Principal - Threat Intel

🌍 Remote, USA 🎯 Full-time 🕐 Posted Recently

Job Description

About the position

Research, develop, test, document, and implement global threat detection content across one or more SIEM platforms.
Tune threat detection content post-implementation based on emerging threats/TTPs, MITRE ATT&CK coverage, and strategic planning.
Validate and curate existing content periodically.
Support escalations in the context of threat detection.
Enable stakeholder teams strategically in the context of threat detection and SIEM expertise through research/detection briefs and internal workshops.
Produce and present clear and actionable reports to the team, stakeholders, and management around threat detection efficacy and gaps.
Contribute to the team's Jira backlog and strategic direction regarding prioritization and planning.
Act as a spokesperson for the team in-region and educate stakeholders on Threat Library.
Collaborate with stakeholder teams and lead joint tracks and recurring meetings.
Challenge existing processes and look for improvements in tooling and product delivery.
File bugs and feature requests to maintain high-quality standards and drive innovation.
Work with platform vendors as required.
Conduct peer reviews and provide input to peers upon request.
Mentor and guide junior team members.

Bachelor's degree or four or more years of work experience.
Six or more years of relevant work experience.
Experience working with SIEM platform(s) such as Splunk, QRadar, Microsoft Sentinel, Elastic, or SumoLogic.
Experience in Detection Engineering and developing, testing, and tuning threat detection content on at least one SIEM platform.
Excellent knowledge of the current threat landscape and modern analytical techniques for threat detection content.
Deep familiarity with the MITRE ATT&CK framework and general SIEM engineering concepts.
Demonstrated experience in at least two domains relevant to security and telemetry used for detection content, such as Windows and Active Directory, EDR, AWS, Azure/O365, GCP, OT, or IoT.
Working knowledge of major protocols in the OSI Model (TCP/IP, DNS, HTTP, SMTP) and their usage by threat actors.

Excellent problem-solving skills.
SANS GIAC certifications (GCIA, GCIH, GREM, GCFA, GPEN, GCPN, GXPN, GMON, GCDA, GCTI, GRID, GDAT) or similar technical security certifications.
Strong analytical, communication, documentation, and collaboration skills.
Strong passion for understanding cyber trends, TTPs, and emerging threats.
Ability to lead projects and perform well under pressure.
Previous experience as a SOC/CERT/CSIRT analyst.
Experience in incident response/digital forensics.
Experience managing threat detection in an MSSP/multi-tenant environment.
Experience with version control systems or CI/CD.
Experience in threat modeling and contributions to community-driven detection repositories.
Published research articles or presented at security conferences.
Experience in malware reverse engineering and cyber threat intelligence.
Experience in threat hunting across various telemetry sources.
Experience in penetration testing/red or purple teaming.
Knowledge of big data analytics and machine learning techniques.
Experience in scripting/Jupyter notebooks (Python).