Defensive Security Engineer


  • Location
    • Barcelona
  • Date Posted
  • 23 Jun 2020
  • Function
  • Tech Ops
  • Sector
  • Business Applications, Future Of Work

Typeform helps people collect data with engaging, friendly forms. And we know how important it is to protect that data in the most robust way possible.

That’s where you come in.

We’re looking for a highly motivated engineer with a knack for security monitoring, incident response, or forensics. You’ll defend Typeform’s information and infrastructure—and bring peace of mind to thousands of customers so they can focus on making great typeforms.

As a detection engineer, you’ll defend Typeform by helping to build and run a comprehensive threat detection program. You’ll improve logging coverage, fine tune log aggregation and analysis, and create watertight alerting systems.

Are you passionate about security? Could you detect and hunt for threats at scale? Do you know your Sumologic from your Splunk?

We’d love to hear from you.

The Role

Here’s what you’ll do:

  • Analyze the latest attacker techniques and find ways to detect them across the company's big range of environments and endpoints.
  • Define, implement, and fine tune our detection system and data sources to effectively handle malicious activity.
  • Work with the Engineering and Operations teams to create threat detection signals, provide new tooling, and improve their ability to respond quickly.
  • Analyze security data and report on threats and incidents across various platforms and environments.
  • Build automation to improve detection and response capabilities.
  • Continuously test the strength of our detectors and plug any gaps.
  • Pitch actions for OS hardening to the IT / Ops teams.
  • Train others and promote security awareness in the company.
  • Try to beat the high score on the arcade machine we built.


Here’s what we’re after:

  • You have a BS/MS/PhD in Computer Science, Information Systems, or equivalent experience.
  • You have an excellent understanding of—and experience in—a range of security areas like intrusion detection, incident response, malware analysis, and forensics.
  • You have experience detecting abuse and attacks in different environments.
  • You have experience with cloud environments (AWS preferred).
  • You’ve worked with multiple stakeholders such as engineering/operations teams, internal business units, and external incident response teams at every stage of an incident.
  • You have strong experience with Linux and/ or Windows at an admin level.

You know about all these detection-related disciplines, with experience in one or more:

  • Large scale analysis of log data using tools such as Splunk, Sumologic, or ELK.
  • File integrity system, memory, or live response on Windows, MacOS and/or Linux.
  • Analysis of network traffic from intrusion detection systems and flow monitoring systems.
  • Host-level detection with tools such as Auditd, SysMon and osquery.
  • Antivirus and EDR solutions.
  • Honeypot networks.

And for some added bonus points:

  • You have a security certification such as GIAC. Skills in the right area are just as beneficial.
  • You have software engineering experience with Python, Ruby, Go or other OOP languages.
  • You have experience with MITRE ATT&CK matrix testing, and building relevant mitigations to threats.
  • You’ve contributed to open source security projects and security conferences / meetups.
  • You have experience working in a startup, including relevant ping pong skills.