Lead Cyber Threat Intelligence Engineer

SoFi•Frisco, TX

21h

About The Position

In this role, you will protect our bank's financial infrastructure and members by anticipating, identifying, analyzing, and documenting advanced cyber threats. Operating beyond reactive alert monitoring, you will focus on understanding who might attack our organization next and how. You will act as a subject matter expert, leveraging your investigative mindset and technical skill set to translate raw data into actionable intelligence that informs tactical network defenses and strategic executive decisions. In this role, you will help mentor junior analysts and play a vital part in maturing our intelligence operations.

Requirements

Experience: 5 to 8 years of overall cybersecurity experience, with at least 2 to 4 years of dedicated experience in Cyber Threat Intelligence.
Communication: Exceptional written and verbal communication skills, with a proven ability to present complex threat information to non-technical stakeholders effectively.
Technical Proficiency: Hands-on experience with SIEM platforms, TIPs, network traffic analysis, and malware analysis concepts. Strong understanding of enterprise IT networks, operating system principles, and exploit weaponization.
Analytical Skills: Demonstrated ability to analyze large volumes of technical and non-technical data to identify patterns, anomalies, and actionable insights.
Scripting & Automation: Familiarity with scripting languages to interact with datasets and automate manual data enrichment processes.

Nice To Haves

Industry certifications such as CISSP, CISM, GCIH, or specialized SANS training (e.g., FOR578: Cyber Threat Intelligence).
Previous experience working in the financial services sector.
Familiarity with information sharing standards (STIX/TAXII) and financial industry groups (e.g., FS-ISAC).

Responsibilities

Intelligence Analysis & Reporting: Produce high-quality, actionable intelligence reports, briefings, and alerts for both technical stakeholders and executive leadership. Utilize communication frameworks and data analysis to clearly convey analytical judgments and translate technical threats into the language of business risk across departments.
Adversary Tracking & Threat Hunting: Track threat actors and campaigns targeting the financial sector, focusing on their tactics, techniques, and procedures (TTPs). Map adversary behaviors using industry-standard models such as the MITRE ATT&CK framework, the Cyber Kill Chain, or the Diamond Model.
Proactive Threat Discovery: Execute proactive threat hunting and infrastructure tracking to identify new detection opportunities based on evolving TTPs.
Tool & Platform Optimization: Utilize and manage the Threat Intelligence Platform (TIP) to gather, analyze, and enrich intelligence. Validate indicators using internal security tools and manage intelligence sources, including open-source feeds, commercial data, and dark web monitoring.
Cross-Functional Collaboration: Partner closely with the Security Operations Center (SOC), Insider Threat, Fraud Risk, and other stakeholders to gather and prioritize requirements based on their needs. Provide context through enrichment of security alerts, reduce false positive rates, and ensure intelligence drives proactive defense and rapid containment during incidents.
Program Maturation & Mentorship: Apply structured analytic techniques (SATs) to mitigate cognitive biases during investigations. Aid in the automation of routine intelligence workflows, and assist in developing key performance metrics to demonstrate the CTI program's return on investment (ROI).