Response Engineer - Phishguard

Cloudflare Cloudflare · Enterprise · Austin, TX · Security

This role is part of Cloudflare's threat operations and research team, focusing on identifying and disrupting sophisticated email-borne cyber threats. The Response Engineer will monitor email threat queues, investigate customer submissions, and provide feedback to improve machine learning models. They will also use AI LLM tools for automation and develop threat dossiers. The role involves direct customer interaction for crisis intervention and guiding DMARC implementation.

What you'd actually do

  1. Conduct continuous, real-time monitoring of email threat queues to review and analyze sophisticated attacks flagged by Cloudflare Email Security automated systems.
  2. Investigate customer-reported submissions, execute proactive threat hunts targeting emerging patterns, and perform manual retraction or quarantine of verified malicious emails.
  3. Provide critical feedback to Detection Engineering to update machine learning models and contribute novel campaign data to global intelligence repositories.
  4. Identify nuanced threat patterns by correlating technical telemetry with behavioral indicators, generating detailed threat dossiers for impending organizational risks.
  5. Deliver direct crisis intervention and proactive phone notifications to customers regarding high-dollar BEC threats and active insider risks.

Skills

Required

  • Undergraduate degree in Computer Science, Information Security, Information Systems, or equivalent practical experience.
  • 5+ years of experience tracking and analyzing complex cyber campaigns utilizing technical indicators such as Domains, IP Addresses, and email headers.
  • Proven expertise analyzing, investigating, and defending against highly targeted phishing, invoice fraud, and Business Email Compromise (BEC) attacks.
  • Deep working knowledge of core email authentication protocols (SPF, DKIM, DMARC) and aggregate/forensic data interpretation.
  • Hands-on experience utilizing AI LLM tools (such as OpenCode or Windsurf) to develop automations for daily analysis and productivity workflows.
  • Excellent verbal and written English communication skills, with a strong ability to translate complex technical threats into actionable business intelligence for executive

What the JD emphasized

  • 5+ years of experience tracking and analyzing complex cyber campaigns utilizing technical indicators such as Domains, IP Addresses, and email headers.
  • Proven expertise analyzing, investigating, and defending against highly targeted phishing, invoice fraud, and Business Email Compromise (BEC) attacks.
  • Deep working knowledge of core email authentication protocols (SPF, DKIM, DMARC) and aggregate/forensic data interpretation.
  • Hands-on experience utilizing AI LLM tools (such as OpenCode or Windsurf) to develop automations for daily analysis and productivity workflows.

Other signals

  • AI-native curiosity to create a solution using the latest tools
  • leveraging AI to ship faster today to make it better tomorrow
  • AI is a partner in solving tough problems
  • ML model development and detection optimization
  • AI LLM tools (such as OpenCode or Windsurf) to develop automations for daily analysis and productivity workflows