The Spotify Security team is looking to enhance our incident response capabilities with a hardworking and collaborative Security Engineer focused on incident management. If you thrive under the pressure of a well handled security incident, and enjoy the challenge of working with partners across the company to continuously improvise our containment and response efforts, then stop what you’re doing and apply!

What You'll Do

• You will drive the continuous improvement of Spotify's security incident management process, identifying areas for improvement and implementing changes.
• You will work with compliance teams and other collaborators to make sure our incident processes meet all compliance and regulatory requirements while staying lean and adaptable.
• You will use security technologies (e.g. SOAR, SIEM), communication platforms and our own automation tools to accelerate response, and ensure that other responders know how to best use these tools
• You will build new automation and response capabilities that accelerate investigation and response to incidents, allowing us to capitalize on our defender’s advantage
• You will coordinate scheduling for incident managers and responders to ensure adequate coverage and readiness.
• You will develop, coordinate, and deliver training programs for incident managers and responders to ensure a high level of incident readiness.
• You will be responsible for and participate in the response to security incidents, ensuring fast response, alignment to processes, and documentation of opportunities for improvement.
• You will collaborate closely with diverse collaborators, including IT, infrastructure, legal and communications to ensure a coordinated approach to security incident management.

Who You Are

• You have significant experience and a strong interest in effective security incident management, including leading response efforts, process development and automation.
• You have a shown understanding of incident response frameworks (e.g. NIST, SANS) and standard processes.
• You have a passion for automation, and the ability to effectively build tooling that combines automated response actions with human judgement
• You have the skills to build automations and tools to aid response, and a sufficiently broad understanding of cloud and endpoint security to know where to focus
• You can think like an attacker, and understand how to respond to new and novel attacks that cross organizational and cloud boundaries
• You have strong experience working with incidents in cloud environments such as GCP, AWS, or Azure
• You possess excellent organizational and communication skills, and are adept at collaborating with diverse teams and stakeholders across a global organization.
• You understand the current threat landscape and how it impacts incident response strategies in SaaS-oriented corporate IT environments

Where You'll Be

• This role is based in London or Stockholm.
• We offer you the flexibility to work where you work best! There will be some in person meetings, but still allows for flexibility to work from home.