Principal - Threat Intel

Remote Full-time
About the position

Responsibilities
• Research, develop, test, document, and implement global threat detection content across one or more SIEM platforms.
• Tune threat detection content post-implementation based on emerging threats/TTPs, MITRE ATT&CK coverage, and strategic planning.
• Validate and curate existing content periodically.
• Support escalations in the context of threat detection.
• Enable stakeholder teams strategically in the context of threat detection and SIEM expertise through research/detection briefs and internal workshops.
• Produce and present clear and actionable reports to the team, stakeholders, and management around threat detection efficacy and gaps.
• Contribute to the team's Jira backlog and strategic direction regarding prioritization and planning.
• Act as a spokesperson for the team in-region and educate stakeholders on Threat Library.
• Collaborate with stakeholder teams and lead joint tracks and recurring meetings.
• Challenge existing processes and look for improvements in tooling and product delivery.
• File bugs and feature requests to maintain high-quality standards and drive innovation.
• Work with platform vendors as required.
• Conduct peer reviews and provide input to peers upon request.
• Mentor and guide junior team members.

Requirements
• Bachelor's degree or four or more years of work experience.
• Six or more years of relevant work experience.
• Experience working with SIEM platform(s) such as Splunk, QRadar, Microsoft Sentinel, Elastic, or SumoLogic.
• Experience in Detection Engineering and developing, testing, and tuning threat detection content on at least one SIEM platform.
• Excellent knowledge of the current threat landscape and modern analytical techniques for threat detection content.
• Deep familiarity with the MITRE ATT&CK framework and general SIEM engineering concepts.
• Demonstrated experience in at least two domains relevant to security and telemetry used for detection content, such as Windows and Active Directory, EDR, AWS, Azure/O365, GCP, OT, or IoT.
• Working knowledge of major protocols in the OSI Model (TCP/IP, DNS, HTTP, SMTP) and their usage by threat actors.

Nice-to-haves
• Excellent problem-solving skills.
• SANS GIAC certifications (GCIA, GCIH, GREM, GCFA, GPEN, GCPN, GXPN, GMON, GCDA, GCTI, GRID, GDAT) or similar technical security certifications.
• Strong analytical, communication, documentation, and collaboration skills.
• Strong passion for understanding cyber trends, TTPs, and emerging threats.
• Ability to lead projects and perform well under pressure.
• Previous experience as a SOC/CERT/CSIRT analyst.
• Experience in incident response/digital forensics.
• Experience managing threat detection in an MSSP/multi-tenant environment.
• Experience with version control systems or CI/CD.
• Experience in threat modeling and contributions to community-driven detection repositories.
• Published research articles or presented at security conferences.
• Experience in malware reverse engineering and cyber threat intelligence.
• Experience in threat hunting across various telemetry sources.
• Experience in penetration testing/red or purple teaming.
• Knowledge of big data analytics and machine learning techniques.
• Experience in scripting/Jupyter notebooks (Python).

Benefits
• Health insurance coverage
• Dental insurance coverage
• Vision insurance coverage
• 401k benefit for retirement savings plan
• 401(k) matching benefit
• Paid holidays
• Flexible scheduling options
• Professional development opportunities
• Tuition reimbursement
• Employee discount programs
• Mental health days
• Paid volunteer time
• Life insurance coverage
• Disability insurance coverage

Apply Now

Apply Now
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

**Experienced Aetna Data Entry Specialist – Virtual Remote Work Opportunity**

Remote

Senior Sales Representative (Evening Shift)- 100% remote

Remote

Athletic Strategy Consultant (Swimming, Tennis, Track & Field, Rowing)

Remote

Experienced Part-Time Data Entry Specialist – Remote Work Opportunity for Detail-Oriented Professionals

Remote

Apply Now: Associate Counsel (Remote)

Remote

Remote Work-From-Home Independent Contractor - Call Center Representative

Remote

Portfolio Success Manager I

Remote

DevOps Engineer - Google Cloud Platform (Hybrid)

Remote

Technical Service Representative (NC Remote)

Remote

[FULL TIME Remote] Non-Voice Customer Service Agent - Temporary

Remote
← Back