At NinjaOne, the Trust team is looking for a Senior Cyber Threat Intelligence Specialist to transform raw data into decisive action. You will be responsible for our entire intelligence lifecycle, from intake to automation, creating the insights that power our security operations and incident response.

What You'll Do

Operate and enhance the CTI pipeline: aggregate, normalize, deduplicate, and score intelligence from commercial, open-source, ISAC/ISAO, and government feeds.
Maintain PIRs with stakeholders and align your reporting to those priorities.
Enrich indicators and TTPs and track adversary infrastructure changes over time.
Own our TIP/TAXII ecosystem, including uptime, schemas, tagging, TLP handling, data lifecycles, and automation jobs.
Build and maintain ETL and enrichment automations using Python or PowerShell to reduce manual work.
Integrate intelligence with SOC tooling to ensure hunts and detections stay current and relevant.
Publish flash alerts, weekly briefs, and deep-dive reports with clear ‘so-what’ analysis and concrete actions.
Convert intelligence into hunt packages with hypotheses, data sources, query starting points, and validation steps.
Partner with Detection Engineering to propose new rules, hardening opportunities, and coverage mappings.
Work side-by-side with SOC and DFIR during active incidents to provide rapid context and likely next moves.
Establish sharing norms and ensure compliant handling of sensitive intelligence.
Track the efficacy of your work by measuring which reports triggered hunts and which detections were adopted.

What We're Looking For

Proven experience producing actionable intelligence tied directly to SOC and DFIR outcomes.
A strong grasp of MITRE ATT&CK for mapping intelligence to hunts and detections.
Hands-on experience with a TIP/TAXII platform and integrating intelligence into SIEM, EDR, or SOAR.
Comfortable scripting, with Python preferred, for ETL, enrichment, and API integrations, plus basic SQL and log querying.
Excellent writing and visualization skills, with a focus on concise ‘so-what’ analysis and clear action items.
Pragmatic prioritization, disciplined use of PIRs, and respect for TLP and legal boundaries.
Near-fluent English communication skills for effective cross-functional work.

Nice to Have

Experience translating TTPs into Sigma, SPL, KQL, YARA, or EDR detection ideas.
Familiarity with sandboxing, malware triage, and interpreting network and endpoint artifacts.
Cloud familiarity, particularly with AWS, and experience with common security logs.
Relevant certifications or equivalent hands-on work.

Technical Stack

Languages: Java, Kotlin, C++, Golang, Python, PowerShell
Databases: Postgres
Cloud: AWS

Team & Environment

You will be a core member of the Trust team, partnering closely with SOC, DFIR, Detection Engineering, and Cloud Security.

Benefits & Compensation

Salary range: $140,000 to $210,000 per year for roles based in CA, CO, MD, NJ, WA, NY.
Comprehensive medical, dental, and vision insurance.
401(k) plan.
Unlimited PTO.
Opportunities for professional growth and advancement.

Work Mode

This is a hybrid position open to candidates in the USA (CA, CO, CT, FL, GA, IL, KS, MA, MD, ME, NJ, NC, NY, OR, TN, TX, VA, WA).

NinjaOne is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, veteran status, or any other status protected by applicable law.