Threat Intelligence Specialist (Account Security)

Are you prepared to join the X team and help build the ultimate real-time information-sharing app, revolutionizing how people connect? At X, we’re on a mission to become the trusted global digital public square, committed to protecting freedom of speech and building the future unlimited interactivity. Our goal is to empower every user to freely create and share ideas, fostering open public discourse without barriers. Join us in shaping this thrilling journey where your contribution will be invaluable to our success!

  

Title: Threat Intelligence Specialist (Account Security)
Location: San Jose or Bastrop, TX or New York City (Onsite)
Base Salary: $127,000- $200,00 + Equity (San Jose or New York)

_

X’s Threat Disruption team provides expert scaled investigative support into inauthentic accounts and behavior on the platform. Our objective is to increase the costs to bad actors for manipulating the platform and mitigate associated harm.

Responsibilities: 

• Recognize, research, and analyze various account security related threats and threat actor groups/attack patterns, tactics, techniques and procedures 

• Analyze and investigate account security threats using internal data and tools to help identify threat actors

• Use data analysis to develop profiles of bad actors on X, and complete scaled investigations into those bad actors.

• Build heuristic rules to detect and prevent account security issues on X, and contribute to building other detection systems and Trust & Safety product features.

• Develop and collaborate on building internal tools to help detect potential account security issues to protect user accounts from account takeover

• Perform continuous research based on open source and internal tooling on specific account security threats, including threat actors and campaigns, to determine detection and enforcement gaps for X Rules and policies. This includes campaign tracking and trending evaluation.

• Investigate account security anomalies detected by other Trust & Safety or partner teams.

• Participate in Red/Blue team activities as needed.

• Produce brief bulletins, assessments, or full-length profiles of actors for stakeholders delivered in a timely and contextual manner. 

• Manage external and internal account security related partnerships on behalf of X. This includes optimizing and managing data sources of threat intelligence information.

Required Qualifications: 

• Bachelor’s Degree in Computer Science, Information Assurance, Security, Management Information Systems, Risk Management or equivalent work experience acceptable.

• 3+ years working on account security issues, preferably at an internet or technology company.

• Familiar with authentication protocols including password-based and passwordless (biometric or FIDO2) offerings.

• Understanding of the limitations of password-based authentication methods including guessing, brute-force, and leaks.

• Well-versed with the access control policies, network layer attacks and defenses, Oauth tokens etc.

• Experience creating heuristic-based rules (e.g. YARA)

• Experience using SQL and relational databases in your work. 

• Experience with problem solving and troubleshooting complex issues with an emphasis on root cause analysis.

• Strong interpersonal and communication skills. Must be able to effectively communicate security and threat concepts with both technical and non-technical individuals.

• Works well under pressure, and is comfortable working in a fast-paced, ever-changing environment.

Preferred Qualifications: 

• Hands-on experience on Account Takeovers (ATO), peeking, and Combolist exploitation tools (OpenBullet and SilverBullet)

• Ability to use Python, R, or another scripting language to facilitate scaled data analysis and development of proactive detections.

• Experience with threat models such as Kill Chain or MITRE ATT&CK.

• Preferred: Past experience or knowledge of Scala and/or Java programming languages.

Note: this role involves potential exposure to sensitive or graphic content, including but not limited to vulgar language, violent threats, pornography, and other graphic images.