The Red Cloak Threat Detection and Response (TDR) engineering group is looking for a lead software architect for our threat intelligence (TI) product team. You can learn more about Red Cloak TDR: here. You will work in a fast-paced, startup-like environment with an experienced, cross-functional team of software engineers, data scientists, and security experts to develop threat intelligence collection, exploration, and exploitation within our cloud-native security analytics platform. As a technical lead, you will work closely with the Red Cloak engineering leadership, especially the Chief Architect, on steering our TI strategy and execution. If you love the idea of tracking the latest threat actor activity and solving complex engineering challenges, then we want your help securing human progress!
The ideal candidate will have a computer science background with an emphasis on building data collection and storage systems with robust APIs for a variety of consumers. Familiarity with analyst-facing UI/UX and threat actor based security research would also be strong additions. Your focus will be on formulating the technical direction and overall architecture for our security analytic platform’s use of threat intelligence. Our TI product team regularly works with other product teams and security research groups across Secureworks to pursue the best threat intelligence sources. The threat intelligence within our platform is exposed to security analysts in order to provide the strongest possible context during rapid security relevance determinations to defeat potential attackers. The threat intelligence team covers a wide range, including the collection of a variety of sources (APIs, STIX/TAXII, scrapping, etc.), storing and ranking analyst dispositions of quality or relevance, correlations to new or existing threat actor detections, and general exploratory interfaces designed to expose the latest knowledge of threat actors tools, techniques, and procedures.
- Provide technical leadership across Red Cloak TDR teams on the architecture, strategy, and development of threat intelligence within our security analytics platform.
- Coordinate closely with your peers: Red Cloak Product Managers within the TI product portfolio, as well as other Technical Leads / Architects across the full back- and front-end product areas.
- Own feature development for threat intelligence service from design to delivery with high availability for collection processors written in Golang, client facing GraphQL and/or STIX/TAXII APIs, helping to design Angular UI components, as well as the underlying storage & retrieval of categorized threat intelligence.
- Extensive hands-on development. Our architect / tech lead philosophy centers on being deeply involved in the projects you will lead.
- Design and implement software to be deployed via Docker on Kubernetes, and using public cloud offerings (e.g. AWS, GCP).
- Recommend and develop new product concepts and capabilities.
- Triage, reproduce, debug, and fix issues identified in the product.
- Secure deployed code, update processes, and communication paths against potential attackers that aim to hijack highly privileged applications.
- Build tools to support team efficiency and contribute to test automation.
- Lead projects efficiently while maximizing performance and minimizing costs.
- Ensure high standards are being followed when it comes to design, coding quality, along with unit and component testing.
- Work effectively on a geographically distributed team to deliver high quality software against aggressive schedules.
- Keen sense of urgency and the ability to prioritize problems, analyze, and resolve issues.
- Ability to lead, mentor, communicate, collaborate, and work effectively in a distributed team.
- Excellent oral and written communication skills.
- Minimum 7+ years of experience in software development for enterprise-class applications.
- Minimum 2 years experience leading the design and technical direction of API development and data driven applications.
- Minimum of 1 year development experience using Golang
- Minimum of 2 years experience developing a service-oriented or microservice architecture and developing with containers / orchestrators (e.g. Docker, Kubernetes).
- B.S./M.S. in Computer Science or equivalent experience.
- Experience with Amazon AWS, Google GCP, or similar cloud provider.
- Experience with Kubernetes, including deployments from robust CI/CD pipelines.
- Experience with dataflow and queues or message passing (e.g. Kafka, NATS, Redis, RabbitMQ).
- Familiarity with GraphQL API development and maintenance.
- Computer or information security background, particularly involving threat intelligence production, analysis, and exploitation by security analysts within SIEMs.
- Familiarity with STIX/TAXII and other threat intelligence feed providers.
- Experience with RDBMS and NoSQL databases (e.g. Postgres, MySQL, Elasticsearch, Athena/Presto, Cassandra/HBase/Accumulo, etc).
- Prior experience developing software in an entrepreneurial environment.
- Prior experience developing product and customer focused applications.