Senior Security Intelligence and Analytics Engineer

Job Overview

Intuit's customers and stakeholders entrust us with their most sensitive data, and safeguarding this information is paramount to fulfilling our ethical, business, and regulatory obligations. To uphold this commitment, our Workforce Security team spearheads strategic initiatives, deploying cutting-edge automation tools and capabilities. By leveraging machine learning, AI, and data science, we proactively detect, investigate, and mitigate workforce and data loss risks, ensuring the utmost protection for Intuit's classified data and accounts.

We are seeking a highly skilled Senior Security Engineer to join our Security Intelligence and Analytics team. In this role, you will play a pivotal part in developing and implementing advanced security measures to identify and neutralize threats in real-time. Your expertise will be instrumental in fortifying our defenses against emerging threats and safeguarding our critical assets.

A key aspect of this role involves the creation and maintenance of comprehensive security intelligence and analytics dashboards and reports. These dashboards will provide real-time visibility into security events, enabling swift threat detection and response. Additionally, you will be responsible for generating detailed reports that offer insights into security trends, vulnerabilities, and the overall effectiveness of our security posture.

Responsibilities

• Utilize advanced analytics and machine learning techniques to monitor systems, detect anomalous behavior, and to support the facilitation for investigation of suspicious activities including building SIEM correlations that consume data from data loss prevention (DLP) policy alerts 
• Leverage security intelligence and analytics platforms to detect and investigate potential threats in real-time alerts into SIEM correlation rules for comprehensive threat detection.
• Develop and implement threat detection rules, models, and signatures to identify and mitigate emerging threats including Generative AI systems.
• Perform in-depth analysis of security events and incidents to determine root cause, impact, and remediation strategies.
• Collaborate with cross-functional teams to respond to and resolve security incidents, minimizing impact and downtime ensuring seamless integration of DLP alerts into SIEM and SOAR-driven incident response workflows.
• Ensure compliance with internal security standards and external regulations.
• Contribute to the development and enhancement of security intelligence and analytics capabilities, including data collection, correlation, and visualization with a focus on understanding the evolving landscape of insider threats and data loss prevention
• Stay abreast of emerging threats, vulnerabilities, and attack techniques through continuous research and analysis including the latest advancements in Generative AI security and participating in professional development activities.
• Provide expert guidance and support to incident response teams during critical security events leveraging insights from SIEM correlations and insider threat alerts to facilitate swift and effective incident resolution.

Qualifications

• SIEM Expertise: Extensive experience with SIEM platforms (e.g., Splunk, QRadar, Elastic), including rule creation, correlation, and dashboard development.
• Threat Detection and Response: Proven ability to develop and implement threat detection strategies, including the use of machine learning and behavioral analytics.
• Data Loss Prevention (DLP): Strong understanding of DLP principles and technologies, including experience integrating DLP alerts into SIEM for enhanced threat detection and incident response.
• Incident Response: Experience with incident response processes, including triage, containment, investigation, and remediation. Familiarity with SOAR (Security Orchestration, Automation, and Response) platforms is a plus.
• Threat Modeling: Experience with threat modeling methodologies (e.g., MITRE ATT&CK, STRIDE) to identify and prioritize potential threats and vulnerabilities.
• Security Analytics: Proficiency in security data analysis and visualization, using tools like Python, R, or SQL.
• Machine Learning: Experience applying machine learning techniques to security problems, such as anomaly detection, threat classification, and user behavior analysis.
• Cloud Security: Familiarity with cloud security concepts and platforms (e.g., AWS, Azure, GCP) and their implications for threat detection and response.
• Generative AI Security: Understanding of the unique security challenges and risks associated with Generative AI technologies, including potential for misuse, data poisoning, and model manipulation.
• Compliance and Regulations: Knowledge of relevant security standards and regulations (e.g., PCI DSS, GDPR, HIPAA) and their impact on security operations.
• Communication and Collaboration: Strong communication and interpersonal skills to effectively collaborate with technical and non-technical stakeholders.
• Problem-Solving: Excellent analytical and problem-solving skills to identify and resolve complex security issues.
• Continuous Learning: A passion for staying up-to-date with the latest security threats, vulnerabilities, and technologies through continuous research and professional development.
• Certifications: Relevant certifications such as CISSP, CEH, or cloud security certifications are a plus.