(Senior) Security Engineer, Security Engineering & Threat Intelligence

We are looking for an intermediate level security engineer to join our Global Cybersecurity Services Team. As part of our modern cybersecurity operating model, the role will be engaged in enhancing our security technology stack, building AI driven security automation workflows and contributing to security operations and threat management. 
We are building a modern, multi-cloud, intelligence driven security operations capability that will heavily involve AI and automation; and will require engineering and operational skills at all levels. 

Responsibilities

• Detection & Response - be part of the detection & response engineering lifecycle to develop, analyse and tune alerts for stakeholders to ensure detections are accurate and of high quality. This includes deep diving into telemetry and alerts sent to security operations, performing log review and root cause analysis. Proficient in performing investigations using open source and proprietary tools, including but not limited to - EPP/EDR/XDR software, SIEM platforms, automation scripts, etc.


• Automation & DevOps - Build, maintain and enhance our CICD capabilities. Develop and enhance IaC templates or playbooks using tools such as Ansible, Terraform, Cloudformation etc. Experience with scripting and/or using hyperautomation platforms to automate and orchestrate workflows.


• Security Engineering - Build, maintain and enhance our security operations technology stack, which includes next generation SIEM and hyper automation solutions. Build and enhance security logging and detection engineering practices, manage the detection use case life cycle. Relentlessly automate and creatively incorporate AI into workflows.


• Threat Intelligence Management 
Threat Intelligence Collection - Gather and analyze data from diverse sources, including OSINT, dark web forums, commercial feeds and internal telemetry.Threat Analysis - Assess threat actor capabilities, motivations, TTPs; perform targeted attack analysis, attribution analysis and recommend improvements for the global security program and/or specific security control domains.Making Threat Intelligence Actionable - Translate intelligence (operational/tactical/strategic) into actionable outputs. Familiarity with deception technology and Collaboration & Incident Support - Partner with other security stakeholders to contextualize threats, provide CTI insights during incidents and prioritize defensive actions.

• Security Projects - Lead projects and initiatives that may involve - Endpoint Security enhancements, Attack Simulation, Use Case Validation, Threat Hunting, Compromise Assessments, Network/Endpoint security reviews, etc. 


• Leadership - Be comfortable with cross-functional leadership and stakeholder management. Be willing to mentor and contribute to the growth and capability of the team. 

Requirements

• 5-7 years of experience in Information Security, with technical hands-on experience in Security Engineering, Security Operations, Cyber Threat Intelligence, Security Engineering, Digital Forensics, Incident Response, Endpoint Security or Cloud Security. 
• Working Experience with SIEM, EPP/EDR/XDR, SOAR, Threat Intelligence Platforms (TIPs), Open Source Threat Intelligence solutions (eg. MISP, OpenCTI, etc).
• Working experience with Cloud environments like AWS, Azure and GCP.
• Working experience in Cyber Threat Intelligence roles (Analyst, Engineer, Consultant).
• Working experience in the practical implementation of operational, tactical and strategic threat intelligence.
• Experience in applying AI/ML in cybersecurity use cases. 
• Experience in using scripting languages to automate tasks and manipulate data or programming experience.
• Highly self-motivated, attention to detail and outcome driven.
• Proficiency in verbal and written English