Principal Security Engineer Adversary Management Threat Intelligence
Posted on: March 17, 2023
The Intuit Adversary Management team is looking for a security professional who has skills and familiarity of security frameworks, attack surfaces, big data, software development, and cloud environments. We're using data in groundbreaking ways to uncover insights on how adversaries are emerging their techniques, tactics and procedures (TTP's). This individual will help support their team in building technologies, collecting and storing data from various sources, correlating and analyzing data to understand adversaries motives and intent. This individual will closely work with their team to present requirements and drive solutions that align with Intuit Adversary Management team's mission.
What you'll bring
10+ years of experience with adversary intel collection, data analysis, and \ or security testing
BS/MS in computer science \ mathematics \ data science or equivalent work experience
1+ years of experience using scripting languages; preferably python
1+ years of experience with web services (consuming or creating) with REST or SOAP
Solid communication skills: Demonstrated ability to explain complex technical issues to both technical and non-technical audiences
1+ years of experience with SQL, NoSQL, Graph data warehouses and analysis tools.
Experience with network discovery and application fingerprinting
Experience in researching, experimentation and innovation
Experience with social, mobile, cloud/SaaS, big data, and Linux
Experience with at least one scripting language, preferably python
Experience with at least one cloud environment; AWS, GCP, etc
Familiarity with BI and analytic tools, preferably Google Big Query and DataStudio
Always Be Learning: Demonstrate advanced critical thinking and trouble-shooting capabilities to assess, prioritize, plan, and implement tasks and solutions effectively, including the ability to manage multiple projects at a time
How you will lead
Ability to lead and develop data models to derive adversary insights about the attack surface, and assist in identification using behaviors and characteristics
Ability to develop data models around indicator patterns to identify undetected adversary activity.
Understanding of moderate to advanced indicators from a given TTP's use.
Ability to lead and the collection of adversary tactics, techniques, and procedures (TTP's) across mobile, web, and cloud infrastructure
Ability to lead and identify and categorize moderate to advanced TTPs to a given threat actor
Ability to lead and automate identification, categorization and intent classification of moderate and advanced TTPs to a given adversary
Demonstrated ability to iterate, create innovative solutions and get stakeholder investment.
Use Big Data, AI & ML to automate threat prediction across all attack surfaces, predict adversary infrastructure, and identify and predict various adversaries and their intent
Can discover and walk through abuse cases specific to the choice of technologies (internal or third party).
Ability to lead, identify and mapping emerging threats to the attack surface and quantify risk.
Ability to use active and passive reconnaissance techniques to find and enumerate networks, DNS and understand potential vulnerabilities
Use Big Data, AI & ML to risks on the attack surface, identify threat actors, related basic indicators, related TTPs, and to make security decisions
Advanced understanding of the data filter/preprocessing between non-security related data and security signals
Ability to perform moderate to advanced data QA tasks as part of handling data feeds
Familiarity with software development lifecycle and understanding of software design/architecture and fundamentals (algorithms and data structures).
Strong understanding of the customer problem being solved, and experience defining and validating the customer problem.
Moderate understanding of architecture patterns; DNS, Internet, AD, web, messaging, storage, containers
Public Cloud: Fundamental knowledge of Cloud Networking, Cloud Computing, Cloud File Systems, Cloud Databases, and Storage.
Proactively identifies slow performing code, understands the execution and works with the team to improve performance of slow performing code.
Proficient at identifying required data to solve business problems
Builds feature engineering pipelines for prototypes
Ability to debug complex issues in data pipelines. Identifies opportunities to add resiliency to make data pipelines stable.
Writes complex queries and can simply existing queries to increase runtime performance
Takes a metric-driven and data-backed approach to evaluate the customer benefit of a solution delivery and pivots/iterates as necessary with full accountability and ownership
Experience in building threat models and deep knowledge of potential vulnerabilities of the systems/design/code and working with a team to mitigate those vulnerabilities.
Builds and enhances existing code standards, finds logic error and bad practices in code review and provides concrete and actionable feedback as a peer reviewer on code requests
Understands and clearly articulates implications of architectural situations and understands impact of trade offs
Experience working on highly complex technical challenges delivering durable capabilities that can be leveraged by other teams.
Deep understanding of technology evaluation for build vs partner vs buy
EOE AA M/F/Vet/Disability. Intuit will consider for employment qualified applicants with criminal histories in a manner consistent with requirements of local law.
Keywords: Intuit, Plano , Principal Security Engineer Adversary Management Threat Intelligence, Executive , Plano, Texas
here to apply!