Cloudforce One REACT Principal Consultant

Cloudforce One REACT Principal Consultant

About Us

At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world’s largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures list and ranked among the World’s Most Innovative Companies by Fast Company.

Where you’ll be : Remote

About the team

Cloudforce One is Cloudflare’s threat operations and research team, responsible for identifying and disrupting cyber threats ranging from sophisticated cyber criminal activity to nation‑state advanced persistent threats (APTs). Working in close partnership with external organizations and internal Cloudflare teams, we continuously develop operational tradecraft and expand ever‑growing sources of threat intelligence to enable expedited threat hunting and remediation. Members use a vast and varied set of data points that only one of the world’s largest global networks can provide, efficiently analyze these data at scale, and synthesize findings into actionable threat intelligence to protect our customers.

About the role

We are seeking a talented Senior Manager, Incident Response to join our growing Cloudforce One organization. In this role you will build a proactive, threat‑intelligence‑driven approach to protecting Cloudflare and its customers from sophisticated and evolving threat actors. You will respond to customer security incidents in on‑premises and cloud environments, detect and disrupt cyber‑threat activity across customer networks, and engage with customers at all levels, including Executive, VP, and Director.

Responsibilities include :

Respond to customer security incidents in on‑premises and cloud environments.

Detect and disrupt cyber threat activity across customer networks and cloud environments.

Engage with customers at all levels, including Executive, VP, Director, and managerial levels.

Collaborate with forensic analysts, threat researchers, detection engineers, and malware analysts to discover and analyze cyber threat intrusions.

Identify Tactics, Techniques, and Procedures (TTPs) of ongoing threat activity to protect the Cloudflare customer base.

Correlate threat‑actor activity across the customer’s environment.

Produce incident‑response reports and communicate findings to stakeholders.

Write simple scripts in Python or Golang to automate analysis and reporting.

Qualifications

1–2 years of experience in cybersecurity, with at least 1+ year in Digital Forensics or Incident Response.

Hands‑on forensic analysis in Windows, macOS, and Linux environments.

Experience triaging malware using static or dynamic analysis on Windows, macOS, or UNIX‑based platforms.

Excellent verbal and written communication skills.

Experience creating incident‑response reports and writing scripts in Python or Golang.

Examples of Desirable Skills, Knowledge and Experience

Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or equivalent training / practical experience.

3+ years of experience in cyber security.

2+ years of Incident Response experience.

1+ year of customer‑facing role.

Experience conducting or managing incident‑response investigations for organizations, including APT, organized crime, and hacktivist threats.

Background using forensic analysis tools in investigations to determine the scope of compromise.

Strong knowledge of network protocols and analysis tools such as Bro / Zeek or Suricata.

Ability to perform reverse engineering and understand static and dynamic malware analysis.

Knowledge of targeted attack remediation and tactical / strategic remediation planning.

Understanding of secure network architecture and network operations.

Experience with cloud incident response (AWS, Azure, GCP).

Strong communications skills, able to convey findings to executives and detailed level stakeholders.

Technical knowledge of TCP / IP, HTTPS, FTP, SFTP, SSH, RDP, CIFS / SMB, NFS.

Familiarity with AWS, Azure, O365, Google, Cloudflare.

Understanding of MITRE ATT&CK and NIST Cyber Security Frameworks.

In‑depth knowledge of Windows OS and general knowledge of Unix, Linux, and macOS.

Bonus Points

Proficient in Python or Golang, capable of writing modular code that can be installed on a remote system.

Proficient with Yara and writing rules to detect malware samples.

Understanding of source code, hex, binary, regular expression, data correlation, and analysis such as network flow and system logs.

Experience with static, dynamic, and automated malware analysis techniques.

Mid‑level experience as a Malware Analyst with reverse engineering of various file formats.

Experience with APT malware reverse engineering and common infection vectors.

Knowledge of current malware techniques to evade detection and obfuscate analysis.

Experience writing malware reports on unique and interesting aspects.

Experience with malware attribution.

Experience tracking and identifying threats through Indicator of Compromise (IOC) pivoting and infrastructure enumeration.

Familiarity with bash command line for static analysis and IOC investigation.

Travel Requirements

Ability to travel up to 20% of the time.

Position may require foreign and domestic travel; passport required.

What Makes Cloudflare Special?

We’re not just a large‑scale technology company; we are a company with a soul. Fundamental to our mission is protecting the free and open Internet. Projects such as Project Galileo, the Athenian Project, and 1.1.1.1 illustrate our commitment to security, accessibility, and privacy.

Sound like something you’d like to be a part of? We’d love to hear from you!

This position may require access to information protected under U.S. export control laws, including the U.S. Export Administration Regulations. Offer of employment may be conditioned on authorization to receive software or technology controlled under these laws without sponsorship for an export license.

Equal Opportunity Employment

Cloudflare is proud to be an equal opportunity employer. We are committed to providing equal employment opportunity for all people and place great value in both diversity and inclusiveness. All qualified applicants will be considered for employment without regard to their, or any other person's, perceived or actual race, color, religion, sex, gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship, age, physical or mental disability, medical condition, family care status, or any other basis protected by law. We are an AA / Veterans / Disabled Employer.

Cloudflare provides reasonable accommodations to qualified individuals with disabilities. If you require a reasonable accommodation to apply for a job, please contact us via e‑mail at

hr@cloudflare.com or via mail at 101 Townsend St. San Francisco, CA 94107.

#J-18808-Ljbffr