SOC Threat Intelligence Engineer
Littleton, CO, US
Joyent is the high-performance cloud infrastructure company built to power real-time web and mobile applications.
Joyent is currently seeking a SOC Threat Intelligence Engineer who will be responsible for the implementation, configuration, operation, management, testing, tuning, and optimization of all systems and resources related to providing threat intelligence within the SOC. Candidates must possess a mature information security attitude, aptitude and the ability to manage a multitude of virtual resources in a fast paced cloud environment.
SOC Threat Intelligence Engineers are expected to provide threat intelligence security feeds using multiple tools, both open and closed source to provide the organization with actionable and reliable intelligence.
- Produce threat intelligence providing situation awareness of information security threats impacting global network infrastructure.
- Work within the intelligence lifecycle, including conducting analysis and producing robust reporting.
- Collaborate with internal technical teams to provide indications and warnings and conduct predictive analysis of potential malicious activity.
- Proactively research emerging information security threats. Apply analytical understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits.
- Understand and experience in evaluating nation-state, hacktivists, and cyber criminal capabilities and activity.
- Ability to identify trends in the wild with regards to adversary tactics, techniques, and procedures, targeting, malware development and implementation.
- Communicate to team members and company leadership both quantifiable and qualifiable information risk to the enterprise though operational briefings and threat intelligence reports.
- Help to create intelligence reporting methods that communicate effectively to every level of the organization.
- Identify potential new sources of information and integrates numerous types of information security data sources into information threat analysis products.
- Develop briefings and associated materials and deliver in-depth presentations to Company leadership including but not limited to the heads of Business units, partners, and information technology professionals.
- Collaborate using information and knowledge sharing networks and professional relationships to achieve common goals. Leverage government and private organizations to share threat information and best practices to influence program outcomes.
- Respond to and ensures requests for information are answered in a thorough and expedient manner.
- Coordinate intelligence resources during enterprise incident response efforts, driving incidents to resolution.
- Employ advanced forensic tools and techniques for attack reconstruction and intelligence gathering.
- Perform network traffic analysis utilizing raw packet data, netflow, IDS, and custom sensor output as it pertains to the information security of communications networks.
- Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats.
- Automate detections of "Indicators of Compromise" provided by intelligence and after incidents in order to detect intrusions, and significantly lower time to response.
- Participate in on-call rotation and off hours work as necessary.
- Open to non-standard shifts to support 24/7 SOC operations.
- Assist with other SOC duties as directed / required.
- Strong threat intelligence and information security experience in a global organization.
- Experience in developing intelligence processes, creating analytic solutions, and metrics.
- Demonstrable knowledge of cryptographic concepts and techniques, including encryption, hashing, and key management.
- Comfortable communicating with contacts ranging from business stakeholders to technical engineers and analysts.
- Familiarity with information security threats, defenses, motivations and techniques.
- Experience with intelligence analysis tools, methods and the intelligence life cycle.
- Experience performing open source research.
- Experience performing link, trend and temporal analysis.
- Experience distilling raw information into actionable intelligence.
- Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, SIEMs, etc.
- Familiarity with public cloud architectures, log formats (i.e. cloud trail logs), and SOC operations that support public and private cloud operating models.
- Knowledge of Cloud-unique security risks, API security vulnerabilities and remediation measures.
- Strong attention to detail, organizational skills, problem solving, troubleshooting and documentation skills.
- Minimum 2 years prior experience in an information security engineering role and 1 year in a Threat Analyst/Intelligence role.
- Bachelor’s degree in information technology or related field, or equivalent experience.
- Advanced degree in technology related field is a plus.
- Technical security related certifications are a plus:
- Industry Certifications – e.g. GSEC, Security+, CISSP
Joyent, a wholly-owned subsidiary of Samsung, is the open cloud company. With its Triton Kubernetes services and support, Joyent helps its customers build and operate modern cloud native applications across multiple clouds. Joyent’s Triton Private Regions provide low cost, dedicated cloud infrastructure that gives its customers the ability to own their data and control their cloud costs.
To apply, please submit a brief introduction, a copy of your resume, and a link to your Github or LinkedIn profile to firstname.lastname@example.org with SOC Threat Intelligence Engineer in the subject. Qualified applicants with criminal histories will be considered for the position in a manner consistent with the Fair Chance Ordinance.
View All Open Positions at Joyent