Threat Intelligence analyst – CTI
We are looking for an engineer interested in joining our Threat Intelligence team. The main tasks will include introducing new patterns and conventions where necessary, as well as producing pragmatic and high quality solutions to challenging or complicated problems.
CTI Team
Our cyber threat intelligence (CTI) team is responsible for gathering, analyzing, and interpreting information about potential and existing threats. Their primary goal is to understand the threat landscape and provide actionable intelligence to help prevent, detect, and respond to cyber threats. The team is also responsible for providing the tools and services required to manage and distribute all the generated security content.
- Remote
Job description
Your role at Wazuh
You will be working as part of our threat intelligence division under the Cyber Threat Intelligence team. Our role is defined by the following:
- Capable of introducing new patterns and conventions when needed.
- Produces pragmatic and high-quality solutions to challenging or complicated problems.
- Demonstrates a comprehensive understanding of all our tools. Uses them regularly to diagnose issues quickly and calmly, even under pressure.
- Trusted to provide actionable feedback across team pull requests in line with our principles that require little or no oversight. Provides technical advice and suggestions during planning/scoping.
- Takes part in the Wazuh community, helping our users with issues about Wazuh deployment and configuration. Help others with their community engagement. Interactions with users are polite and well-structured, using examples and documentation as appropriate. Knows how to integrate other (possibly unsupported) products with Wazuh.
- Reviews and sanitizes Common Vulnerabilities and Exposures (CVEs) data with attention to detail, ensuring accuracy, clarity, and minimal false positives or negatives in vulnerability assessments.
- Develops and refines hardening policies for various operating systems based on CIS Benchmarks and uses the Wazuh SCA module to assess compliance, strengthen system defenses, and align with industry best practices.
- Designs and implements a modern ruleset, including decoders and rules, for the next major release of Wazuh XDR+SIEM. Enhances threat detection capabilities by creating advanced detection logic, improving accuracy, and optimizing event correlation.
What you bring along
Within the CTI threat intelligence division, analysts are in charge of the design, development, and maintenance of the CTI content.
You will work with the rest of the team to provide actionable intelligence to help prevent, detect, and respond to cyber threats.
- Strong knowledge in modern C++ programming language (C++17-C++20).
- Knowledge in software testing best practices and frameworks.
- Proven experience with version control systems (e.g., Git) and collaborative development processes (pull requests, peer review, etc.).
- Experience building service-oriented desktop applications for Linux, Windows, or macOS.
- Basic networking knowledge.
- Willingness to learn and adopt new technologies.
- Ability to help the community users with questions about the capabilities developed.
- English written conversational skills.
Required skills
- Git and GitHub.
- Virtualization systems (VirtualBox).
- Linux containers (Docker).
- CVE knowledge.
- SOC/SIEM experience.
- Security hardening.
Bonus skills
- Knowledge about Wazuh XDR+SIEM.
- Knowledge about Elasticsearch/OpenSearch.
We offer
- 100% remote.
- Competitive salary.
- Home office budget.
- A forward-moving career path with professional growth opportunities.
- Collaboration and development with some of the leading international IT companies.
- Positive, supportive and collaborative work environment.
Skills
- Git and GitHub
- Virtualization systems (VirtualBox)
- Linux containers (Docker)
- CVE knowledge
- SOC/SIEM experience
- Security hardening
