Threat Intelligence Automation Developer (Cybersecurity)

TL;DR

Threat Intelligence Automation Developer (SOAR/TIP): Engineering and optimizing large-scale automated pipelines to convert adversary data into meaningful insights with an accent on SOAR and TIP orchestration. Focus on designing AI agent integrations into human workflows and automating complex investigative processes to outpace modern threats.

Location: Washington (Seattle), Virginia (Mclean), California (San Francisco), District of Columbia (Washington)

Company

A leading provider of customer relationship management (CRM) software and enterprise cloud applications.

What you will do

• Architect and implement programmatic solutions and integrations within TIP and SOAR ecosystems to drive high-velocity security operations.
• Collaborate with Threat Researchers to transform manual investigative workflows into automated detection frameworks.
• Lead the evaluation of novel data streams and manage technical data ingestion and normalization initiatives.
• Optimize the intelligence production cycle by engineering automations that eliminate manual processing burdens.
• Design and orchestrate complex systems integrating AI agents into human workflows to drive efficiency.
• Maintain a shared system context repository of designs and standards to ensure reliable AI operations.

Requirements

• Minimum of three years in cybersecurity, including at least one year in security engineering, DevSecOps, or automation.
• Advanced Python development skills; proficiency in Bash and JavaScript is highly desirable.
• Hands-on experience with SOAR platforms such as Cortex XSOAR, Splunk Phantom, Tines, or Swimlane.
• Experience administering Threat Intelligence Platforms like Vertex Synapse, ThreatConnect, Anomali, or MISP.
• Expertise in normalizing unstructured data via RESTful APIs and Regex into JSON or Synapse models.
• Technical mastery of git, CI/CD best practices, Linux environments, and AWS management.
• Experience using AI tools (Claude Code, Copilot, Cursor) and advanced prompt engineering skills.
• Bachelor's degree in Cybersecurity, Computer Science, or equivalent professional expertise.

Nice to have

• Experience building integrations specifically for Threat Intelligence Platforms.
• Proficiency with security analysis tools such as Jupyter notebooks, Splunk, or ElasticSearch.
• Experience with Microsoft Azure and Google Cloud.
• Expertise in graph modeling using Vertex Synapse or similar graph-based database technologies.
• Experience developing cloud-native automation using AWS Lambda or Azure Functions.
• Relevant industry credentials such as GCTI or GPYC.