Threat Intelligence Engineer

Threat intelligence engineers research and provide information about specific threats to help us protect from the types of attacks that could cause the most damage.

As members of GitLab’s Security Operations department, Threat Intelligence engineers provide actionable intelligence that empowers GitLab to make informed, proactive decisions about security.

The team monitors the threat landscape with a focus on identifying the most relevant risks to GitLab. We analyze these risks, track the associated threat actors, and build relationships with industry peers.

Being a Threat Intelligence Engineer at GitLab involves a mixture of traditional analyst activity, engineering/automation work, and collaborating across the organization to ensure that intelligence leads to lasting security outcomes.

Responsibilities

  • Prepare actionable Flash Reports based on emerging and relevant threat information
  • Prepare monthly Threat Briefings focussed on the impact and outcomes of each month’s intelligence-driven activity
  • Respond to internal Requests For Information (RFI) from teams across GitLab
  • Support incident response, threat hunting and Purple Team Flash Operations with data enrichment and malware, infrastructure and behavior analysis
  • Leverage our Threat Intelligence Platform (TIP) for data collection, analysis, and automation
  • Track threat actors that pose the greatest risk to our organization, our platform, and our customers - developing detailed profiles on their motivations and capabilities

Requirements

  • Ability to use GitLab
  • Experience working with the MITRE ATT&CK framework
  • Experience working with a Threat Intelligence Platform (TIP) and threat feeds
  • Experience researching adversaries using OSINT techniques
  • Ability to automate tasks by writing basic scripts/programs, preferably with Python
  • An adversarial mindset - you must be able to put yourself in the mind of the attacker
  • Strong written and verbal communication skills with an ability to articulate complex topics in a clear and concise manner

Levels

Threat Intelligence Engineer (Intermediate)

This position reports to a Senior Manager in Security Operations.

Threat Intelligence Engineer (Intermediate) Job Grade

The Threat Intelligence Engineer is a grade 6.

Threat Intelligence Engineer (Intermediate) Responsibilities

Threat Intelligence Engineer (Intermediate) Requirements

Senior Threat Intelligence Engineer

Senior Threat Intelligence Engineer Job Grade

The Senior Threat Intelligence Engineer is a grade 7.

Senior Threat Intelligence Engineer Responsibilities

  • Includes base-level responsibilities
  • Publish blogs on threat-related topics including novel malware or threat actor identification
  • Mentor other engineers and ensure quality standards across their work
  • Participate in candidate interviews during the hiring process
  • Contribute to the maintenance and development of our Threat Intelligence Platform (TIP) for data collection, analysis, and automation
  • Develop and test threat hypotheses through research, threat hunting and detection rule/query creation

Senior Threat Intelligence Engineer Requirements

  • Includes base-level requirements
  • Expertise developing analytical assessments and using analytical models to support decision making and threat clustering
  • Experience developing and deploying sophisticated automation, preferably with Python
  • Detailed understanding of threat actor techniques for attacking software supply chains, SaaS applications and cloud environments
  • Ability to identify emergent themes in threat actor behavior and promote organizational resilience
  • Excellent written and verbal communication skills with the ability to build from tactical data to strategic insights
  • Understanding of one or more query languages or detection rule formats and familiarity with detection engineering

Staff Threat Intelligence Engineer

Staff Threat Intelligence Engineer Job Grade

The Staff Threat Intelligence Engineer is a grade 8.

Staff Threat Intelligence Engineer Responsibilities

  • Includes Senior-level responsibilities
  • Evangelize and foster a culture of threat awareness across GitLab, and may represent GitLab at industry events
  • Serve as a trusted advisor to security leadership with an expert ability to prioritize and contextualize industry reporting and internal data
  • Identify, propose and pursue major initiatives within Threat Intelligence and beyond
  • Drive program focus areas and the selection of analytical methodologies to maximize impact and efficiency
  • Develop, refine and report on metrics to demonstrate program effectiveness

Staff Threat Intelligence Engineer Requirements

  • Includes Senior-level requirements
  • Recognized expertise in one or more threat intelligence domains such as malware analysis, OSINT, attribution or intelligence analysis
  • Expertise developing innovative, high impact automation, preferably with Python
  • Experience promoting knowledge transfer and standards development within a high-performing analytical team
  • Outstanding written and verbal communication skills with the ability to effectively influence technical and non-technical stakeholders and resolve conflicts
  • Experience establishing and tracking security program KPIs and developing data-driven visualizations to demonstrate value and guide strategic decisions

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates receive a short questionnaire from our Recruiting team
  • Selected candidates will be invited to schedule a 30 minute screening call with our Recruiting team
  • Next, candidates will be invited to schedule an interview with a Security Operations Senior Manager
  • Candidates will then be invited to schedule an interview with Security Engineers within Security Operations
  • Successful candidates will subsequently be made an offer via email

As always, the interviews and screening call will be conducted via a video call. See more details about our hiring process on the hiring handbook.

 


About GitLab

GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry. We make this possible at GitLab by running our operations on our product and staying aligned with our values. Learn more about Life at GitLab. Thanks to products like Duo Enterprise, and Duo Workflow, customers get the benefit of AI at every stage of the SDLC. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier. All team members are encouraged and expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact across our global organisation.

See our culture page for more!

Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.