cybersecurity senior engineer

This position contributes to Starbucks global success by utilizing a variety of tools to investigate alerts and indicators of compromise, review log data, and assess operational health for the Starbucks Security platforms. This role will be based in EMEA with a reporting line into Seattle Support Centre. You should have strong problem-solving skills, excellent communication skills, a deep technical understanding of modern cybersecurity threats, and a validated track record of a hands-on approach to maturing defence capabilities in highly targeted environment at scale. Success for the role will be by contributing to the delivery of a world class cybersecurity program that is positioned to address, contain, and drive successful resolution to any cybersecurity situation.

Here, you'll achieve results by: * Detecting, assessing and responding to alerts and incidents

• Perform rapid triage to determine severity, validity, and urgency of alerts
• Follow SOC playbooks and SOPs to ensure consistent triage and decision-making
• Creates custom detections aligned to the MITRE ATT&CK Framework
• Review and audit available logging to determine potential gaps in detection capabilities
• Reviews threat intel reports and feeds, makes recommendations for profile or toolset changes based on reviews
• Hunts for new threats and perform data analytics to surface activity not seen within the environment
• Performs in-depth investigations on Windows, Linux, and MacOS hosts
• Write stories for engineers to improve our SOAR environment
• Support the improvement of SOC processes through feedback and operation observations
• Acts as a mentor and escalation point for SOC engineers
• Tune security tool configuration to minimize false positives
• Collaborate with security leadership, engineering, and compliance to execute security strategies
• Assess our current cloud security and propose improvements or solutions
• Serve as a subject matter expert for security tools, applications, and processes

Here, you'll contribute to our shared success by:

• Collaborating across diverse teams and cultures with empathy and openness.
• Communicating effectively across all levels of the organization.

Do you have experience in macOS?, * Having a strong understanding of large enterprise / corporate technology, as well as retail and/or hospitality sector technologies

• Showing strong communication and influencing skills, credible with stakeholders and cross-functional teams
• Having experience working in matrixed organisations and collaborating across internal and external ecosystems, Extensive experience in information technology disciplines. Strong background in security operations Deep technical understanding of modern Cybersecurity threats Ability to quickly learn new cybersecurity concepts Understanding of the MITRE ATT&CK framework and the ability to create detections based on analysis of attacker tools & techniques using this framework Proficient in programming with at least one modern language such as Python, Powershell, C#, Ruby, Java, Rust, Go Experience with the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security Basic understanding of compliance and regulatory requirements such as SOX and PCI. Ability to balance multiple priorities and meet deadlines Excellent problem-solving abilities Passionate about cybersecurity and self-driven to become an expert

Additional Qualifications

• Proficiency in two or more of the following technologies: SIEMs, WAFs, IDS/IPS, EPP, EDR, FIM, DLP, Cloud Security, Container Security
• Proficiency in two or more of the following pillars: Phishing, DLP, Compliance, Networking, Forensics, Big Data, Threat Intel, Operating Systems, Reverse Engineering
• Contributes back to the cybersecurity community through teaching or through code
• Certifications such as CISSP, SSCP, GCIH or others focused on cybersecurity

• We have a flexible working policy. Meaning 25% of the time we collaborate with each other in our West London office and the rest of the time you may choose to work remotely.
• We also actively encourage partners to spend time in our stores. We believe it is essential we all understand the customer and 'Green Apron Partner' Starbucks experience.
• The position includes occasional travel to our Seattle Support Centre / United States, representing roughly 5-10% of annual working time.

Standard working hours for this role are Monday to Friday, 08:00-16:30. We value flexibility and offer it in return -recognising that balance looks different for everyone