Senior Threat Intelligence Engineer

Overview

At Cloudflare, we are on a mission to help build a better Internet. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have web traffic routed through its global network, improving performance and reducing spam and attacks.

Cloudflare is recognized for its culture and innovation.

Available Locations: Austin

About the Department

Security at Cloudflare is a focused team committed to helping secure both Cloudflare and our customers. The Threat Detection Automation and Intelligence Team is responsible for identifying, understanding and detecting threats to Cloudflare.

About the Role

We are seeking an experienced Threat Intelligence Engineer with experience in machine learning data science to join our proactive security team. This role blends Threat Intelligence (TI) with advanced Machine Learning and engineering to transform raw threat data into actionable security measures and automated defenses, reducing mean time to detect (MTTD) and mean time to respond (MTTR) to sophisticated cyber threats.

Key Responsibilities

• Intelligence Collection & Analysis: Proactively research, collect, and analyze threat intelligence from OSINT, commercial feeds, dark web, and internal security events to understand current and emerging threats.
• Machine Learning and Data Science: Design, implement, and maintain detection use cases for the full ML lifecycle (data ingestion, training, deployment, inference).
• Threat Actor Profiling: Develop profiles of threat actors using MITRE ATT&CK and assess potential impacts.
• Actionable Intelligence Dissemination: Produce and disseminate timely, relevant intelligence reports for technical teams and executive leadership.
• IOC/IOA Management: Ingest, enrich, correlate, and contextualize IOCs/IOAs into security platforms.
• Automated Defense Development: Design and implement automation workflows and playbooks (SOAR) for incident triage, alert enrichment, vulnerability management, and threat response.
• Tool Integration & Optimization: Integrate security tools via APIs and scripting (primarily Python) to create automated feedback loops.
• Process Improvement: Identify manual processes and engineer automation to increase efficiency and maturity.
• Incident Response Support: Provide threat context to support the Incident Response team during active incidents.
• Cross-Functional Partnership: Collaborate with Detection Engineers, Security Engineers, and Software Developers to embed security in CI/CD and infrastructure.

Preferred Skills

• Understanding of attacker Tools, Techniques and Procedures (TTPs)
• Understanding of attack components
• Experience threat hunting in a complex network
• Ability to contextualize risk from attack briefs or vulnerability reports
• Experience validating vulnerability reports and providing impact analysis
• Experience performing data gathering and analysis on perceived threats
• Experience with common Security Operations tools
• Experience using security event information in intelligence analysis
• Ability to navigate ambiguity and provide clarity
• Ability to work autonomously with urgency, ownership and initiative
• Ability to build partnerships across stakeholders
• Effective verbal and written communication of risk and urgency
• Understanding of nation-state motivations and capabilities (preferred)
• Experience with Infrastructure-as-Code (IaC) tools like Terraform
• Familiarity with data analysis and visualization for threat intelligence
• Experience with malware analysis and reverse engineering to extract indicators

Qualifications

• Experience: 4+ years in Security Engineering, Cyber Threat Intelligence, or Security Automation
• Programming: Proficiency in at least one scripting/programming language for automation (e.g., Python)
• Security Concepts: Deep understanding of cyber kill chain, TTPs, attack vectors, networking, and OS internals
• Automation Expertise: Experience designing and implementing SOAR playbooks and API integrations
• Intelligence Tools: Experience with TIPs and threat feeds
• Cloud Security: Familiarity with security services and automation in AWS, Azure, or GCP

What Makes Cloudflare Special

We are a large-scale technology company with a soul, committed to protecting a free and open Internet.

Additional Information

This position may involve access to information protected under U.S. export control laws. An offer of employment may be conditioned on authorization to receive controlled software or technology without sponsorship.

Equal Opportunity

Cloudflare is proud to be an equal opportunity employer. We provide equal employment opportunity to all people and value diversity and inclusiveness. All qualified applicants will be considered without regard to race, color, religion, sex, gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship, age, disability, or any other basis protected by law.

We are an AA/Veterans/Disabled Employer. Reasonable accommodations are provided for applicants with disabilities. If you require accommodations, contact [email protected].