All interviews
Cloudflare logo

Cloudflare

Mid

Hunt and neutralize BEC and phishing campaigns inside Cloudflare's PhishGuard managed email defense

This role sits inside Cloudflare's Cloudforce One / INTERDICT threat operations org, acting as the human intelligence layer that catches sophisticated email-borne attacks automated systems miss. You'll investigate flagged and customer-reported emails, hunt proactively for emerging BEC and vendor-fraud patterns, feed findings back into Detection Engineering's ML models, and guide customers through DMARC hardening. Expect deep questions on SPF/DKIM/DMARC mechanics, phishing/BEC investigation workflow, and how you'd use AI/LLM tooling in daily triage.

Step into this interview

Free · a live voice mock calibrated to this exact role

Practice this interview

What this interview tests

  • BEC / vendor fraud investigation methodology
  • SPF/DKIM/DMARC protocol depth and alignment audits
  • Threat hunting and campaign correlation (domains, IPs, headers)
  • AI/LLM tool-assisted analysis workflows
  • Customer-facing crisis communication and technical onboarding

Common question themes

Walk through investigating a suspected BEC email end to end

How would you design a DMARC rollout to strict Reject for a resistant customer

Describe a phishing campaign you tracked across multiple indicators

How have you used AI/LLM tools to speed up daily security analysis

How do you decide when to escalate directly to a customer by phone

What feedback would you give Detection Engineering after a missed detection

View the original posting

Related interviews