Threat Intelligence Engineer

An overview of this role

Whether you're an intermediate engineer with strong threat intelligence experience or a seasoned senior we're looking for our first dedicated Threat Intelligence Engineer. You'll be joining a program in its early stages built on a solid foundation by current members of our Security Operations team.

Your mission will be to provide actionable intelligence that empowers GitLab to make informed proactive decisions about security. We want to get in front of threats before they materialize - using intelligence to see around corners and anticipate the next attack.

We'll rely on your strong hands-on technical skills to monitor our unique threat landscape focusing on credible threats to GitLab and the software supply chain. You'll leverage your Linux and Python expertise as a force multiplier expanding our capabilities through automation and AI. Additionally you'll build meaningful relationships with industry peers sharing intelligence and contributing to the industry as a whole.

As the founding member of this new team you'll help us refine our processes and iterate towards a more mature threat intelligence program. We've laid the groundwork with reporting templates metrics for success tooling feeds and industry connections. Now we need you to put this framework into action - uncovering real-world attacks making attributions and building a thriving intel-sharing community.

You'll be supported by Security Operations engineers who dedicate a portion of their time to threat intelligence. We'll encourage you to collaborate across security infrastructure and product teams to help keep our customers platform and organization secure.

If you're excited about shaping the future of threat intelligence at GitLab we want to hear from you!

What You’ll Do

• Monitor the threat landscape identifying and analyzing the risks most relevant to GitLab.

• Deliver actionable intelligence via recurring Threat Insights and ad-hoc Flash Reports .

• Collaborate on Threat Actor Tracking helping us stay one step ahead of our top threats.

• Collaborate on Purple Team Flash Operations where emerging threats are turned into collaborative exercises to rapidly improve our defensive capabilities.

• Build meaningful relationships with industry peers sharing intelligence and collaborating on emerging threats.

• Write code leverage AI and build automation to improve process efficiencies on the team.

What You’ll Bring

• Proven track record of delivering actionable intelligence that has had a meaningful impact on the security of an organization.

• Experience with MITRE ATT&CK framework and its application in threat analysis.

• Experience working with a Threat Intelligence Platform (TIP) and threat feeds.

• Experience researching adversaries using OSINT techniques.

• Ability to automate tasks by writing basic scripts/programs preferably with Python

• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner

• Optional but valuable: experience reverse engineering malware

• Optional but valuable: public examples of blogs or open-source work related to threat intelligence

About the team

This role will be the first member on a new team with the Security Operations department. You will report to a Security Manager based out of Australia who also runs our Red Team.

Security Operations includes SIRT Trust & Safety Red Team and Security Logging.

How GitLab will support you

• Benefits to support your health finances and well-being

• All remote asynchronous work environment

• Flexible Paid Time Off

• Team Member Resource Groups

• Equity Compensation & Employee Stock Purchase Plan

• Growth and development budget

• Parental leave

• Home office support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role please apply and allow our recruiters to assess your application.