Principal - Threat Intel

About the position Responsibilities • Research, develop, test, document, and implement global threat detection content across one or more SIEM platforms. • Tune threat detection content post-implementation based on emerging threats/TTPs, MITRE ATT&CK coverage, and strategic planning. • Validate and curate existing content periodically. • Support escalations in the context of threat detection. • Enable stakeholder teams strategically in the context of threat detection and SIEM expertise through research/detection briefs and internal workshops. • Produce and present clear and actionable reports to the team, stakeholders, and management around threat detection efficacy and gaps. • Contribute to the team's Jira backlog and strategic direction regarding prioritization and planning. • Act as a spokesperson for the team in-region and educate stakeholders on Threat Library. • Collaborate with stakeholder teams and lead joint tracks and recurring meetings. • Challenge existing processes and look for improvements in tooling and product delivery. • File bugs and feature requests to maintain high-quality standards and drive innovation. • Work with platform vendors as required. • Conduct peer reviews and provide input to peers upon request. • Mentor and guide junior team members. Requirements • Bachelor's degree or four or more years of work experience. • Six or more years of relevant work experience. • Experience working with SIEM platform(s) such as Splunk, QRadar, Microsoft Sentinel, Elastic, or SumoLogic. • Experience in Detection Engineering and developing, testing, and tuning threat detection content on at least one SIEM platform. • Excellent knowledge of the current threat landscape and modern analytical techniques for threat detection content. • Deep familiarity with the MITRE ATT&CK framework and general SIEM engineering concepts. • Demonstrated experience in at least two domains relevant to security and telemetry used for detection content, such as Windows and Active Directory, EDR, AWS, Azure/O365, GCP, OT, or IoT. • Working knowledge of major protocols in the OSI Model (TCP/IP, DNS, HTTP, SMTP) and their usage by threat actors. Nice-to-haves • Excellent problem-solving skills. • SANS GIAC certifications (GCIA, GCIH, GREM, GCFA, GPEN, GCPN, GXPN, GMON, GCDA, GCTI, GRID, GDAT) or similar technical security certifications. • Strong analytical, communication, documentation, and collaboration skills. • Strong passion for understanding cyber trends, TTPs, and emerging threats. • Ability to lead projects and perform well under pressure. • Previous experience as a SOC/CERT/CSIRT analyst. • Experience in incident response/digital forensics. • Experience managing threat detection in an MSSP/multi-tenant environment. • Experience with version control systems or CI/CD. • Experience in threat modeling and contributions to community-driven detection repositories. • Published research articles or presented at security conferences. • Experience in malware reverse engineering and cyber threat intelligence. • Experience in threat hunting across various telemetry sources. • Experience in penetration testing/red or purple teaming. • Knowledge of big data analytics and machine learning techniques. • Experience in scripting/Jupyter notebooks (Python). Benefits • Health insurance coverage • Dental insurance coverage • Vision insurance coverage • 401k benefit for retirement savings plan • 401(k) matching benefit • Paid holidays • Flexible scheduling options • Professional development opportunities • Tuition reimbursement • Employee discount programs • Mental health days • Paid volunteer time • Life insurance coverage • Disability insurance coverage Apply tot his job