Job Summary:
Cloudflare is a company on a mission to help build a better Internet, operating one of the world’s largest networks. The Response Engineer for PhishGuard will be responsible for identifying and defeating sophisticated email-borne cyber threats, collaborating with various internal teams to enhance security measures and protect global organizations.
Responsibilities:
• Conduct continuous, real-time monitoring of email threat queues to review and analyze sophisticated attacks flagged by Cloudflare Email Security automated systems.
• Investigate customer-reported submissions, execute proactive threat hunts targeting emerging patterns, and perform manual retraction or quarantine of verified malicious emails.
• Provide critical feedback to Detection Engineering to update machine learning models and contribute novel campaign data to global intelligence repositories.
• Identify nuanced threat patterns by correlating technical telemetry with behavioral indicators, generating detailed threat dossiers for impending organizational risks.
• Deliver direct crisis intervention and proactive phone notifications to customers regarding high-dollar BEC threats and active insider risks.
• Lead technical onboarding sessions for new customers, configuring internal system instances with bespoke detection rules, thresholds, and custom allow/block lists.
• Guide customers through their multi-year DMARC implementation journey toward strict "Reject" policy enforcement by conducting SPF and DKIM alignment audits.
Qualifications:
Required:
• Undergraduate degree in Computer Science, Information Security, Information Systems, or equivalent practical experience.
• 5+ years of experience tracking and analyzing complex cyber campaigns utilizing technical indicators such as Domains, IP Addresses, and email headers.
• Proven expertise analyzing, investigating, and defending against highly targeted phishing, invoice fraud, and Business Email Compromise (BEC) attacks.
• Deep working knowledge of core email authentication protocols (SPF, DKIM, DMARC) and aggregate/forensic data interpretation.
• Hands-on experience utilizing AI LLM tools (such as OpenCode or Windsurf) to develop automations for daily analysis and productivity workflows.
• Excellent verbal and written English communication skills, with a strong ability to translate complex technical threats into actionable business intelligence for executive stakeholders.
Preferred:
• Relevant industry certifications such as GCIH, GCIA, CEH, Security+, or equivalent.
• Technical familiarity with regular expressions, YARA rules, SQL query formulation, and malicious file format analysis (e.g., Microsoft Office Documents, Adobe PDFs).
• Prior experience working within managed security services (MSSP) or customer-facing security consulting environments.
• Familiarity with the broader Cloudflare ecosystem, including Cloudflare Email Security, WAF, and Zero Trust architectures.
Company:
Cloudflare is a web performance and security company that provides online services to protect and accelerate websites online. Founded in 2009, the company is headquartered in San Francisco, USA, with a team of 1001-5000 employees. The company is currently Late Stage.