Cyber Risk Defense Principal ($160K – $175K) + Bonus

Job description


Do you enjoy information security research and threat intelligence? Are you a highly motivated, experienced Cyber Threat Intelligence (CTI) Analyst with a passion for cybersecurity and a desire to work with a dynamic team?  Do you have experience in strategic, operational, and tactical threat intelligence?

This is a Principal Cyber Threat Intelligence role on our Threat Intelligence and Detection Engineering (TIDE) team.  The successful candidate will handle analyzing complex cyber threats, developing intelligence-based strategies to mitigate these threats, and communicating these strategies to key stakeholders. As a senior member of our cybersecurity team, the principal will work closely with other analysts, engineers, and security teams to ensure the protection of our company’s critical information.

The individual is driven and passionate about following new developments in the threat landscape.


  • Curate tactical and strategic information from multiple intelligence and data sources
  • Research into new methodologies to detect and prevent both common and emerging threats
  • Research threat actors and their associated tools, tactics, procedures, and goals
  • Research emerging threats from malware samples, exploitation attempts, and other evidence of staged malicious infrastructure and activity
  • Monitoring of current threats against the enterprise and providing analysis of effective proactive and reactive capabilities to reduce risk
  • Tracking of common and emerging attacker Tactics, Techniques and Procedures (TTPs) and their respective detection and prevention opportunities
  • Support Threat Detection and Response teams
  • Support incident responders during active investigations and incidents
  • Provide prioritized intelligence reporting with details appropriate to both downstream teams and upstream leadership
  • Conduct advanced research and analysis of cyber threats and adversaries to support the development of intelligence-driven defense strategies.
  • Collaborate with other cybersecurity team members to identify and assess potential risks and vulnerabilities to our company’s systems and networks.
  • Develop intelligence products and reports that provide situational awareness, threat assessments, and recommended mitigation strategies.
  • Conduct in-depth technical analysis of cyber threat indicators and develop and maintain a robust understanding of emerging cyber threats.
  • Participate in the development and implementation of threat intelligence processes, tools, and technologies to support the delivery of actionable intelligence.
  • Communicate effectively with key stakeholders, including executives, technical teams, and external partners, to ensure the timely dissemination of intelligence and the alignment of security strategies with business objectives.
  • Provide mentorship and guidance to junior analysts to support their professional development and the growth of the cybersecurity team.
This senior level employee is primarily responsible for managing and directing the maintenance and protection of integrity and reliability of the security of data, systems and networks.
Essential Responsibilities:
  • Drives the execution of multiple work streams by identifying customer and operational needs; developing and updating new procedures and policies; gaining cross-functional support for objectives and priorities; translating business strategy into actionable business requirements; obtaining and distributing resources; setting standards and measuring progress; removing obstacles that impact performance; guiding performance and developing contingency plans accordingly; solving highly complex issues; and influencing the completion of project tasks by others.
  • Practices self-leadership and promotes learning in others by soliciting and acting on performance feedback; building collaborative, cross-functional relationships; communicating information and providing advice to drive projects forward; adapting to competing demands and new responsibilities; providing feedback to others, including upward feedback to leadership; influencing, mentoring, and coaching team members; fostering open dialogue amongst team members; evaluating and responding to the strengths and weaknesses of self and unit members; and adapting to and learning from change, difficulties, and feedback.
  • Leads team in the proactive monitoring and/or response to known or emerging threats against the KP network.
  • Effectively communicates investigative findings to non-technical audiences.
  • Provides consultation in regular operations meeting with TDA, TRI, and/or TAG teams.
  • Drives closed loop processes on security efforts by providing feedback to the TDA leads and/or leadership.
  • Demonstrates a consulting value by recommending adjustments to the collection strategy for deltas in scope, size, or emerging security threats. 3-3
  • Drives information fusion procedures across operations and engineering, including activities such as Use Case planning/development, Use Case quality assurance validation, and response procedure documentation.
  • Serves as a liaison between stage teams and upper management by identifying issues, improvement areas, or security/architectural gaps and suggesting appropriate improvements.
  • Drives the development of the CDC intellectual capital by leading process or procedure improvements, consulting on brown bag training sessions, and leading the development of new training documents.
  • Builds partnerships with the CDC Policy Engineers and Remediation teams to contain identified issues and determine the best approach for improving security posture.
  • Facilitates follow-up remediation design and review efforts related to highly complex security events.
  • Leads the investigation and triage of a wide variety of security events across cyber security domains.
  • Serves as a subject matter expert in performing complex data analyses to support security event management processes, including root cause analysis.
  • Coordinates the response and resolution of high impact or critical cyber security incidents.
  • Provides insight and influence in determining the strategic direction for the development and deployment of threat detection capabilities and/or incident response plans.
  • Drives the development and implementation of incident detection and/or handling processes which may include containment, protection, and remediation activities.
  • #CYBCL
Minimum Qualifications:
  • Minimum four (4) years in an informal leadership role working with project or technical teams.
  • Bachelors degree in Business Administration, Computer Science, Social Science, Mathematics, or related field and Minimum ten (10) years experience in IT or a related field, including Minimum four (4) years in information security or network engineering. Additional equivalent work experience may be substituted for the degree requirement.
Preferred Qualifications:
  • Four (4) years experience in cyber security vulnerability, threat response, or investigation.
  • Two (2) years of work experience in a role requiring interaction with executive leadership (e.g., Vice President level and above)
  • Three (3) years experience working on cross-functional project teams
  • Four (4) years work experience requiring the development of technical documents or presentations.
  • Four (4) years experience working on projects or programs requiring the integration of cross-functional technology and/or business solutions.
  • Two (2) years experience managing vendor relationships.
  • Four (4) years experience in IT incident management, including the development and/or deployment of remediation plans.
  • Four (4) years in the operation of SIEM solutions.
  • Five (5) years experience in large scale cyber security data analytics, including the identification of data-driven threat collection opportunities.
  • Five (5) years experience researching, developing, and implementing data-driven threat detection capabilities.
  • Five (5) years experience in cyber security threat research or large scale data analytics.
  • Masters degree in Business Administration, Computer Science, Social Science, Mathematics, or related field.
  • Security certification (Security+, CISSP, CISA).
  • Global Information Assurance certification(s).

To apply for this job email your details to