Threat Intelligence Engineer

  • GitLab
  • Remote, APAC
  • 23 Sep, 2024

Job Description

GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry. We make this possible at GitLab by running our operations on our product and staying aligned with our values. Learn more about Life at GitLab.

An overview of this role

Whether you're an intermediate engineer with strong threat intelligence experience or a seasoned senior, we're looking for our first dedicated Threat Intelligence Engineer. You'll be joining a program in its early stages, built on a solid foundation by current members of our Security Operations team.

Your mission will be to provide actionable intelligence that empowers GitLab to make informed, proactive decisions about security. We want to get in front of threats before they materialize - using intelligence to see around corners and anticipate the next attack.

We'll rely on your strong hands-on technical skills to monitor our unique threat landscape, focusing on credible threats to GitLab and the software supply chain. You'll leverage your Linux and Python expertise as a force multiplier, expanding our capabilities through automation and AI. Additionally, you'll build meaningful relationships with industry peers, sharing intelligence and contributing to the industry as a whole.

As the founding member of this new team, you'll help us refine our processes and iterate towards a more mature threat intelligence program. We've laid the groundwork with reporting templates, metrics for success, tooling, feeds, and industry connections. Now we need you to put this framework into action - uncovering real-world attacks, making attributions, and building a thriving intel-sharing community.

You'll be supported by Security Operations engineers who dedicate a portion of their time to threat intelligence. We'll encourage you to collaborate across security, infrastructure, and product teams to help keep our customers, platform, and organization secure.

If you're excited about shaping the future of threat intelligence at GitLab, we want to hear from you!

What You’ll Do  

  • Monitor the threat landscape, identifying and analyzing the risks most relevant to GitLab.
  • Deliver actionable intelligence via recurring Threat Insights and ad-hoc Flash Reports.
  • Collaborate on Threat Actor Tracking, helping us stay one step ahead of our top threats.
  • Collaborate on Purple Team Flash Operations, where emerging threats are turned into collaborative exercises to rapidly improve our defensive capabilities.
  • Build meaningful relationships with industry peers, sharing intelligence and collaborating on emerging threats.
  • Write code, leverage AI, and build automation to improve process efficiencies on the team.

What You’ll Bring 

  • Proven track record of delivering actionable intelligence that has had a meaningful impact on the security of an organization.
  • Experience with MITRE ATT&CK framework and its application in threat analysis.
  • Experience working with a Threat Intelligence Platform (TIP) and threat feeds.
  • Experience researching adversaries using OSINT techniques.
  • Ability to automate tasks by writing basic scripts/programs, preferably with Python
  • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner
  • Optional but valuable: experience reverse engineering malware
  • Optional but valuable: public examples of blogs or open-source work related to threat intelligence

About the team

This role will be the first member on a new team with the Security Operations department. You will report to a Security Manager based out of Australia, who also runs our Red Team.

Security Operations includes SIRT, Trust & Safety, Red Team, and Security Logging.

How GitLab will support you

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.

Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.  

Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us.

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.