Threat Intelligence Lead

3 Hours ago • All levels

Job Summary

Job Description

The Threat Intelligence Lead will be responsible for developing and executing Canonical’s threat intelligence strategy. This includes understanding the cyber threat actors targeting Canonical and using intelligence on Tactics, Techniques, and Procedures (TTP) to improve products and internal cybersecurity controls. The lead will collaborate with internal stakeholders and the wider cybersecurity community, positioning Canonical as a thought leader in open-source threat intelligence. They will lead intelligence gathering on threat actors targeting software supply chains, study attack trends, report findings, and advise the engineering community on mitigation strategies. They will also conduct briefings for executives and stakeholders, identify intelligence gaps, and propose new tools and research projects. Canonical's products are widely used, making them a prime target for threat actors, and this role is key to securing their software infrastructure.
Must have:
  • Experienced threat intelligence leader.
  • Knowledgeable about open source threat landscape.
  • Highly competent with OSINT tools.
  • Able to track adversary tradecraft trends.
  • Experienced using threat intelligence data to influence enterprise architecture or product development decisions.
  • Excellent communicator with the ability to tailor technical content to a variety of audiences.
  • Able to travel twice a year, for company events up to two weeks long.
Good to have:
  • A professional portfolio of OSINT related scripts, tools, or frameworks
  • Demonstrated involvement in the larger OSINT community (please share relevant links)
  • Degree qualified, with a bachelor's degree in computer science, information security, or a related field
  • Certifications in related areas (e.g. GOSI, SANS SEC487 & SEC587, IntelTechniques OSIP, etc)
  • Experience in a tech company or government/military signal intelligence departments
Perks:
  • Distributed work environment with twice-yearly team sprints in person
  • Personal learning and development budget of USD 2,000 per year
  • Annual compensation review
  • Recognition rewards
  • Annual holiday leave
  • Maternity and paternity leave
  • Employee Assistance Programme
  • Opportunity to travel to new locations to meet colleagues
  • Priority Pass, and travel upgrades for long haul company events

Job Details

The Threat Intelligence Lead will own Canonical’s threat intelligence strategy and execution, including understanding of which cyber threat actors are targeting Canonical, and the use of intelligence on Tactics, Techniques and Procedures (TTP) to better our products and internal cybersecurity controls. You will collaborate with internal stakeholders as well as with the wider cybersecurity community, making sure that Canonical is recognised as a thought leader on open source threat intelligence.

This role will report to the CISO.

You will lead intelligence gathering and development activities on threat actors targeting software supply chains. You'll study attack trends across the wider open source software landscape, report findings to internal security teams, and advise the wider engineering community on the best course of action to detect and mitigate possible threats.

As the publisher of Ubuntu, Canonical products are directly or indirectly present in almost every organisation and household in the world, making them a prime target for threat actors. This team's mission is to help Canonical, and by extension countless community members and companies around the world, secure their software infrastructure.

What you’ll do in this role

  • Build and own Canonical’s threat intelligence strategy
  • Build and maintain OSINT research environments
  • Develop OSINT tradecraft, principals, and techniques
  • Identify and track targeted intrusion cyber threats, trends, and new developments by cyber threat actors through analysis of proprietary and open source datasets 
  • Collaborate across teams to inform on activity of interest
  • Coordinate adversary/campaign tracking
  • Contribute to the wider threat intelligence community, establishing Canonical as a key contributor and thought leader in the space
  • Work with product and engineering teams to explain cybersecurity threats and advise on mitigation strategies
  • Work with the OPSEC and IS team to help implement/update security controls prioritising cyber defence
  • Identify intelligence gaps and propose new tools and research projects to fill them
  • Conduct briefings for executives, internal stakeholders and external customers

The successful Threat Intelligence Lead will be

  • An experienced threat intelligence leader (or similar)
  • Knowledgeable about the current open source threat landscape and computer networking/infrastructure concepts
  • Highly competent with OSINT tools (e.g., Buscador, Trace Labs OSINT VM, OSINT Framework, Maltego, Shodan, social media scraping tools, etc.)
  • Able to identify, organise, catalogue, and track adversary tradecraft trends — often with incomplete data
  • Experienced using threat intelligence data to influence enterprise architecture or product development decisions
  • An excellent communicator with the ability to clearly articulate and tailor technical content to a variety of audiences
  • Able to travel twice a year, for company events up to two weeks long

Desired Characteristics

  • A professional portfolio of OSINT related scripts, tools, or frameworks
  • Demonstrated involvement in the larger OSINT community (please share relevant links)
  • Degree qualified, with a bachelor's degree in computer science, information security, or a related field
  • Certifications in related areas (e.g. GOSI, SANS SEC487 & SEC587, IntelTechniques OSIP, etc)
  • Experience in a tech company or government/military signal intelligence departments

What we offer you

We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.

  • Distributed work environment with twice-yearly team sprints in person
  • Personal learning and development budget of USD 2,000 per year
  • Annual compensation review
  • Recognition rewards
  • Annual holiday leave
  • Maternity and paternity leave
  • Employee Assistance Programme
  • Opportunity to travel to new locations to meet colleagues
  • Priority Pass, and travel upgrades for long haul company events

About Canonical

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004.​ Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.

Canonical is an equal opportunity employer

We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.

#LI-remote

Similar Jobs

Barracuda Networks  Inc  - Cybersecurity Engineer

Barracuda Networks Inc

Chelmsford, Massachusetts, United States (Hybrid)
2 Months ago
ByteDance - Software Engineer, Security Operation Center

ByteDance

San Jose, California, United States (On-Site)
1 Month ago
Epic Games - Threat Intelligence Manager

Epic Games

(On-Site)
1 Month ago
Opendoor - Detection Engineer - Security (Go or Python)

Opendoor

Kraków, Lesser Poland Voivodeship, Poland (Hybrid)
1 Week ago
ByteDance - Threat Intelligence Engineer Intern

ByteDance

Singapore (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

GoDaddy - Senior Product Manager - Security Products

GoDaddy

(Remote)
2 Weeks ago
ByteDance - Threat Intelligence Engineer, Security Assurance - 2025 Start

ByteDance

Singapore (On-Site)
6 Months ago
Jumio - Senior Detect & Respond Engineer

Jumio

Bengaluru, Karnataka, India (On-Site)
2 Weeks ago
PwC - Security Operations Center and Incident Response Manager

PwC

Makati, Metro Manila, Philippines (On-Site)
7 Months ago
Ansira - Site Reliability Engineer

Ansira

Noida, Uttar Pradesh, India (On-Site)
2 Weeks ago
Snyk - Vulnerability Data Manager

Snyk

Tel Aviv-Yafo, Tel Aviv District, Israel (On-Site)
2 Weeks ago
Reversing Labs - Senior Software Engineer

Reversing Labs

Zagreb, Grad Zagreb, Croatia (Hybrid)
3 Months ago
Reversing Labs - Federal Account Executive

Reversing Labs

United States (Remote)
1 Month ago
ION - Cyber Product Owner, Italy

ION

Italy (Hybrid)
7 Months ago
Google - Security Consultant Developer

Google

Atlanta, Georgia, United States (On-Site)
3 Weeks ago

Get notifed when new similar jobs are uploaded

Jobs in Worldwide

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Similar Category Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!