Senior Threat Intelligence Engineer

About The Position

Requirements

• 4+ years of hands-on experience in a Security Engineering, Cyber Threat Intelligence, or Security Automation role.
• Strong proficiency in at least one scripting/programming language for automation (e.g., Python ).
• Deep understanding of the cyber kill chain, threat actor TTPs, common attack vectors, networking protocols, and operating system internals.
• Proven experience designing and implementing SOAR playbooks and integrating security tools via APIs.
• Experience working with commercial and open-source Threat Intelligence Platforms (TIPs) and threat feeds.
• Familiarity with security services and automation in major cloud environments (AWS, Azure, or GCP).

Nice To Haves

• Understanding of attacker Tools, Techniques and Procedures (TTPs)
• Understanding of attack components
• Experience threat hunting in a complex network
• The ability to read an attack brief or vulnerability report and contextualize the associated risk
• Experience validating vulnerability reports and providing impact analysis
• Experience performing data gathering and analysis on perceived threats; generating additional contextual data that can be operationalized
• Experience with common tools used within Security Operations
• Experience utilizing security event information in intelligence analysis
• Ability to navigate ambiguity, and provide clarity to complex situations
• Ability to work autonomously with a strong sense of urgency, ownership and self drive
• Ability to build partnerships and get results across many different stakeholders
• Ability to effectively communicate, both verbal and written, to stakeholders regarding relative risk, urgency, and feedback
• Highly qualified candidates will have an understanding of nation state motivations and operational capabilities
• Experience with Infrastructure-as-Code (IaC) tools like Terraform.
• Familiarity with data analysis and visualization tools for threat intelligence
• Experience with malware analysis and reverse engineering to extract actionable indicators.

Responsibilities

• Intelligence Collection & Analysis: Proactively research, collect, and analyze threat intelligence from various sources (OSINT, commercial feeds, dark web, and internal security events) to understand the current and emerging threat landscape.
• Machine Learning and Data Science: Design, implement, and maintain detection use cases for the entire machine learning lifecycle (data ingestion, training, deployment, and inference).
• Threat Actor Profiling: Develop detailed profiles of relevant threat actors, their Tactics, Techniques, and Procedures (TTPs) using frameworks like MITRE ATT&CK , and identify potential impacts to the organization.
• Actionable Intelligence Dissemination: Produce and disseminate timely, relevant, and actionable intelligence reports and briefings for both technical security teams and executive leadership.
• IOC/IOA Management: Engineer the ingestion, enrichment, correlation, and contextualization of Indicators of Compromise (IOCs) and Indicators of Attack (IOAs) into security platforms.
• Automated Defense Development: Design, develop, and implement robust automation workflows and playbooks (SOAR) to streamline security operations tasks, including incident triage, alert enrichment, vulnerability management, and threat response actions.
• Tool Integration & Optimization: Integrate diverse security tools (e.g., SIEM, EDR, Cloud Security Posture Management, vulnerability scanners, Threat Intelligence Platforms) through APIs and scripting (primarily Python) to create seamless, automated feedback loops.
• Process Improvement: Identify manual, repetitive, and time-consuming security processes and engineer scalable automation solutions to increase team efficiency and operational maturity.
• Incident Response Support: Provide threat context to support the Incident Response team during active security incidents.
• Cross-Functional Partnership: Collaborate with Detection Engineers, Security Engineers, and Software Developers to embed security and intelligence-driven practices into the CI/CD pipeline and corporate infrastructure.