Staff Cyber Threat Intelligence Engineer
Role Description
Dropbox is seeking a Staff Security Engineer to join our Threat Intelligence and Hunting team. You will investigate critical threats to Dropbox and our customers, profiling threat actors and uncovering the actions, techniques and objectives of these malicious actors.
With your expertise, you will work to ensure the security of Dropbox and our customers. Aiming to protect both those who use our platform, and those who engage with through their friends, family and colleagues. We want to ensure trust in the Dropbox platform by protecting all users interactions with our products.
Responsibilities
- Serve as subject matter expert on threat actors focused on Dropbox and our customers
- Work across the security organization and engineering departments to define technical strategy in order to identify and disrupt threat actor activity in near-real-time.
- Establish and maintain relationships with industry peers to collaborate and share knowledge on various threat actors
- Investigate and hunt for malicious activity across all Dropbox environments
- Document and communicate investigations into threat actors, their activity, TTPs, briefing internal customers and partnering to detect, disrupt and mitigate attackers
- Active participation in developing, documenting and implementing new processes to expand and mature capabilities
- Analyze telemetry data to identify signals indicative of sophisticated threat actors
- Deep dive and analyze key business performance metrics, identify gaps, create plans to mitigate and drive to closure
- Develop, track, and report on key program performance metrics
Requirements
- 10 years of experience in threat intelligence, cybercrime investigations/intelligence, tracking threat actor behaviors, including investigating, researching, or analyzing TTPs (Tactics, Techniques and Procedures), or attribution research
- Demonstrated Threat Intelligence, Threat Hunting and experience with tooling to support both
- Strong demonstrated knowledge of common offensive techniques, and an in-depth knowledge of UNIX tools and architecture
- Experience monitoring and analyzing deep/dark web forums
- Experience with malware, network flow and large-scale data analysis.
- Experience with threat modeling or other risk identification techniques
- Experience in areas such as system security and/or network security
- Experience with security vulnerabilities, exploitation techniques, and methods for remediation
- Experience analyzing logs, building detections and coordinating remediation
- Scripting skills (e.g. Python, PowerShell, other common languages)