Bloomreach is hiring a Staff Security Engineer

Role Overview

As a Staff Security Engineer, you will play a central role in shaping and maintaining the security posture of cloud infrastructure across AWS and GCP. You'll be responsible for defining data architecture strategy, implementing robust security controls, and ensuring comprehensive visibility through SIEM systems and telemetry. This position requires deep technical expertise, strong leadership, and the ability to drive security initiatives from concept to execution.

Key Responsibilities

• Define and maintain current and future-state data architectures with clear reporting mechanisms
• Design, deploy, and monitor security controls for cloud environments using AWS and GCP
• Operate, configure, and secure SIEM platforms, including rule development and alert tuning
• Lead incident response efforts, conduct root cause analysis, and manage vulnerability lifecycles
• Develop and maintain detection rules, incident playbooks, and automated response workflows
• Perform threat modeling and apply adversary-based testing to improve defensive strategies
• Build and validate secure Infrastructure as Code using policy-as-code and static scanning
• Integrate telemetry sources and ensure coverage across critical systems
• Implement network security controls including firewalls, WAFs, and URL filtering solutions
• Automate security tasks using Python, Go, or Bash for detection, enrichment, and remediation
• Enforce security baselines in CI/CD pipelines and ensure compliance through automated guardrails
• Collaborate with engineering teams to embed security standards into development workflows
• Lead engagement with external researchers and manage vulnerability disclosure processes
• Mentor junior engineers and contribute to team-wide knowledge sharing
• Measure and report on security efficacy, including MTTR and remediation rates
• Develop and maintain security runbooks, standards, and operational documentation

Qualifications

You bring at least six years of hands-on experience in security engineering with strong proficiency in cloud platforms, network security, and automation. You have practical experience with SIEM operations, vulnerability management, and Infrastructure as Code. You communicate effectively across technical and non-technical audiences and have a proven ability to lead initiatives and mentor others.

Preferred certifications include AWS Security Specialty, Google Cloud Security, CISSP, CCSP, CCSK, or Splunk administration credentials.

Work Environment

This role operates in a virtual-first, hybrid model with flexibility to work remotely across Central and Eastern Europe or from offices in Bratislava, Brno, or Prague. The environment emphasizes trust, autonomy, and results over rigid processes. You’ll benefit from flexible hours, a global team culture, and opportunities for personal and professional development.

Benefits & Development

• Fully remote-friendly with flexible scheduling
• Annual $1,500 budget for courses, books, and certifications
• Access to leadership and personal development programs
• Employee Assistance Program and subscription to the Calm meditation app
• Quarterly DisConnect days for team-wide rest and recovery
• Support for yoga, sports, and wellness activities
• Extended parental leave up to 26 weeks for primary caregivers
• Restricted Stock Units and company performance bonuses
• Immediate referral bonuses up to $3,000
• Annual recognition of work anniversaries
• Global events fostering cross-cultural connection