The Role
The Senior Threat Intelligence Automation Engineer will lead the development of Galvanick's threat intelligence program, integrating intelligence into detection engineering and building a comprehensive strategy for OT/ICS environments.
Summary Generated by Built In
About Galvanick
Galvanick protects the industrial world against cyber attacks. Our threat detection platform defends the modern world against criminals and nation-states that target Operational Technology (OT) systems and networks. This is a chance to work in a startup environment with driven individuals committed to solving cybersecurity's big problems. We are backed by Founders Fund, Village Global, MaC Venture Capital, and others.
About the Role
We are seeking a Senior Threat Intelligence Automation Engineer to establish and lead Galvanick's threat intelligence program. In this role, you will architect our intelligence capabilities, defining how we consume, produce, and operationalize threat intelligence to protect critical infrastructure. You will bridge the gap between raw intelligence and actionable detections, ensuring our platform stays ahead of evolving threats to Operational Technology environments.
This is a unique opportunity to build a threat intelligence program from the ground up, directly impacting how we detect and respond to sophisticated adversaries targeting industrial systems. You will work closely with our detection engineering team to ensure threat intelligence drives both our detection development process and threat identification at runtime. This role requires strategic vision and hands-on technical implementation to create a world-class intelligence capability.
What You Will Do
* Define and implement Galvanick's comprehensive threat intelligence strategy, establishing processes for consuming, analyzing, and producing actionable intelligence specific to OT/ICS environments.
* Drive integration of threat intelligence sources directly into our detection engineering workflow, ensuring new detections are informed by the latest adversary tactics, techniques, and procedures.
* Design and define technical requirements for our threat intelligence platform and system of record, selecting and implementing tools that scale with our growth.
* Operationalize threat intelligence at runtime, ensuring real-time correlation between intelligence feeds and active threat detection across customer environments.
* Build relationships with intelligence sharing communities, government agencies, and industry partners to enhance our understanding of threats targeting critical infrastructure.
* Develop intelligence products and reports informing internal teams and customer decision-making. You will translate complex threat landscapes into actionable insights.
* Experiment with and iterate on intelligence integration methods, continuously improving how we transform raw intelligence into high-fidelity detections and hunting hypotheses.
Who You Are
* Experience in threat intelligence, with deep expertise in consuming, analyzing, and operationalizing intelligence for security operations or detection engineering.
* Strong technical background implementing threat intelligence platforms (TIPs) and STIX/TAXII frameworks, with Python (or Go) proficiency for automating intelligence workflows.
* Proven ability to translate strategic intelligence requirements into technical implementations. You have experience designing and building intelligence programs from the ground up.
* Experience working with intelligence sharing communities, ISACs, and government intelligence sources, with an understanding of TLP and intelligence handling requirements.
* Demonstrated expertise investigating malware, phishing, web attacks, insider threats, and advanced persistent threats.
Bonus Points
* Experience with industrial control systems, SCADA, or operational technology environments and understanding of threats specific to critical infrastructure.
* Active involvement in the threat intelligence community with established relationships in industry and government intelligence circles.
* Published research, conference presentations, or contributions to open-source intelligence projects.
* Experience working in startup environments where you've had to build capabilities with limited resources while maintaining high quality standards.
* Numerous Detection Engineers have sent you “Yes!” memes or outright high-fived you at various points in your career.
Benefits
We provide top-of-the-line medical/dental/vision for employees and dependents, and have additional benefits designed to optimize every team member’s vitality, health, and wellness. Our compensation reflects the cost of labor across various geographic markets. The base pay for this position ranges from $100,000/year in our lowest geographic market up to $180,000/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Galvanick is an early stage startup and base salary is only one component of our compensation package. Depending on the position offered, equity may be provided as part of the compensation package, in addition to medical, financial, and/or other benefits.
Location
The Galvanick team is based in Seattle. Given that we are an early-stage startup working on an exceptionally hard problem, we expect new team members to be in office. We are happy to cover relocation expenses.
ITAR Requirements
To conform to US Government export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a US citizen, lawful permanent resident of the US, protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the US Department of State. Learn more about the ITAR here.
Top Skills
Go
Python
Stix
Taxii
Threat Intelligence Platforms
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Galvanick helps companies secure their industrial operations and minimize cyber risk. Our platform collects telemetry from across our clients' industrial environments to analyze, correlate, and detect malicious behavior.
Concerned about cyber threats to your industrial infrastructure and operations?
Contact us at [email protected]
