The Senior IT Security Threat Intelligence Engineer functions include day-to-day operations supporting the organization's insider threat, internal/external investigations and threat intelligence programs. Secondary tasks will include the development and/or implementation of support solutions, which fit into the operations and security architecture. The Senior IT Security Threat Intelligence Engineer is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals.

RESPONSIBILITIES

Lead investigations into abnormal activity, notable security events, and escalated incidents. Lead eDiscovery and investigation initiatives of the business. Engineer eDiscovery processes and systems of record. Architect Threat Intelligence platforms and programs with an emphasis on improvement and accuracy. Provide advanced escalation support and training to the threat intelligence team. Document and report on specific duties, activities, problems solved, and issues resolved. Determine criticality of potential security threats and decide whether to engage in Incident Response. Incident Response support includes following the PICERL model. Ability to determine potential impact and whether escalation and reporting are required. Develop improvements and enhancements to inbound alerts to improve alerting and decrease false positives. Support Company operation services that require assistance from Security for additional enhanced analytics, data acquisition, and guidance. Collaborate with other Company departments for security enhancements, security solution specifications, and best practices training for security principles. Maintain up-to-date detailed working knowledge of the IT security industry. Maintain up-to-date baselines for the secure configuration and operation of all devices, whether under Information Security control (i.e., security tools) or other asset owners (i.e., workstations, servers, network devices, etc.). Architect monitoring of all necessary security solutions for efficient and appropriate operations (consistent controls, appropriate logging, regulated updates, etc.). Perform additional duties and assignments as requested.