World Wildlife Fund (WWF), one of the world’s leading conservation organizations, seeks a Cybersecurity Incident Response Engineer.

The Cybersecurity Incident Response (IR) Engineer at WWF protects the organization’s global mission by designing and operating capabilities to detect, investigate, and respond to cyber threats in WWF US and its Country Offices. The role works closely with security leadership and cross-functional teams to coordinate response efforts and strengthen security posture across WWF’s operations. The engineer leads technical investigations, containment, and remediation of incidents while developing automation, playbooks, and improved detection capabilities. Using data-driven analysis and threat intelligence, the role assesses risk and implements solutions that enhance resilience and reduce exposure. Success requires strong technical expertise, an engineering mindset, and the ability to translate complex security issues into business impact in a mission-driven environment.

Location: Candidates must be based in WWF-US managed country offices.

Eligible locations include Bolivia, Chile, Ecuador, Guatemala/ Belize/ Honduras, Mexico, Paraguay, Peru, Suriname and Guyana.

• Bilingual in English and Spanish required

• Operational Monitoring: Monitors and responds to security events across endpoints, networks, cloud services, applications, databases, and third-party environments.
• Threat Detection & Analysis: Collects, correlates, and analyzes data from multiple internal and external sources to identify anomalies, validate threats, and support threat hunting activities.
• Stakeholder Coordination: Serves as a key point of contact during incidents, collaborating with cybersecurity leadership, IR teams, and cross-functional stakeholders.
• Root Cause & Reporting: Performs root cause analysis, prioritizes findings, and documents incidents from initial detection through post-incident review and lessons learned.
• Security Engineering & Optimization: Improves detection and response capabilities through playbook development, workflow optimization, and alignment with KPIs and SLAs.
• Program Maturity & Continuous Improvement: Participates in tabletop exercises, vulnerability assessments, and post-incident reviews to identify gaps and strengthen IR capabilities.
• Cross-Functional Collaboration: Works closely with infrastructure, IT, vulnerability management, threat intelligence, and application security teams to enhance security posture.
• Forensics & Evidence Handling: Ensures proper evidence collection, preservation, and chain of custody in support of investigations.
• Communication & Documentation: Clearly communicates incident details, risks, and recommendations to technical and non-technical stakeholders.
• Continuous Learning & Awareness: Stays current on emerging threats and shares knowledge to elevate team capability and organizational readiness.
• Other duties as assigned.

Key Competencies

• Conflict Navigation: Communicate issues to management with a plan to address/solve them.
• Collaboration: Must be able to work well with others and have an open personality regarding work.
• Communication Skills: The ability to decipher complex technical terms into everyday language for others to understand.

• Solution-Oriented: Able to identify solutions to problems both independently and with guidance from leadership.

• Must have a Bachelor's degree in Computer Science or Information Technology

• Bilingual in English and Spanish required. 

• Minimum of 8+ years experience in Cybersecurity or related field:

  • Exp with Hunting, IoC, and Incident Response Execution: Leads and supports investigation, containment, and remediation of cybersecurity incidents, including ransomware, account compromise, phishing, and data leakage across enterprise environments.

  • Advanced understanding and proficiency with Windows and macOS operating systems. 

  • Experience configuring, deploying and using multiple security IR solutions such as SIEM, SOAR, playbooks and Endpoint Detection and Response (EDR) tools.

  • In depth knowledge of cloud services, third party risk management, and application security.

  • Familiarity with regulatory and compliance requirements such as PCI, CCPA, GDPR.

  • Threat Knowledge & TTPs: Maintains strong understanding of attacker methodologies, including escalation, lateral movement, and evolving tactics, techniques, and procedures.

• Strong verbal and written communication skills.  

• Ability to work both independently and collaboratively in a team environment.

• Five or more experience with Security Operations Center and Incident Response preferred.

• Understanding of threats and vulnerabilities, as well as principles of incident response and root cause analysis.

• Committed to building and strengthening a culture of inclusion within and across teams.

• Identifies and aligns with WWF’s core values:

  • COURAGE – We demonstrate courage through our actions, we work for change where it’s needed, and we inspire people and institutions to tackle the greatest threats to nature and the future of the planet, which is our home.

  • INTEGRITY – We live the principles we call on others to meet. We act with integrity, accountability and transparency, and we rely on facts and science to guide us and to ensure that we learn and evolve.

  • RESPECT – We honor the voices and knowledge of people and communities that we serve, and we work to secure their rights to a sustainable future.

  • COLLABORATION – We deliver impact at the scale of the challenges we face through the power of collective action and innovation.

To Apply: 

• Submit cover letter and resume through our Careers Page, Requisition #26079

• Due to the high volume of applications, we are not able to respond to inquiries via phone 

World Wildlife Fund (WWF) promotes equal employment opportunities for all qualified individuals regardless of age, race, color, sex, religion, national origin, disability, or veteran status, or any other characteristic protected under applicable law.