Security Engineer (Incident Response)
LearnPlatform
Budapest, Hungary
Posted on Oct 10, 2025
At Instructure, we believe in the power of people to grow and succeed throughout their lives. Our goal is to amplify that power by creating intuitive products that simplify learning and personal development, facilitate meaningful relationships, and inspire people to go further in their education and careers. We do this by giving smart, creative, passionate people opportunities to create awesome.
The Security Engineer, Incident Response, is a technical role responsible for leading and executing the organization's response to cybersecurity incidents. This position is a cornerstone of our security program, requiring a professional with deep experience in incident response, especially within SaaS product environments. The ideal candidate will not only be an expert in handling security incidents but also a proactive contributor to our overall security engineering initiatives. A key aspect of this role is the ability to develop and maintain clear, comprehensive documentation for security procedures and processes as they pertain to the incident response processes.
What you’ll do:
Incident Response Execution:
- Lead and direct all phases of the incident response lifecycle, from initial detection and triage to containment, eradication, and post-incident analysis and review.
- Conduct in-depth forensic analysis of security incidents to determine the root cause, assess the impact, and define the scope of the incident.
- Collaborate with engineering and product teams to develop and implement effective containment and eradication strategies for SaaS environments.
- Coordinate recovery activities to ensure the timely and secure restoration of impacted systems and services.
Security Engineering Initiatives:
- Support design, develop, and implement robust detection rules and signatures across our security toolset (e.g., SIEM, EDR, WAF, CSPM) to proactively identify malicious activity.
- Continuously refine and optimize detection rules to minimize false positives and enhance the accuracy of our security alerts.
- Evaluate and recommend new security technologies and methodologies to enhance our security posture.
Documentation and Procedure Development:
- Create and maintain detailed documentation for all incident response procedures, playbooks, and runbooks.
- Develop and document security best practices and guidelines for engineering and product teams.
- Contribute to the creation and maintenance of our overall security knowledge base.
Table Top Exercises and Training:
- Schedule and manage tabletop exercises to test and refine our incident response capabilities.
- Document the results of tabletop exercises and track the remediation of any identified gaps.
- Provide training and guidance to junior analysts and other team members on incident response and security best practices.
What you will need to know/have:
- Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
- Proven experience in a security role with a strong focus on incident response and security engineering.
- Demonstrated experience leading incident response for a SaaS product company.
- Strong understanding of common attack techniques, tactics, and procedures (TTPs).
- Experience with Security Information and Event Management (SIEM) platforms (e.g., Splunk, Elastic SIEM, Microsoft Sentinel) and developing detection rules.
- Familiarity with Endpoint Detection and Response (EDR) solutions.
- Proficiency in at least one scripting language (e.g., Python, Go, etc).
- Excellent analytical, problem-solving, and communication skills.
- Proven ability to write clear and concise documentation.
- This position includes participation in an on-call rotation
It would be a bonus if you also had:
- Relevant industry certifications (e.g., SANS GCIA, GDAT, GCIH, Offensive Security certifications).
- Experience with Security Orchestration, Automation, and Response (SOAR) platforms.
- Familiarity with container security and serverless technologies.
- Experience with version control systems (e.g., Git).
Get in on all the awesome at Instructure!
- We offer competitive, meaningful benefits in every country where we operate. While they vary by location, here's a general idea of what you can expect:
- Competitive compensation, plus all full-time employees participate in our ownership program - because everyone should have a stake in our success.
- Flexible schedules and a remote-friendly culture, with hybrid or onsite work options available in some regions for specific roles
- Generous time off, including local holidays and our annual company-wide “Dim the Lights” week in late December, when we encourage everyone to step back and recharge
- Comprehensive wellness programs and mental health support
- Annual learning and development stipends to support your growth
- The technology and tools you need to do your best work — typically a Mac, with PC options available in some locations
- Motivosity employee recognition program
- A culture rooted in inclusivity, support, and meaningful connection
We believe in hiring great people and treating them right. The more diverse we are, the better our ideas and outcomes.
Instructure is an Equal Opportunity Employer. We comply with applicable employment and anti-discrimination laws in every country where we operate.
All employees must pass a background check as part of the hiring process. To help protect our teams and systems, we’ve implemented identity verification measures. Candidates may be asked to verify their legal name, current physical location, and provide a valid contact number and residential address, in accordance with local data privacy laws.
Any attempt to misrepresent personal or professional information will result in disqualification.