Principal Security Engineer - Threat Intelligence

Responsibilities

• Define and mature Snowflake’s Threat Intelligence strategy, including investments in people, processes, engineering, and AI-enabled capabilities.
• Identify, profile, and track threat actors targeting Snowflake, customers, partners, and ecosystem; translate intelligence into actionable outcomes.
• Operationalize threat intelligence to prioritize security initiatives and drive action with Detection, Incident Response, Product Security, Cloud Security, and Anti-Abuse teams.
• Produce high-quality intelligence reports, assessments, briefs, and leadership-ready communications.
• Engineer solutions that improve efficiency, scale, and impact: automations, collection pipelines, enrichment workflows, and analyst tooling.
• Build and improve AI-assisted intelligence workflows for report triage, signal enrichment, summarization, vendor/customer monitoring, and threat-informed hunts, with strong measurement.
• Partner with Threat Detection and Incident Response to convert intelligence into detections, threat hunts, investigative pivots, and control recommendations.
• Monitor alerts, intelligence feeds, vendor reporting, and external developments for relevant threats.
• Drive standards for how intelligence is curated, evaluated, delivered, and measured.
• Mentor engineers and analysts to raise technical depth, analytic rigor, and operational maturity.

Requirements

• Significant experience in threat intelligence, cyber threat research, intelligence engineering, or closely related security disciplines.
• Experience researching and tracking sophisticated threat actors targeting cloud-native and SaaS environments.
• Strong engineering skills: writing code in Python or Go; building automations and data-heavy security workflows.
• Experience handling data programmatically with SQL and Python against large datasets.
• Experience collaborating across security functions and communicating effectively with technical stakeholders and leadership.
• Strong understanding of enterprise security controls, threat hunting, and detection methodologies.
• Experience with at least one major cloud provider (AWS, Azure, GCP) and familiarity with cloud/SaaS risks.
• Deep knowledge in several of: adversary intelligence, intrusion intelligence, supply-chain intelligence, identity intelligence, domain intelligence, and threat-informed defense.
• Strong understanding of today’s threat actor ecosystem (nation-state, criminal, ransomware, fraud).
• Demonstrated ability to operationalize threat intelligence and influence security priorities.
• Experience building or driving AI-assisted workflows for intelligence analysis, research triage, summarization, collection, and prioritization.
• Ability to research threat actors’ TTPs, infrastructure, targets, and map risks to Snowflake’s environment.
• Experience with OSINT tools, data sources, investigative methodologies, and intelligence reporting for technical and executive audiences.
• Risk-based approach to security prioritization.