Cybersecurity Incident Response Engineer (26079)

World Wildlife Fund (WWF), one of the world’s leading conservation organisations, is recruiting a Cybersecurity Incident Response (IR) Engineer to protect the organisation’s global mission by designing and operating capabilities to detect, investigate and respond to cyber threats across WWF US and its country offices. The role works closely with security leadership and cross-functional teams to coordinate response efforts and strengthen security posture across WWF’s operations. The engineer leads technical investigations, containment and remediation of incidents while developing automation, playbooks and improved detection capabilities.

Key responsibilities include operational monitoring (monitoring and responding to security events across endpoints, networks, cloud services, applications, databases and third-party environments); threat detection and analysis (collecting, correlating and analysing data from multiple internal and external sources to identify anomalies, validate threats and support threat hunting); stakeholder coordination (serving as a key point of contact during incidents, collaborating with cybersecurity leadership, IR teams and cross-functional stakeholders); root cause and reporting (performing root cause analysis, prioritising findings and documenting incidents from initial detection through post-incident review); security engineering and optimisation (improving detection and response capabilities through playbook development, workflow optimisation and alignment with KPIs and SLAs); programme maturity and continuous improvement (participating in tabletop exercises, vulnerability assessments and post-incident reviews); cross-functional collaboration with infrastructure, IT, vulnerability management, threat intelligence and application security teams; forensics and evidence handling (ensuring proper evidence collection, preservation and chain of custody); and continuous learning to stay current on emerging threats.

Required qualifications include a Bachelor’s degree in Computer Science or Information Technology; bilingual fluency in English and Spanish; and a minimum of 8+ years of experience in cybersecurity or a related field. Specific technical experience required includes hunting, IoC and incident response execution (leading investigation, containment and remediation of cybersecurity incidents including ransomware, account compromise, phishing and data leakage); advanced understanding and proficiency with Windows and macOS operating systems; experience configuring, deploying and using multiple security IR solutions such as SIEM, SOAR, playbooks and Endpoint Detection and Response (EDR) tools; in-depth knowledge of cloud services, third-party risk management and application security; familiarity with regulatory and compliance requirements such as PCI, CCPA and GDPR; and strong threat knowledge and understanding of attacker TTPs. Five or more years of experience with Security Operations Centre and Incident Response is preferred.

WWF’s core values, which candidates should align with, include courage, integrity, respect and collaboration. Applications should be submitted via the Careers page with a cover letter and resume.