Key skills
Threat intelligenceSecurity engineeringScripting/automationUnderstanding attacker TTPsSecurity telemetryCuriosityCommunication skillsCollaborationPythonSaaS
About this role
1Password is a rapidly growing cybersecurity company that has innovated a market-leading enterprise password manager. They are seeking a Senior Security Engineer specializing in Threat Intelligence to understand adversary behavior and translate intelligence into operational outcomes, enhancing the company's security posture.
Responsibilities:
- Research, track, and assess the threat landscape by analyzing relevant threat actors, campaigns, and behaviors affecting 1Password’s attack surface, identity systems, brand, third-party ecosystem, and insider risk scenarios
- Analyze and prioritize information to develop actionable intelligence that informs detection coverage, hunting activities, and response readiness
- Partner with Detection Engineering to design and validate threat-based detections, including through adversary emulation, simulation, or controlled testing
- Use automation and scripting to improve how threat intelligence is collected, enriched, distributed, and actioned across Security workflows
- Curate and deliver threat intelligence reporting for both technical teams and executive stakeholders, helping inform prioritization, investment decisions, and security strategy
- Build and maintain repeatable threat intelligence processes, workflows, and documentation that scale with the Detection & Response program
- Participate directly in security operations by triaging alerts, supporting investigations, managing incidents, and contributing to post-incident learning
Requirements:
- 5+ years of experience in technical security engineering roles, with 3+ years focused on threat intelligence
- Strong understanding of modern attacker TTPs, including cloud-native, SaaS, identity-focused, and insider-adjacent threat patterns
- Experience developing intelligence requirements, prioritization frameworks, analysis workflows, and emulation scenarios
- Hands-on experience with scripting or automation (e.g., Python, APIs, SOAR workflows) to improve operational efficiency and cross-team execution
- Ability to produce concise, high-quality written intelligence, including executive-level summaries that drive prioritization and strategy
- Familiarity with security telemetry, logs, and investigative workflows used by detection and response teams
- Willingness to participate in an on-call rotation and support security incidents during high-severity or off-hours events