AWS Jobs at Fireblocks

About The Team

As a SecOps & CTI Expert, you’ll be responsible for securing and protecting our infrastructure, including managing and administering various security-related technologies, platforms, and tools. You'll also provide security expertise and guidance to the team on various security-related matters. You’ll build and own solutions to quickly identify breach attempts, contain and eradicate threats, streamline our security incident response processes, continuously test our controls, and help the business make informed decisions based on threat intelligence. This is a fast-paced environment, where you’ll have the opportunity to manage multiple projects at once.

This position involves gathering, analyzing, and operationalizing Threat intelligence related to Digital Assets, Supply Chain Threats, Tactical Threat Intelligence, and Strategic Threat Intelligence. A SecOps & CTI Expert will identify emerging threats, assess potential risks, and provide actionable intelligence to support security operations and decision-making processes.

What You’ll Do 

• Investigate alerts, triage, deep dive, and come up with proper action items and remediation plans. 
• Perform host-based analysis, artifact analysis, and malware analysis in support of security investigations and incident response.
• Coordinate investigation, containment, and other response activities with business stakeholders and groups.
• Develop incident analysis and findings reports for management, including gap identification and recommendations for improvement.
• Recommend or develop new detection logic and tune existing sensors/security controls based on Threat Intelligence reports.
• Work with security solutions owners to assess existing security solutions' ability to detect/mitigate the abovementioned TTPs.
• Creating custom SIEM queries and dashboards to support the monitoring and detection of advanced TTPs against the company network.
• Analyze and produce intelligence reports tailored to technical and non-technical audiences, translating complex threats into actionable insights.
• Conduct in-depth research, contextual analysis, and campaign correlations associated with threat actors, adversary tactics, and emerging attack techniques.
• Leverage intelligence frameworks such as the Intelligence Cycle, Cyber Kill Chain, and MITRE ATT&CK to assess threats and map attacker techniques.

What You’ll Bring 

• 4+ years of experience in Security Operations (SecOps), Cyber Threat Intelligence (CTI), Incident Response, or Threat Hunting roles.
• Experience performing root cause analysis, incident containment, and providing remediation recommendations.
• Hands-on experience investigating and responding to security incidents involving host-based, network-based, and cloud-based threats.
• Experience working with SIEM platforms (e.g., Splunk, ELK, Sentinel, Chronicle, etc.), including creating custom queries, dashboards, and alerts.
• Ability to develop custom detection logic and threat-hunting playbooks based on Threat Intelligence insights.
• Experience with security monitoring of cloud environments (AWS, GCP, Azure).
• Understanding of container security and Kubernetes security (EKS, GKE).
• Strong analytical and problem-solving skills with a structured approach to security investigations.
• Excellent written and verbal communication skills, with experience writing detailed technical reports and executive summaries.