Snowflake12.05.2026
Principal Security Engineer - Threat Intelligence
Полная занятостьУдалёнка
Обязанности
- 01Help define and mature the strategy for Threat Intelligence at Snowflake, including where the program should invest in people, processes, engineering, and AI-enabled capabilities
- 02Identify, profile, and track threat actors targeting Snowflake, our customers, partners, and ecosystem, and translate that intelligence into relevant, actionable outcomes
- 03Operationalize threat intelligence to help prioritize security initiatives and drive action with the relevant security teams and stakeholders
- 04Produce high-quality intelligence reports, assessments, briefs, and leadership-ready communications based on external events, internal requirements, and proactive research
- 05Engineer solutions that improve the efficiency, scale, and impact of the Threat Intelligence program, including automations, collection pipelines, enrichment workflows, and analyst tooling
- 06Build and improve AI-assisted intelligence workflows for tasks such as report triage, signal enrichment, summarization, vendor/customer monitoring, and threat-informed hunts, with strong measurement and quality
- 07Partner closely with Threat Detection, Incident Response, and other security teams to convert intelligence into detections, threat hunts, investigative pivots, and control recommendations
- 08Monitor alerts, intelligence feeds, vendor reporting, and external developments for threat events that may affect Snowflake
- 09Drive standards for how intelligence is curated, evaluated, delivered, and measured so the program remains high-signal, timely, and scalable
- 10Mentor other engineers and analysts by raising the team’s technical depth, analytic rigor, and operational maturity
Требования
- 01Deep experience in threat intelligence, with strong background in several of: adversary intelligence, intrusion intelligence, supply-chain intelligence, identity intelligence, domain intelligence, and threat-informed defense
- 02Strong understanding of today’s threat actor ecosystem, including nation-state actors, criminal organizations, ransomware groups, fraud ecosystems, and the platforms and communities that enable them
- 03Demonstrated ability to operationalize threat intelligence and influence security priorities in partnership with detection, incident response, product security, cloud security, anti-abuse, and other stakeholders
- 04Strong engineering skills, including experience writing code in high-level languages such as Python or Go, building automations, and working with data-heavy security workflows
- 05Experience building or driving AI-assisted workflows for intelligence analysis, research triage, summarization, collection, prioritization, or investigative support, and good judgment about where AI adds value versus where human analysis is required
- 06Ability to research threat actors’ TTPs, infrastructure, targets, and objectives, and map those risks to Snowflake’s product, enterprise, and customer environment
- 07Experience with OSINT tools, data sources, investigative methodologies, and intelligence reporting for technical and executive audiences
- 08Strong understanding of threat hunting and threat detection methodologies, and the ability to turn intelligence into hunts, detection opportunities, and control recommendations
- 09A risk-based approach to security, with the ability to prioritize work based on business impact and evolving threat conditions
- 10A humble, team-oriented mindset with a bias toward collaboration, execution, and raising the bar for the broader team
- 11Significant experience in threat intelligence, cyber threat research, intelligence engineering, or closely related security disciplines
- 12Experience researching and tracking sophisticated threat actors targeting cloud-native and SaaS environments