snowflake - Principal Security Engineer - Threat Intelligence

• This is a principal-level individual contributor role for someone who can operate strategically and technically: driving program maturity, building durable partnerships across Security and Engineering, and engineering AI-assisted workflows that help us move faster without sacrificing quality. • Deep experience in threat intelligence, with strong background in several of: adversary intelligence, intrusion intelligence, supply-chain intelligence, identity intelligence, domain intelligence, and threat-informed defense. • Strong understanding of today’s threat actor ecosystem, including nation-state actors, criminal organizations, ransomware groups, fraud ecosystems, and the platforms and communities that enable them. • Demonstrated ability to operationalize threat intelligence and influence security priorities in partnership with detection, incident response, product security, cloud security, anti-abuse, and other stakeholders. • Strong engineering skills, including experience writing code in high-level languages such as Python or Go, building automations, and working with data-heavy security workflows. • Experience building or driving AI-assisted workflows for intelligence analysis, research triage, summarization, collection, prioritization, or investigative support, and good judgment about where AI adds value versus where human analysis is required. • Ability to research threat actors’ TTPs, infrastructure, targets, and objectives, and map those risks to Snowflake’s product, enterprise, and customer environment. • Experience with OSINT tools, data sources, investigative methodologies, and intelligence reporting for technical and executive audiences. • Strong understanding of threat hunting and threat detection methodologies, and the ability to turn intelligence into hunts, detection opportunities, and control recommendations. • A risk-based approach to security, with the ability to prioritize work based on business impact and evolving threat conditions. • A humble, team-oriented mindset with a bias toward collaboration, execution, and raising the bar for the broader team. • Significant experience in threat intelligence, cyber threat research, intelligence engineering, or closely related security disciplines. • Experience researching and tracking sophisticated threat actors targeting cloud-native and SaaS environments. • Experience writing code in a high-level programming language such as Python or Go and using code to automate manual workflows or analyze security data at scale. • Experience handling data programmatically using tools such as SQL and Python, ideally against large datasets relevant to security analytics or intelligence workflows. • Experience collaborating across multiple security functions and communicating effectively with technical stakeholders and leadership. • Strong understanding of enterprise security controls, threat hunting, and detection methodologies. • Experience with one or more major cloud providers (AWS, Azure, GCP) and familiarity with the risks that impact cloud and SaaS environments. • Experience leading or materially shaping a Threat Intelligence program at scale. • Experience building AI/ML-assisted security workflows or evaluating AI systems for security use cases. • Experience with data engineering, workflow orchestration, or production-grade systems that support intelligence or security operations at scale. • Experience with Snowflake or equivalent cloud data platforms for large-scale analysis and investigative workflows. • Experience presenting externally, publishing research, or demonstrating thought leadership in the security space. • Experience building capabilities that support intelligence-driven detection, hunting, or response at a global scale.