Key skills
Threat IntelligenceAdversary IntelligenceIntrusion IntelligenceSupply-chain IntelligenceIdentity IntelligenceDomain IntelligenceThreat-informed DefenseThreat Actor Ecosystem KnowledgeOperationalizing Threat IntelligenceSecurity Priorities InfluencePythonGoAI-assisted WorkflowsOSINT ToolsThreat HuntingThreat Detection MethodologiesRisk-based Security ApproachSQLEnterprise Security ControlsCloud Providers AWSCloud Providers AzureCloud Providers GCPCloud-native SecuritySaaS SecurityTeam-oriented mindsetAIMLData EngineeringAnalyticsSnowflakeAWSAzureGCPSaaSLeadershipCollaborationCloud Security
About this role
Snowflake is a cloud data platform company that is focused on enhancing security capabilities to mitigate threats. They are seeking a Principal Security Engineer - Threat Intelligence to lead the Threat Intelligence program, operationalize intelligence, and translate it into actionable outcomes for the organization.
Responsibilities:
- Help define and mature the strategy for Threat Intelligence at Snowflake, including where the program should invest in people, processes, engineering, and AI-enabled capabilities
- Identify, profile, and track threat actors targeting Snowflake, our customers, partners, and ecosystem, and translate that intelligence into relevant, actionable outcomes
- Operationalize threat intelligence to help prioritize security initiatives and drive action with the relevant security teams and stakeholders
- Produce high-quality intelligence reports, assessments, briefs, and leadership-ready communications based on external events, internal requirements, and proactive research
- Engineer solutions that improve the efficiency, scale, and impact of the Threat Intelligence program, including automations, collection pipelines, enrichment workflows, and analyst tooling
- Build and improve AI-assisted intelligence workflows for tasks such as report triage, signal enrichment, summarization, vendor/customer monitoring, and threat-informed hunts, with strong measurement and quality
- Partner closely with Threat Detection, Incident Response, and other security teams to convert intelligence into detections, threat hunts, investigative pivots, and control recommendations
- Monitor alerts, intelligence feeds, vendor reporting, and external developments for threat events that may affect Snowflake
- Drive standards for how intelligence is curated, evaluated, delivered, and measured so the program remains high-signal, timely, and scalable
- Mentor other engineers and analysts by raising the team’s technical depth, analytic rigor, and operational maturity
Requirements:
- Deep experience in threat intelligence, with strong background in several of: adversary intelligence, intrusion intelligence, supply-chain intelligence, identity intelligence, domain intelligence, and threat-informed defense
- Strong understanding of today's threat actor ecosystem, including nation-state actors, criminal organizations, ransomware groups, fraud ecosystems, and the platforms and communities that enable them
- Demonstrated ability to operationalize threat intelligence and influence security priorities in partnership with detection, incident response, product security, cloud security, anti-abuse, and other stakeholders
- Strong engineering skills, including experience writing code in high-level languages such as Python or Go, building automations, and working with data-heavy security workflows
- Experience building or driving AI-assisted workflows for intelligence analysis, research triage, summarization, collection, prioritization, or investigative support, and good judgment about where AI adds value versus where human analysis is required
- Ability to research threat actors' TTPs, infrastructure, targets, and objectives, and map those risks to Snowflake's product, enterprise, and customer environment
- Experience with OSINT tools, data sources, investigative methodologies, and intelligence reporting for technical and executive audiences
- Strong understanding of threat hunting and threat detection methodologies, and the ability to turn intelligence into hunts, detection opportunities, and control recommendations
- A risk-based approach to security, with the ability to prioritize work based on business impact and evolving threat conditions
- A humble, team-oriented mindset with a bias toward collaboration, execution, and raising the bar for the broader team
- Significant experience in threat intelligence, cyber threat research, intelligence engineering, or closely related security disciplines
- Experience researching and tracking sophisticated threat actors targeting cloud-native and SaaS environments
- Experience writing code in a high-level programming language such as Python or Go and using code to automate manual workflows or analyze security data at scale
- Experience handling data programmatically using tools such as SQL and Python, ideally against large datasets relevant to security analytics or intelligence workflows
- Experience collaborating across multiple security functions and communicating effectively with technical stakeholders and leadership
- Strong understanding of enterprise security controls, threat hunting, and detection methodologies
- Experience with one or more major cloud providers (AWS, Azure, GCP) and familiarity with the risks that impact cloud and SaaS environments
- Experience leading or materially shaping a Threat Intelligence program at scale
- Experience building AI/ML-assisted security workflows or evaluating AI systems for security use cases
- Experience with data engineering, workflow orchestration, or production-grade systems that support intelligence or security operations at scale
- Experience with Snowflake or equivalent cloud data platforms for large-scale analysis and investigative workflows
- Experience presenting externally, publishing research, or demonstrating thought leadership in the security space
- Experience building capabilities that support intelligence-driven detection, hunting, or response at a global scale