Intelligence Operations Engineer I (US Remote)

Reporting to the Product Manager of Intelligence, the Intelligence Operations Engineer I is responsible for assisting with the development and maintenance of tools and infrastructure used by Cofense Threat Intelligence Analysts to support the production of intelligence reporting. This role's mission is to amplify phishing campaign analysis, enrichment, correlation, validation, and reporting through higher efficiency production with maximized automation.

Essential Duties/Responsibilities

• Assist with the design and deployment of effective and scalable infrastructure and tools analyzing large datasets used to produce Threat Intelligence reports.
• Assist with the creation and maintenance of databases, relational data structures, and correlative processes to produce long-term trend analyses.
• Work with teammates to create optimized and innovative processes that ensure Threat Intelligence reporting is produced efficiently and with a high level of confidence.
• Troubleshoot and resolve issues in production analysis tools and infrastructure.
• Collaborate with Cyber Threat Intelligence Analysts to develop requirements for features and tools that will improve their workflow.
• Research and identify new technologies around malware analysis, automation, and data enrichment that will increase the efficiency of analysis and intelligence production.
• Collaborate with the Intelligence Development team to link analysis tools with collection sources and publication pipelines.
• Other duties as assigned.

• Working knowledge of Python and familiarity with at least one other programming language commonly used in "scripting" (JavaScript, PowerShell, Go, etc.)
• Functional knowledge of AWS and other cloud infrastructure tools and architectures
• Functional knowledge of containerized environment creation, operation, and administration (Docker)
• Experience using and configuring Elastic Search with an understanding of data structure and formatting (JSON)
• Understanding of malware analysis techniques, threat intelligence, and threat research
• Ability to use and modify command line script applications and utilities
• Familiarity with web development and frameworks such as Flask, Django or Vue
• Ability to effectively manage emerging priorities to ensure daily tasks are executed as needed
• Ability to communicate progress to analyst and leadership teams
• Ability to interact with customers to develop and deliver on requirements
• Highly motivated with a self-starter mentality and ability to work with minimal oversight
• Interest in cyber-attack lifecycles and threat actor tactics, techniques, and procedures.
• Candidate should enjoy fast-paced, team-oriented environments that encourage creativity.

• At least 2-3 years engineering and/or development operations experience preferred
• At least 1 year experience with malware analysis or incident response preferred
• Experience with developing automation pipelines preferred
• Experience with Continuous Deployment/Continuous Integration tools
• Experience with developing tools or software used by "Power Users"
• Experience in security operations or phishing and malware analysis preferred
• A Bachelor's degree in Computer Science, Cybersecurity, or Computer Forensics is preferred but not required