As the world’s pioneering local delivery platform, our mission is to deliver an amazing experience, fast, easy, and to your door. We operate in around 65 countries worldwide powered by tech, designed by people. As one of Europe’s largest tech platforms, headquartered in Berlin, Germany. Delivery Hero has been listed on the Frankfurt Stock Exchange since 2017 and is part of the MDAX stock market index. We enable creative minds to deliver solutions that create impact within our ecosystem. We move fast, take action and adapt. No matter where you're from or what you believe in, we build, we deliver, we lead. We are Delivery Hero.

As a Staff Security Engineer within our CSIRT Team, you will be accountable for leading our most critical, complex, and high-impact security incidents end-to-end across a global, high-transaction food delivery and quick-commerce platform handling millions of daily orders. As a business spanning logistics, e-commerce, and FinTech, our environment is highly regulated, in this role you will navigate the complexities of global compliance frameworks while ensuring rapid, effective incident mitigation.

You will operate at the intersection of a hands-on technical practitioner and a strategic leader, making high-consequence decisions during times of ambiguity. We are looking for someone with a strong 'builder mindset'. You don't just respond to security incidents; you approach operational bottlenecks as engineering problems. You will build systems, develop custom tooling, and architect automated workflows to relentlessly eliminate manual toil and scale our response capabilities, ultimately setting the standard for engineering excellence and fostering a security mindset across the organization.

Your mission:

• Incident Commander: Serve as the single accountable leader during active responses for high-severity incidents, directing investigative focus from detection through recovery while maintaining a calm and decisive demeanor under pressure. You will ensure our response strategies and forensic evidence gathering align with strict reporting requirements for GDPR, PCI-DSS, NIS2, DORA, MAS TRM, and other regional mandates.

• Post-Incident Reviews & Remediation: Lead blameless post-incident reviews to ensure continuous improvement, durable engineering solutions, and systemic resilience. 

• Stakeholder Communication: Serve as the primary interface to stakeholders during critical security incidents, translating complex technical realities into clear risk, impact, and decision frameworks.

• Engineering-Led Response & Automation: Design and develop in-house solutions, automated workflows, and scalable systems to eliminate repetitive processes, reduce triage time, and continuously improve the overall quality and efficiency of our security incident response operations.

• Mentorship & Leadership: Act as a hands-on technical leader and role model, actively mentoring teams and individuals within your domain to raise the overall technical bar and share your experience.

• Metrics & Strategic Visibility: Have a Data-Driven Strategic mindset to define, track, and improve core operational metrics (MTTD, MTTR) to identify systemic gaps and propose strategic, long-term security investments.

• Organizational Readiness & Tabletop Exercises: Proactively design and facilitate complex, realistic tabletop simulations and purple team engagements to stress-test our playbooks, uncover detection blind spots, and train the wider security and engineering organizations.

• On-Call: Participate in a predictable on-call rotation as an Incident Responder, leading the charge on high-severity, out-of-hours escalations.

• 7+ years of broad cybersecurity experience with a deep understanding of core security fundamentals, coupled with 5+ years of dedicated experience in a SOC or CSIRT environment.

• Incident Commander Experience: Proven track record acting as a Security Incident Commander, confidently managing incident timelines, decisions, and cross-functional communications during complex security events.

• Deep Security Incident Response Expertise: Mastery of the full incident lifecycle and hands-on playbook creation for complex, high-availability hybrid-cloud environments, distributed microservices, and platforms processing vast amounts of PII and payment data.

• Security Tooling Mastery: Operational expertise with SIEM, EDR, Cloud Security platforms, SOAR, and WAF/DDoS protection solutions.

• Software Engineering & Tooling (Builder Mindset): Advanced proficiency in writing production-quality code (e.g., Python, Go, Rust) to build scalable in-house solutions. 

• Cloud-Native Security: Hands-on experience securing and responding to incidents across public cloud platforms (AWS, GCP) and cloud-native technologies like Kubernetes, Docker, and Infrastructure-as-Code (e.g., Terraform).

• Source Control & CI/CD: Familiarity with Git/GitHub usage, CI/CD systems, and modern SecOps workflows.

• Strategic Leadership: An exceptional communicator with the ability to influence cross-functional stakeholders and simplify complex systems across domains without requiring formal authority.

Nice to have:

• Investigative Depth: Digital forensics skills and hands-on experience integrating Threat Intelligence to anticipate attacks and proactively hunt for threats.

• Malware Analysis & Reverse Engineering: Proven skills in static and dynamic (runtime) malware analysis, reverse engineering, and analyzing malicious payloads within isolated sandbox environments.

• Web/Mobile Security: Strong background in Web and Mobile application security, understanding complex API architectures, modern authentication frameworks, and defending against high-volume automated attacks (e.g., credential stuffing, scraping).

• AI & Next-Gen Tooling: Experience integrating AI/LLM capabilities and MCP (Model Context Protocol) usage into Incident Response for automated evidence summarization, data enrichment, or investigation.

• Regulated Environment Expertise: Deep operational understanding of global cybersecurity and privacy frameworks (e.g., PCI-DSS, GDPR, NIS2, DORA, MAS TRM). You know how to balance aggressive incident containment with the legal and forensic requirements necessary for regulatory compliance and breach notification.

• Relevant Technical Certifications: Active or in-progress industry-recognized technical certifications focused on incident handling, forensics, or offensive security (e.g., GIAC GCIH/GCFA/GCIA, CISSP, OSCP).

Ensuring you and all our Heroes are looked after, happy, and healthy is always on the menu. Because if you’re in good shape, then we’re in good shape.

• Make the most of our hybrid working model and join the team for face-to-face connection and collaboration in our beautiful Berlin campus 2 days a week

• We offer 27 days holiday

• We will support you in developing yourself and your career growth opportunities: 1.000 € Educational Budget, Language Courses, Parental Support, access to the Udemy Business platform to explore a variety of online courses

• Get moving and release those wonderful, mind-boosting endorphins: Health Checkups, Mindfulness and Gym & Bicycle Subsidy

• The power of getting together over some food is unrivalled. Here are a few ways to help you do that. All the yum: Digital Meal Vouchers, Food Vouchers, Corporate Discounts. Courses and access to Internal Housing Hub

Ready to join our team? If you’re excited to grow, collaborate and be part of the world’s leading delivery platform, we’d love to hear from you. Apply today!

We believe diversity and inclusion are key to creating not only an exciting product, but also an amazing customer and employee experience. Fostering this starts with hiring - therefore we do not discriminate on the basis of racial identities, religious beliefs, color, national origin, gender identities or expressions, sexual orientations, age, marital or disability statuses, or any other aspect that makes you, you.

We encourage you to let us know if you need any accommodations or specific accessibility support to ensure a smooth interview experience—just let us know with an email to our Inclusion Officer at [email protected].

Severely disabled applicants with equal qualifications will be given preferential consideration.

You're welcome to share your pronouns (he/she/they) right from the start so we can address you respectfully from our first contact.

We believe diversity and inclusion are key to creating not only an exciting product, but also an amazing customer and employee experience. Fostering this starts with hiring - therefore we do not discriminate on the basis of racial identities, religious beliefs, color, national origin, gender identities or expressions, sexual orientations, age, marital or disability statuses, or any other aspect that makes you, you.

We encourage you to let us know if you need any accommodations or specific accessibility support to ensure a smooth interview experience—just let us know with an email to our Inclusion Officer at [email protected].

Severely disabled applicants with equal qualifications will be given preferential consideration.

You're welcome to share your pronouns (he/she/they) right from the start so we can address you respectfully from our first contact.