to 26 calendar weeks for Primary Caregivers.*

Compensation:

• Restricted Stock Units or Stock Options are granted depending on a team member’s role, seniority, and location.*
• Everyone gets to participate in the company's success through the company performance bonus.*
• We offer an employee referral bonus of up to $3,000 paid out immediately after the new hire starts.
• We reward & celebrate work anniversaries -- Bloomversaries!*

(*Subject to employment type. Interns are exempt from marked benefits, usually for the first 6 months.)

Excited? Join us and transform the future of commerce experiences!

If this position doesn't suit you, but you know someone who might be a great fit, share it - we will be very grateful!

Any unsolicited resumes/candidate profiles submitted through our website or to personal email accounts of employees of Bloomreach are considered property of Bloomreach and are not subject to payment of agency fees.

#LI-Remote