Location: Issaquah, WA.

Description of Position:
The role of every Information Security team member is to support the overarching values and business goals as they relate to meeting legal, ethical and regulatory obligations; protecting member’s and employee’s privacy; and maintaining a security technology environment for our operations. The Incident Response Threat Intelligence Engineer provides threat information to help identify threat actors and methods; to enable IT solutions to build effective controls against these threats; provide situation awareness to incident response; run threat assessments for high risk events (zero-days); support proactive incident hunting; advises on matters related to policies, standards and procedures; and mentors team members with lesser subject matter expertise. The Incident Response Threat Engineer develops, leads and monitors the Threat Intelligence Program.
 
Tasks and Responsibilities:

• Identifies and assesses internal and external cybersecurity risks that threaten the security of business operations.
• Develops and formalizes effective threat identification and assessment processes, including maintaining playbooks for obtaining, monitoring, assessing, classifying severity, and responding to evolving threats and vulnerabilities.
• Develops, maintains, and updates a repository of cybersecurity threat information that may be used in conducting risk assessments and report on cyber risk trends.
• Conducts research and evaluate intelligence data, with specific emphasis on tactics, techniques, and procedures.
• Turns threat information into actionable intelligence by integrating related Indicators of Compromise (IOC) into SIEM operations and incident response strategies.
• Correlates threat data from various sources and analyzes network events to establish the identity and modus operandi of malicious users active in or posing potential threats.
• Develops and documents Threat Intelligence procedures into Playbooks.
• Ensures that Threat Intelligence documentation is comprehensive and accurate including completes all relevant fields in case tracking database.
• Reports security performance against established security metrics.
• Works closely with various international Information Technology teams, state agencies and 3rd party vendors to develop a fuller understanding of the intent, objectives, and activity of cyber threat actors.
• Coordinates activities or engagements with loss prevention, 3rd party security retainers, interact with legal and law enforcement as required.
• Monitors Operation, Intelligence Analyst and Hunt Teams work queues and metrics. Requests and releases team members to different roles as needed.
• Identifies, develops, and implements mechanisms to detect security incidents and report on key metrics.
• Identifies and improves security incident detection and monitoring capabilities.
• Provides management and the IR team with a contextual snapshot of the Incident Response team challenges for multiple uses by the team and management.
• Participates in the assessment, analysis and design of solutions for the Threat Intelligence Program.
• Identifies gaps and recommends changes to the Incident Response Plan.
• Subject matter expertise and provide leadership to develop the Threat Intelligence Program.
• Provides mentoring and training on tools and processes to the Threat Intelligence Team and partners.
• Regular and reliable workplace attendance at your assigned location.

Required Skills, Abilities, and Certifications:

• A Bachelor’s degree in Computer Science or a minimum of 10 years of information security experience with a focus on threat intelligence.
• High degree of ethics/confidentiality required.  May be required to pass security screening.
• Ability to provide accurate analysis that minimizes bias and error.
• Ability to develop processes and tools to effectively share actionable intelligence information.
• Rule correlation evaluation and development experience highly recommended but not required.
• Ability to work effectively, independent of assistance or supervision.
• Ability to work under pressure in a highly team focused environment is required.
• Innovative, creative, and extremely responsive, with a strong sense of urgency.
• Willing to share knowledge and assist others in understanding technical and business topics.
• Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays.

• One or more professional security certifications such as CISSP (or equivalent).
• Experience with scripting languages such as Python.
• Familiarity with link analysis and data mining tools like Maltego.
• Successful internal candidates will have spent one year or more on their current team.