Lead Security Engineer

Descripción De La Vacante
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Tech stack

C
Java
JavaScript
.NET
PHP
Microsoft Windows
API
Automation of Tests
Computer Security
Computer Programming
Databases
Data Infrastructure
Data Structures
Linux
Digital Forensics
Elasticsearch
Perl
Web Servers
Intrusion Detection and Prevention
Virtual Private Networks (VPN)
JSON
jQuery
Python
Network Security
PostgreSQL
Log Analysis
MongoDB
MySQL
Network Protocols
Open Source Technology
Open Source Intelligence
Systems Development Life Cycle
RabbitMQ
Redis
Cloud Services
Security Information and Event Management
Software Engineering
Product Software Implementation Methods
Systems Integration
Software Vulnerability Management
XML
YAML
Parquet
Snowflake
Mitre Att&ck
Cyber Threat Analysis
Cybercrime
Kafka
Apache Nifi
Api Management

Job description

Fairygodboss is seeking a Lead Security Engineer in Barcelona to design and maintain the Threat Intelligence Program's operations. You will collaborate with security teams and provide technical leadership while ensuring seamless integration with various data sources., Lead Security Engineer - In this role you will design, develop, enhance, and maintain the Threat Intelligence Program's Platform Operations, Automation, and Integrations. You will provide technical leadership and work closely with infrastructure security engineers, threat intelligence analysts, threat hunters, and the security operations team. RESPONSIBILITIES

  • Develop Indicator Enhancement/Enrichment Playbook for the Threat Intelligence Platform (TIP).
  • Collect and ingest data from various sources to the TIP.
  • Develop systems integration between multiple Threat Intelligence Source APIs and the TIP to ingest indicators of compromise.
  • Build threat intelligence data dashboards with tagging, indicator types, threat severity and confidence levels.
  • Maintain API connections with security stack solutions.
  • Maintain API enabling integration between Apache Nifi and the indicators database (mirror of the Threat Intelligence Platform Database).
  • Develop and maintain threat intelligence systems to gather IOC data from multiple external feeds.
  • Collect, review, and analyze internal, open-source, and dark-web datasets for integration with TIP and monitoring solutions.
  • Apply knowledge of current cyber threats and associated tactics, techniques, and procedures.
  • Maintain VPN infrastructure and email servers used for notifications and automated projects.
  • Provide accurate, priority-driven analysis on cyber activity and present complex topics to senior managers.
  • Establish and maintain relationships with cyber security and infrastructure support teams across the organization.
  • Develop processes, scripts, and code quickly to support operations and improve automation.
  • Work in a fast-paced environment with minimal supervision.
  • Collect, analyze, investigate, store, and disseminate threat intelligence (actors, campaigns, TTPs, IOAs, IOCs).
  • Conduct detailed technical analysis using industry-accepted frameworks, tools, and standards.
  • Create and evaluate trend/correlation analysis for scenario forecasting.
  • Develop and refine cyber-threat intelligence collection and analysis processes.
  • Generate presentations with visualizations, charts, graphs, infographics, and evidence for senior leadership.
  • Provide input for developing objectives, key results, and program metrics.
  • Demonstrate strong critical thinking, problem-solving skills, and sound judgment.
  • Maintain professional contacts in communities to support operations.
  • Support the Critical Incident Response Center (CIRC)/SOC with intelligence for ongoing investigations.

Requirements

The ideal candidate will have over 8 years of cybersecurity experience and proficiencies in threat intelligence systems and API management. This role involves developing playbooks, technical analysis, and improving automation processes., * 8+ years of cybersecurity, threat intelligence, or network security experience.

  • Strong understanding of cybersecurity principles and methodologies.

  • Knowledge of Threat Intelligence life cycle and terminology., * Develop Indicator Enhancement/Enrichment Playbook for the Threat Intelligence Platform.

  • Maintain API connections with security stack solutions.

  • Conduct detailed technical analysis using industry-accepted frameworks., Excellent communication and report-writing skills Programming experience in Python, Perl, PHP, Java, .NET, and C Firm understanding of Software Development Life Cycle (SDLC) Proficiency with jQuery/JavaScript 8+ years of cybersecurity experience, * Excellent communication and report-writing skills.

  • Firm understanding and implementation of Software Development Life Cycle (SDLC) processes.

  • Programming experience in Python, Perl, PHP, Java, .NET, and C.

  • Proficiency with jQuery/JavaScript web client applications.

  • Experience with database infrastructure development (PostgreSQL, MySQL, MongoDB, DocumentDB, Elasticsearch).

  • Knowledge of STIX/TAXII formats and integration with security stack.

  • 8+ years of cybersecurity, threat intelligence, or network security experience.

  • Experience in Cyber Threat Intelligence, Threat Hunting, System Administration, Intrusion Detection/Prevention, Monitoring, Incident Response, Digital Forensics, or Vulnerability Management.

  • Understanding of network security concepts, threat and risk analysis, security event/incident monitoring, asset and risk management, and intrusion detection/prevention sensors.

  • Experience configuring Windows and Linux networks.

  • Prior experience as a technical cyber threat intelligence subject-matter expert across organizational boundaries.

  • Strong understanding of cyber security principles, methodologies, and best practices.

  • Knowledge of the Threat Intelligence life cycle and terminology.

  • Familiarity with Threat Intelligence tools, platforms, and technologies (SIEM, WAF, etc.).

  • Experience writing automation code in any language, preferably Python.

  • Knowledge of network protocols, log analysis, and data structures (JSON, YAML, CSV, XML, Parquet).

  • Proficiency in developing and orchestrating automations throughout the threat intelligence life cycle., * Knowledge of advanced cyber threats, threat vectors, attacker methodology, and ATT&CK framework.

  • Experience with threat detection and analysis solutions.

  • Knowledge of cloud services, infrastructure, and operations.

  • Experience with premium threat intelligence tooling and/or open-source intelligence techniques.

  • Experience with TIP automation development, collection, maintenance, and integrations.

  • Experience disseminating information in accordance with TLP classification and handling protocols.

  • Self-directed organizational skills-initiate, coordinate, prioritize, and follow through on tasks.

  • Experience developing tools to enhance cyber-threat intelligence capabilities.

  • Security operations experience in the financial industry.

  • Hands-on experience with Snowflake, MongoDB, Redis.

  • Experience with AMQS (e.g., Apache Kafka, RabbitMQ).

Benefits & conditions

WHAT YOU'LL DO

  • Work in two-week sprints, meeting timelines and coding standards.
  • Tackle a variety of tasks-from migrations and new features to product enhancements and new services.
  • Learn new codebases and operate with a "figure it out" mentality.
  • Work on products using technology not previously utilized; devise solutions to emerging challenges.

Apply for this position