Threat Intelligence Lead

Job Description

Canonical is seeking a Threat Intelligence Lead to own the company's threat intelligence strategy and execution. The Threat Intelligence Lead will be responsible for understanding which cyber threat actors are targeting Canonical. They will also oversee the use of intelligence on Tactics, Techniques, and Procedures (TTP) to improve Canonical's products and internal cybersecurity controls.This role involves collaborating with internal stakeholders and the wider cybersecurity community to establish Canonical as a thought leader in open source threat intelligence. The Threat Intelligence Lead will report to the CISO and lead intelligence gathering and development activities focusing on threat actors targeting software supply chains. They will study attack trends across the open source software landscape, report findings to internal security teams, and advise the engineering community on threat detection and mitigation strategies.What this role involves:

• Building and owning Canonical’s threat intelligence strategy
• Building and maintaining OSINT research environments
• Developing OSINT tradecraft, principals, and techniques
• Identifying and tracking targeted intrusion cyber threats, trends, and new developments
• Collaborating across teams to inform on activity of interest
• Contributing to the wider threat intelligence community
• Working with product and engineering teams to explain cybersecurity threats and advise on mitigation strategies
• Working with the OPSEC and IS team to help implement/update security controls
• Identifying intelligence gaps and proposing new tools and research projects
• Conducting briefings for executives, internal stakeholders and external customers

Ideal candidate should have:

• Experienced threat intelligence leader
• Knowledgeable about the current open source threat landscape and computer networking
• Highly competent with OSINT tools (e.g., Buscador, Trace Labs OSINT VM, OSINT Framework, Maltego, Shodan, social media scraping tools, etc.)
• Able to identify, organise, catalogue, and track adversary tradecraft trends
• Experienced using threat intelligence data to influence enterprise architecture or product development decisions
• Excellent communicator
• Able to travel twice a year, for company events up to two weeks long

What Canonical offers:

• Distributed work environment
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues