Security Detection & Response Engineer - Flutter Functions, Hybrid & Remote
Flutter InternationalAbout Betfair Romania Development:
Betfair Romania Development is the largest technology hub of Flutter Entertainment, with over 2,000 people powering the world’s leading sports betting and iGaming brands. Exciting, immersive and safe experiences are delivered to over 18 million customers worldwide, from our office in Cluj-Napoca. Driven by relentless innovation and commitment to excellence, we operate our own unbeatable portfolio of diverse proprietary brands such as FanDuel, PokerStars, SportsBet, Betfair, Paddy Power, or Sky Betting & Gaming,
Our Values:
The values we share at Betfair Romania Development define what makes us unique as a team. They empower us by giving meaning to our contributions, and they ensure that we consistently strive for excellence in everything we do. We are looking for passionate individuals who align with our values and are committed to making a difference.
Win together | Raise the bar | Got your back | Own it | Positive impact
About Flutter Functions:
The Flutter Functions division is a key component of Flutter Entertainment, responsible for providing essential support and services across the organization. The division encompasses various corporate functions, including finance, legal, human resources, technology, and more, ensuring seamless operations and strategic alignment throughout the company.
Role Overview:
Flutter is recruiting a Security Detection & Response Engineer to advance its cybersecurity operations and automation capabilities across a global organization. This role will be instrumental in designing, implementing, and continuously improving our security detection framework, alert management processes, and incident response capabilities. A key focus will be on leveraging emerging technologies, including Large Language Models (LLMs) and automation, to enhance response efficiency and effectiveness across our complex, multi-cloud environment.
The ideal candidate will combine strong technical security expertise with innovative thinking around automation and AI-driven security operations. They must be comfortable working with cross-functional global teams across AWS, partner organizations, internal engineering, security, and business teams spanning various brands within Flutter globally. This role demands both tactical excellence in detection engineering and strategic vision for the future of automated security operations.
Key Accountabilities & Responsibilities:
Design, develop, and maintain threat detection rules, alerts, and dashboards mapped to the MITRE ATT&CK framework using SIEM and other security tools.
Continuously tune and optimize existing detections to reduce false positives while maintaining high detection efficacy.
Conduct regular reviews of detection coverage and identify gaps based on threat intelligence, incident trends, and organizational risk profile.
Test and validate detection effectiveness through atomic testing, purple team exercises, and collaboration with red teams.
Perform triage and in-depth analysis of security alerts using Splunk, AWS-native tools, and various SaaS security platforms
Conduct root cause analysis and post-incident reviews to drive continuous improvement.
Research, design, and implement automation solutions to streamline detection creation, alert enrichment, and incident response workflows.
Explore and pilot the use of Large Language Models (LLMs) and generative AI to enhance security operations, including automated alert analysis, playbook generation, and response recommendations.
Develop and maintain automated response playbooks and orchestration workflows using SOAR platforms and scripting.
Integrate threat intelligence feeds into detection and response workflows to enhance context and prioritization.
Track threat actor TTPs and translate them into actionable detections.
Document detection logic, alert triage procedures, incident response playbooks, and automation workflows.
Contribute to the security knowledge base and runbook library.
Skills, Capabilities & Experience Required:
Proven experience with SIEM platforms (preferably Splunk) for query development, detection creation, alert tuning, and dashboarding.
Demonstrated experience in security alert analysis, incident response, and threat hunting within large, complex organizations.
Hands-on experience with detection validation techniques, including atomic testing frameworks (e.g., Atomic Red Team) and purple team collaboration.
Strong understanding of the MITRE ATT&CK framework and ability to map threat actor TTPs to defensive controls.
Competencies:
Innovation & Continuous Improvement: We embrace emerging technologies and innovative approaches to solve complex security challenges. We continuously seek opportunities to improve efficiency, effectiveness, and scalability of security operations through automation and intelligent tooling.
Building Support: We establish close relationships with our stakeholders, underpinned by trust, integrity, and respect. We build awareness, understanding, and positive momentum behind security initiatives and the group technology strategy, often without being in a position to assert authority.
Objective & Analytical: We are impartial and data-driven in our approach to security decisions. We analyze complex technical information objectively, ensuring decisions are based on evidence and aligned with risk management principles.
Collaborative: We work effectively and in partnership with stakeholders on shared goals that align with the achievement of the group strategy. We foster a collaborative environment across security, engineering, and business teams, assuming leadership when required.
Adaptable & Agile: We thrive in dynamic, fast-paced environments and can quickly pivot our approach based on evolving threats, business needs, and technological changes. We remain calm and effective under pressure during security incidents.
Strategic Thinking: We balance tactical execution with strategic vision. We understand how detection and response capabilities contribute to the broader security posture and business objectives, and we advocate for investments that deliver long-term value.
Strategic Communication: We communicate complex technical security concepts clearly to both technical and non-technical audiences. We actively listen, provide constructive feedback, and help stakeholders understand security risks and recommendations.
Skills, Capabilities & Experience Required:
Proven experience with SIEM platforms (preferably Splunk) for query development, detection creation, alert tuning, and dashboarding.
Demonstrated experience in security alert analysis, incident response, and threat hunting within large, complex organizations
Hands-on experience with detection validation techniques, including atomic testing frameworks (e.g., Atomic Red Team) and purple team collaboration.
Strong understanding of the MITRE ATT&CK framework and ability to map threat actor TTPs to defensive controls.
Benefits:
Hybrid & remote working options
€1,000 per year for self-development
Company share scheme
25 days of annual leave per year
20 days per year to work abroad
5 personal days/year
Flexible benefits: travel, sports, hobbies
Extended health, dental and travel insurances
Customized well-being programmes
Career growth sessions
Thousands of online courses through Udemy
A variety of engaging office events
Disclaimer:
We are an inclusive employer. By embracing diverse experiences and perspectives, we create a lasting, positive impact for our employees, customers, and the communities we’re part of. You don't have to meet all the requirements listed to apply for this role. If you need any adjustments to make this role work for you, let us know, and we’ll see how we can accommodate them.
We thank all applicants for their interest; however, only the candidates who best meet the job requirements will be contacted for an interview.
By submitting your application online, you agree that your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than three years, to consider you for prospective roles within the company.