Threat Intelligence Engineer
4 days ago
Madrid
About The Job Desplácese hacia abajo para encontrar una descripción detallada de este trabajo y lo que se espera de los candidatos. Envíe su solicitud haciendo clic en el botón "Solicitar". You know adversaries by how they operate — and you know how to turn that knowledge into action. As a Threat Intelligence Engineer — Intrusion Analysis & Detection, you will help transform threat actor behavior into concrete defensive value: stronger detections, smarter hunting hypotheses, and intelligence that helps defenders move faster and more effectively. Within the Allianz Cyber Defense Center (ACDC), you will join a team that is evolving toward an AI‑augmented, intelligence‑driven operating model. This is a high‑impact opportunity to shape and mature intrusion analysis capabilities, automate repetitive intelligence workflows, and directly influence how a global organization defends itself against real‑world threats. What You Do • Analyze real‑world attacks, post‑incident findings, and emerging adversary tradecraft to identify relevant threat activity and convert retrospective analysis into forward‑looking intelligence., • Translate threat intelligence into actionable detection content by producing detection rules and analytical guidance for deployment by detection engineering teams across platform‑native environments., • Track threat actors and map tactics, techniques, and procedures to MITRE ATT&CK, identifying coverage gaps and generating meaningful hunting leads based on relevance to the Allianz environment., • Build and maintain automation for repetitive intelligence workflows using SOAR platforms, Power Automate, N8N, Python, scripting, and API integrations to improve speed, quality, and consistency., • Apply AI in daily analytical workflows to categorize incoming intelligence, enrich indicators, correlate reporting with tracked topics, and accelerate decision‑making., • Communicate findings clearly through dashboards, written intelligence notes, and operational briefings so that detection engineers, incident responders, IT administrators, and leadership can act confidently., • Support the full IOC lifecycle and contribute during active security incidents by providing timely analytical input, validation, and triage support as part of on‑call rotations. What You Bring • Hands‑on experience in intrusion analysis, including the investigation of real‑world attack patterns, adversary behavior, and post‑incident evidence., • Proven ability to turn intelligence into action through detection engineering, including authoring, tuning, or validating detection rules in production environments., • Strong knowledge of MITRE ATT&CK, especially at procedure level, and a solid understanding of the telemetry required to detect adversary activity effectively., • Practical coding and automation skills, ideally in Python, scripting, and API‑driven workflows, with a builder mindset focused on improving efficiency through automation., • Good understanding of the Threat Intelligence Lifecycle and structured analytical techniques, including models such as the Diamond Model and Kill Chain., • Experience working with or exposure to tools such as Google SecOps, CrowdStrike Falcon / Intelligence, Google Threat Intelligence / VirusTotal, Recorded Future, MISP, or similar platforms., • A proactive, outcome‑driven mindset with the ability to stay composed under pressure, communicate clearly during incidents, and collaborate effectively across technical teams. What We Offer • Hybrid work model with up to 25 days per year working from abroad., • Performance‑based compensation and benefits, including a company bonus scheme, pension, employee shares program, and employee discounts (details vary by location)., • Lifelong learning and international career mobility through career development and digital learning programs., • Flexible working, healthcare, parental leave benefits, and support to balance family and career while returning from career breaks. Commitment to Integrity, Fairness & Inclusion Allianz Technology is proud to be an equal opportunity employer dedicated to fostering an inclusive work environment for everyone. We embrace individuals of all gender identities and expressions, sexual orientations, ethnicities, ages, nationalities, religions, disabilities, and philosophies of life. xcskxlj We welcome applications regardless of race, ethnicity or cultural background, age, gender, nationality, religion, social class, disability or sexual orientation, or any other characteristics protected under applicable local laws and regulations. #J-18808-Ljbffr