Senior Engineer SOC - Threat Intelligence

Senior SOC Engineer specialized in Threat Intelligence and Technical Solutions Engineering; you will play a crucial role in our Security Operations Center (SOC) team. With a minimum of 5 years of experience managing threat intelligence platforms and engineering technical solutions, your primary responsibilities will be to oversee various threat intelligence solutions and engineer technical solutions to enhance our security infrastructure. Leveraging your strong OS, network, API skills, and technical engineering expertise, you will ensure the effective management of threat intelligence feeds and optimization of threat intelligence solutions across the internal and external SOC ecosystem. Your role will also involve engineering technical solutions to improve our threat intelligence capabilities and overall security posture.

Responsibilities:

Threat Intelligence Platform Management: Manage and maintain commercial and open-source threat intelligence platforms and solutions, including configuration, optimization, and integration with other SOC tools.

Threat Intelligence Consumption: Manage the ingestion and consumption of threat intelligence in the TIP, ensuring information is available and correctly organized for analysis.

Threat Intelligence Dissemination: Manage the integration and dissemination of threat intelligence feeds into the SOC internal and external environment, ensuring compatibility with existing tools and workflows.

Integration with SOC Tools: Collaborate with other SOC engineering squads to tightly integrate threat intelligence solutions with existing SOC tools (SIEM, SOAR, EDR, NDR) and workflows for enhanced threat detection and service excellence.

Automation Development: Develop and implement automation scripts and processes to streamline the collection, normalization, and dissemination of threat intelligence data.

Customization and Enhancement: Customize and enhance threat intelligence platforms to meet the specific requirements of the SOC, including the development of custom parsers, connectors, and integrations.

OS, Network, and API Skills: Leverage your strong technical skills in operating systems, networking, and APIs to troubleshoot and resolve any issues related to Threat Intelligence platforms (TIP), Network Detection and Response (NDR), and other systems.

Threat Intelligence Analysis Support: Provide day to day support to threat intelligence analysts by ensuring they have access to relevant threat feeds and assisting in the analysis and interpretation of threat data and ensuring platform stability.

Performance Optimization: Continuously monitor, optimize, and report on the performance of threat intelligence solutions, identifying and resolving any issues or bottlenecks.

Documentation and Reporting: Maintain comprehensive documentation of threat intelligence platform configurations, processes, and procedures. Generate regular reports on threat intelligence activities and findings for stakeholders.

Collaboration and Knowledge Sharing: Collaborate with other SOC engineering teams to share knowledge, best practices, and lessons learned. Provide training and guidance to junior engineers as needed.

Qualifications:

• Minimum of 5 years of experience managing commercial or open-source threat intelligence platforms/solutions.
• Familiar with threat intelligence frameworks and standards, such as MITRE ATT&CK, STIX, TAXII, etc.
• Strong technical skills in operating systems, networking, and API integrations, with a solid understanding of security protocols and threat mitigation techniques.
• Experience with scripting languages (e.g., Python, PowerShell) for automation.
• Excellent problem-solving, analytical, and communication skills.
• Experience in Linux-based system administration, scripting, networking, managing file systems, employing best practices in securing systems.
• Proficiency and experience in design/deploy//operation of solutions within cloud environments.
• Familiarity in working with virtualized environments, such as VMware.
• Familiarity with containerized technologies (e.g., Docker, Kubernetes).

Certifications:

• Relevant certifications in threat intelligence or cybersecurity are a must.
• Network management certification is a must.
• Linux administrator certification is a must.
• Cloud administration certification is a must, Azure preferred.

Educational Experience:

A bachelor's degree in computer science, or a related field is needed with a postgraduate in cyber security preferred.