Are you a problem-solver who is capable of handling incidents both technical and non-technical? We'd love to hear from you 👀There's a few things that make our Security team at Wolt quite unique:⭐️ We're a cross-disciplinary team which makes us strong: looking after not only security but also privacy and physical security and safety⭐️ We work across the whole company and report to the CEO office, not buried under an organizational silo⭐️ We're a truly Cloud Native, Zero Trust and DevOps company - so much so that we don't usually even care about those buzzwordsThe Wolt Security team is distributed across several locations, and we are looking to fill the role in Finland or Sweden.In this role you'll get to:Manage security and privacy events and incidents with a full ownership of handling these from detection to root cause analysis, and potentially reporting them to authorities. This is not a SOC role: you will work as an incident manager and a hands-on responder, and not just respond to automatic alerts.Collaborate with our Product Engineering, Operations and IT to implement the necessary immediate fixes, fix vulnerabilities and implement long-term mitigations. Some of the long-term fixes may involve changes to how we do business.Work with our country operations, Support, product development teams, IT, Legal, and People Ops. This role doesn't just look at “IT” or “product” issues, but any security and privacy events or incidents in any corner of Wolt. Some of them might not be “technical” incidents at all!The position requires regular on-call duty, which is separately agreed and compensated.Over time, your role can evolve depending on your interests and skills. Wolt is a large place and there's a lot to do! While it is expected that practical incident management and response will take most of your time, we are keen on finding people who have supporting technical skills which they can put into good use when there's time. Examples of such skills could be exploratory security testing, vulnerability management in software development, working with our SIEM or observability stack, or looking into the security of SaaS services we use.This position is ideal for someone with a technical incident response background looking to expand their horizons to include less technical commotions, or a former SOC analyst who has seen it all and wants a change. We are looking for at least 2 years of full-time equivalent experience total.Our humble expectationsYou'll be successful in this role if you:Enjoy digging into a process - technical or non-technical - to find out why and how something happened.Are quick to learn nuances in something.Are comfortable with Linux, to the level of essential systems administration on the command line.Are comfortable scripting your way through boring stuff, for example, in Python or bash.Have a strong work ethic, are organized and follow things through.Can communicate clearly and provide good visibility to issues as they progress.Can see through issues that have many aspects and different - often also non-technical and business-related - considerations.Have the skill of becoming friends with developers and internal legal counsels.Are not scared of submitting and reviewing Pull Requests.You are not afraid of getting to learn the legal requirements of the GDPR, NIS2, U.S. SEC, DORA, EBA, and the CRA, as they apply to incident reporting.And as Wolt's company language is English, you'd need to be fluent in both spoken and written English.
