Threat Intelligence Integration Engineer

What You’ll Do

• Assist with integrating Analyst1 and other Threat Intelligence Platforms (TIPs) with different security and operation tools, such as ServiceNow, Armis, Sentinel One, SIEM, EDR, IDS/IPS, and other network security tools, to enhance threat detection and response capabilities.
• Validate data is received from multiple tools including but not limited to ServiceNow, Armis,  and Sentinel One. 
• Utilize automation opportunities to streamline threat intelligence workflows and improve incident response times.
• Ensure seamless integration with existing security infrastructure, including endpoint security, firewalls, and SOAR platforms.
• Develop and maintain detailed System Security Concept of Operations (ConOps) documents that outline the operational procedures and guidelines for the security architecture.
• Align the security architecture with the organization’s overall business and technology strategy, ensuring it balances business requirements with information and cybersecurity needs.
• Plan, design, build, tested, and implement robust security architectures for all IT projects.
• Perform vulnerability testing, risk analyses, and security assessments to ensure the efficacy of the security designs.
• Test, evaluate, and verify hardware and software to ensure systems and architecture are consistent with cybersecurity architecture guidelines and requirements.
• Identify critical system capabilities and business functions that require enhanced security measures and prioritize them based on risk and impact on the organization.
• Conduct regular security reviews to identify gaps in the security architecture and determine the effectiveness of the current security design.
• Recommend changes or enhancements as necessary based on security reviews.
• Assist in configuring and re-configuring security tools to ensure they align with the overall security architecture.
• Use threat intelligence to optimize the configuration of these tools and improve their effectiveness.

Required: Education + Experience

• 5+ years of experience with SIEM systems, MITRE ATT&CK Framework, Endpoint Security Services, and the onboarding and implementation of various security tools.
• Proven experience in analyzing alerts from Cloud, SIEM, and EDR tools, and in the alerts tuning process.
• Familiarity with cybersecurity operation center functions and experience configuring and re-configuring security tools.
• Experience with security frameworks and the ability to interpret use cases into actionable monitoring solutions.

Strong Working Knowledge:

• Security Information and Event Management (SIEM) systems
• Intrusion Detection/Prevention Systems (IDS/IPS)
• Network and Host Malware Detection and Prevention
• Web/Email Gateway Security Technologies
• Security tools and threat intel platform integration
• Utilization of available Artificial Intelligence (AI) and Machine Learning (ML) opportunities to enhance security operations.

Preferred

• Bachelor’s Degree in an engineering or cyber discipline

Nice to Have Certifications

• CompTIA Net+, A+, Security+
• Certified Testing Engineer (CPTE)
• Certified Ethical Hacker (CEH)
• Certified Information System Security Professional (CISSP)

Security Requirements

• U.S. Citizenship required.
• Ability to obtain Public Trust (or higher) government clearance.