Junior Security Analyst: AI-Driven Incident Response

Gelato has created the world’s largest global network for on-demand production of custom products – from t-shirts and mugs to books and wall art. We empower a new generation of ecommerce entrepreneurs to share their creativity worldwide while embracing local, sustainable production. By producing locally and perfectly matching supply with demand, we eliminate waste and reduce carbon emissions.

At Gelato, we don’t own production facilities – we build the software that connects them. With over 140 production partners in 32 countries, our network can deliver custom products to five billion people in just 72 hours. It’s smarter, faster, and greener.

With GelatoConnect, our SaaS platform, we’re driving innovation in print production. GelatoConnect simplifies operations for print producers by automating procurement, workflows, and logistics into one seamless system. By boosting efficiency and cutting costs, it helps businesses scale to meet market demands. With GelatoConnect, we’re reshaping the print industry to be more efficient, sustainable, and profitable.

As Gelato continues its global expansion, we are seeking a Junior Security Analyst to join our growing security function. This is a hands-on, execution-focused role built around analysing security events — you'll be the person who picks up requests for the wider organisation such as reviewing PRs, triaging security alerts, investigating events, and driving incidents through to resolution.

You don't need to have seen everything. You need curiosity, a structured approach to problem-solving, and the drive to grow fast. Reporting to the Head of Information Security, you'll work alongside experienced engineers and have a clear path to develop your skills in detection engineering, threat analysis, and security automation.

Our security team operates as enablers, not blockers — your job is to keep the business safe without slowing it down.

• Incident response and detection: Own the day-to-day triage and investigation of security alerts across our SIEM, EDR, and cloud monitoring tooling. Drive incident response activities for severity events: containment, evidence collection, root cause analysis, and post-incident documentation. Participate in an on-call rotation, providing timely responses and escalations for security incidents outside of business hours. Escalate high-severity or complex incidents to senior team members, providing clear and complete handover documentation. Maintain and improve incident response runbooks, playbooks, and internal knowledge bases.
• Monitoring and threat analysis: Monitor security tooling (SIEM, WAF, EDR, IAM) for suspicious activity and anomalous behaviour. Contribute to the tuning of detection rules and alert thresholds to reduce noise and improve signal quality. Proactively analyse threat intelligence and translate findings into actionable detection improvements.
• AI-powered security operations: Use AI and LLM tools daily to accelerate alert triage, generate incident summaries, and draft communications for stakeholders. Contribute to automation workflows that reduce manual toil in detection and response pipelines. Experiment with AI-assisted approaches to threat hunting, log analysis, and runbook generation.
• Compliance and governance support: Support evidence collection and control testing for compliance frameworks including ISO 27001, SOC 2, and NIST CSF. Assist with vulnerability management activities, including tracking remediation progress and communicating status to stakeholders. Help educate the wider Gelato team on security best practices through documentation and awareness activities.

• 1–3 years of experience in a security operations, IT security, or related technical role — including internships, apprenticeships, or equivalent hands-on exposure.
• Practical experience with SIEM or EDR tooling — whether professionally, in a lab, or through CTF/home lab environments.
• Solid understanding of core security concepts: attack frameworks (MITRE ATT&CK), the incident response lifecycle, common vulnerability classes.
• Comfortable working in cloud environments, particularly AWS — you understand IAM, logging, and basic cloud-native threat vectors.
• AI-native working style — you actively use LLMs and AI assistants as productivity tools and are eager to apply them in security contexts.
• Clear written and verbal communication in English; able to document incidents accurately and concisely for both technical and non-technical audiences.

• Exposure to scripting (Python, Bash, or PowerShell) for automating repetitive tasks or parsing log data.
• Familiarity with compliance frameworks such as ISO 27001 or SOC 2.
• Experience with tools such as Cloudflare, the ELK stack, or vulnerability scanners (Semgrep, CodeCI, SonarQube, Coana, etc.).
• Relevant certifications: CompTIA Security+, CySA+, BTL1, or equivalent; or progress toward GIAC certifications.
• Hands-on experience building simple automation or integrations between security tools.
• Degree in Computer Science, Information Security, or a related field — though we consider demonstrated experience over credentials.

We are a customer-obsessed team with the ambition to change the world by connecting technology to the printing industry and making it much more sustainable. Everyone who joins our team must feel genuinely intrigued and motivated by our mission. We expect a lot. We are a driven team with big goals, so we seek individuals who are genuinely passionate about their work and possess an entrepreneurial spirit.

Our culture is unique and we live by our values, so it's worth learning more about our culture and how we work before presenting your application. At Gelato, we pride ourselves on our global presence with 14 offices worldwide, fostering a dynamic and diverse work environment. Rooted in a culture that values collaboration, creativity, and camaraderie, we actively cultivate a company culture that thrives on shared experiences. We encourage team members to embrace this culture by working from our inspiring office spaces at least three days a week, allowing for meaningful connections and collective growth.

Lastly, we ask that you please upload your CV in English, regardless of which country you are applying from.