Response Engineer - CMDC

Available Location - Bengaluru

About the Department

Cloudforce One is Cloudflare's threat operations and research team, responsible for identifying and disrupting cyber threats ranging from sophisticated cyber criminal activity to nation-state sponsored advanced persistent threats (APTs). Cloudforce One works in close partnership with external organizations and internal Cloudflare teams, continuously developing operational tradecraft and expanding ever-growing sources of threat intelligence to enable expedited threat hunting and remediation. Members of Cloudforce One are at the helm of leveraging an incredibly vast and varied set of data points that only one of the world's largest global networks can provide. The team analyzes these unique data points at massive scale and efficiency, synthesizing findings into actionable threat intelligence to better protect our customers.

About INTERDICT

I.N.T.E.R.D.I.C.T. (Identify, Neutralize, Triage, Engage, Respond, Disrupt, Integrate, Contain, Threat Hunting) is Cloudforce One's unified operational security organization responsible for identifying, analyzing, and responding to threats targeting Cloudflare and its customers. INTERDICT encompasses three main sub-functions:

• PhishGuard: Managed email threat detection and response service
• Cloudflare Managed Defense (CMD): Network and application security monitoring for 'Under Attack' mitigation support.
• Detection Engineering: ML model development and detection optimization

Together, INTERDICT provides comprehensive 24×7×365 protection across email, application, and network threat surfaces.

Role Summary

Response Engineer within the Cloudflare Managed Defense Center (CMDC) provides front-line technical monitoring and threat mitigation for Cloudflare’s premium enterprise customers. In this role, you will proactively monitor internal alerting systems to identify, analyze, and mitigate real-time security events across OSI Layers 3, 4, and 7. Working alongside senior engineers and operational teams, you will execute established runbooks to protect complex customer infrastructure from sophisticated DDoS and application-layer attacks. We are looking for a collaborative, analytical professional who remains calm under pressure and is eager to develop their security expertise within a fast-paced environment.

Role Responsibilities

• Monitor and investigate proactive security alerts via internal telemetry systems to rapidly identify ongoing infrastructure and application-layer attacks.
• Apply appropriate mitigation steps and filter malicious traffic using Cloudflare’s core security tools, including Magic Transit, Web Application Firewall (WAF), and Rate Limiting.
• Review incoming alerts to determine urgency, scope, and validity, while accurately maintaining incident tracking tickets for necessary escalations.
• Communicate technical updates clearly and professionally with enterprise customers via chat, email, and phone during active security incidents.
• Adhere to strict customer SLAs for alert response times, event analysis, and ongoing operational communications.
• Maintain and update customer-specific runbooks, threshold rules, and escalation matrices to ensure seamless incident execution.
• Collaborate with internal Engineering and Product teams to provide feedback on tools and suggest improvements for alert rules.

Role Requirements (Must-Have Skills)

• A minimum of 2–5 years of relevant hands-on experience in a Security Operations Center (SOC), technical support engineering, or network operations environment.
• Strong foundational understanding of networking principles and internet protocols, including TCP/IP, UDP, ICMP, DNS, and BGP.
• Experience analyzing network traffic data for anomaly detection and executing basic mitigation protocols against L3/L4 or L7 attacks.
• Professional proficiency using the command line (Bash shell) alongside general system administration literacy across Linux, Mac, or Windows environments.
• Proven customer-facing technical support experience, with the communication skills required to assist stakeholders during high-pressure incidents.

Nice-to-Have Skills

• Hands-on experience with packet capture and network analysis tools such as tcpdump or Wireshark.
• Foundational scripting skills (Python preferred) to assist in automating basic operational workflows.
• Familiarity with querying datasets via APIs/GraphQL or monitoring performance metrics inside Prometheus and Grafana dashboards.
• Relevant industry certifications, such as CompTIA Security+, CCNA, or foundational GIAC credentials (e.g., GCIA).