Job Title | CTI (Cyber Threat Intelligence) Team Lead |
| |
Duration | 6 month contract to start, long term expectation |
Location | M-Th in-office; Various office locations: - Northern CA
- Rocklin office: 3750 Atherton Rd, Rocklin, CA 95765 <- strong preference
- San Francisco office: 100 North Point, San Francisco, CA 94133
- Brooklyn, NY: 55 Water Street, Brooklyn, NY 11201
|
| |
| |
| |
| |
Duties/Day to Day Overview | - Conduct threat intelligence analysis leveraging OSINT, proprietary threat feeds, and internal telemetry.
- Lead proactive threat hunting campaigns across networks, endpoints, and cloud environments using behavioral indicators and hypothesis-driven approaches.
- Perform incident response investigations including root cause analysis, containment, eradication, and lessons learned reporting.
- Execute digital forensic analysis on compromised systems, email threats, and insider threat cases.
- Collaborate with SOC, DevSecOps, and infrastructure teams to triage and remediate critical security events.
- Provide technical expertise to red team operations, simulate APT-style attacks, and help identify weaknesses in detection and response strategies.
- Assist in vulnerability management efforts by identifying high-risk issues and validating remediation plans.
- Support continuous improvement of threat detection capabilities, SIEM tuning, and custom alert development.
- Serve as an SME on network security protocols, firewall log analysis, lateral movement detection, and data exfiltration prevention.
|
Top Requirements (Must haves) | - Bachelor s degree in Computer Science, Information Security, or related field.
- 5+ years of experience in Information Security roles with deep exposure to threat intelligence, incident response, and forensics
- Cool calm, demeanor who is teachable and then can turn around and help others. Someone ordered and methodical.
- Prior experience in red team / offensive security operations or working alongside red team engagements
- Strong knowledge of attack frameworks such as MITRE ATT&CK, Cyber Kill Chain, and Diamond Model
- Hands-on experience with tools such as:
- Tanium, CrowdStrike, GoogleSec Opps, Proofpoint, Palo Alto Demisto, Axonius, ExtraHop
- Scripting or automation using Python, PowerShell, or Bash
- Solid understanding of network protocols, cloud architectures (AWS/Google Cloud Platform/Azure), and endpoint telemetry
- Excellent written and verbal communication skills for incident write-ups and executive briefings
- Experience in ecommerce protection/application security & compliance.
|
Additional Qualifications | - Experience with purple team engagements or SIEM detection engineering
- Familiarity with threat modeling and intel enrichment platforms
- Ability to brief stakeholders, legal, and compliance teams on cyber threat risks
|
| |