(Senior) Security Engineer, Security Engineering & Threat Intelligence
We are seeking a skilled security engineer to join our Global Cybersecurity Services Team. The primary focus of this role is to contribute to advancing our security technology stack, developing AI-driven security automation workflows, and supporting security operations and threat management within our modern cybersecurity operating model.
We are establishing an advanced, cloud-based security operations capability that heavily emphasizes AI and automation. This requires individuals with engineering and operational proficiency across various levels.
Responsibilities
Detection & Response: Engage in the detection and response engineering lifecycle to enhance and fine-tune alerts for accuracy and quality. This involves in-depth analysis of telemetry and alerts to conduct log reviews and root cause analysis. Conduct investigations using both open source and proprietary tools, such as EPP/EDR/XDR software, SIEM platforms, and automation scripts.
Automation & DevOps: Develop, maintain, and improve our CICD capabilities. Enhance IaC templates or playbooks using tools like Ansible, Terraform, and Cloudformation. Utilize scripting and hyperautomation platforms to automate and orchestrate workflows.
Security Engineering: Maintain and upgrade our security operations technology stack, including cutting-edge SIEM and hyperautomation solutions. Develop and improve security logging and detection engineering practices, as well as manage the detection use case lifecycle. Integrate AI into workflows and automate processes creatively.
Threat Intelligence Management
Threat Intelligence Collection: Gather and analyze data from various sources, such as OSINT, dark web forums, commercial feeds, and internal telemetry.
Threat Analysis: Evaluate threat actor capabilities, motivations, and TTPs. Analyze targeted attacks, attribute analysis, and suggest enhancements for the global security program or specific security domains.
Making Threat Intelligence Actionable: Translate intelligence into actionable insights. Have familiarity with deception technology.
Collaboration & Incident Support: Collaborate with other security teams to provide threat context, offer CTI insights during incidents, and prioritize defensive actions.
Security Projects: Lead and participate in projects like Endpoint Security enhancements, Attack Simulation, Threat Hunting, Compromise Assessments, and Network/Endpoint security reviews.
Leadership: Demonstrate cross-functional leadership and stakeholder management skills. Mentor and contribute to team growth and capability.
Requirements
- 5-7 years of experience in Information Security, with technical hands-on experience in various security domains.
- Proficiency in SIEM, EPP/EDR/XDR, SOAR, Threat Intelligence Platforms, and Open Source Threat Intelligence solutions.
- Experience with Cloud environments like AWS, Azure, and GCP.
- Working background in Cyber Threat Intelligence roles.
- Practical knowledge of operational, tactical, and strategic threat intelligence implementation.
- Experience applying AI/ML in cybersecurity.
- Proficiency in scripting languages for task automation and data manipulation.
- Highly self-motivated, detail-oriented, and results-driven.
- Strong verbal and written English skills.
