Lead Cyber Threat Intelligence Engineer at SoFi

What you'd actually do

Produce high-quality, actionable intelligence reports, briefings, and alerts for both technical stakeholders and executive leadership.

Track threat actors and campaigns targeting the financial sector, focusing on their tactics, techniques, and procedures (TTPs).

Execute proactive threat hunting and infrastructure tracking to identify new detection opportunities based on evolving TTPs.

Utilize and manage the Threat Intelligence Platform (TIP) to gather, analyze, and enrich intelligence.

Partner closely with the Security Operations Center (SOC), Insider Threat, Fraud Risk, and other stakeholders to gather and prioritize requirements based on their needs.

Skills

Required

Cybersecurity experience
Cyber Threat Intelligence experience
Exceptional written and verbal communication skills
Presenting complex threat information to non-technical stakeholders
SIEM platforms
Threat Intelligence Platforms (TIPs)
Network traffic analysis
Malware analysis concepts
Enterprise IT networks
Operating system principles
Exploit weaponization
Analyze large volumes of technical and non-technical data
Identify patterns, anomalies, and actionable insights
Scripting languages
Automate manual data enrichment processes

Nice to have

CISSP
CISM
GCIH
SANS FOR578
Financial services sector experience
STIX/TAXII
FS-ISAC

What the JD emphasized

dedicated experience in Cyber Threat Intelligence

proven ability to present complex threat information to non-technical stakeholders effectively

Hands-on experience with SIEM platforms, TIPs, network traffic analysis, and malware analysis concepts

Strong understanding of enterprise IT networks, operating system principles, and exploit weaponization

Demonstrated ability to analyze large volumes of technical and non-technical data to identify patterns, anomalies, and actionable insights

Familiarity with scripting languages to interact with datasets and automate manual data enrichment processes

**Employee Applicant Privacy Notice**

Who we are:

Shape a brighter financial future with us.

Together with our members, we’re changing the way people think about and interact with personal finance.

We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.

Role Overview

In this role, you will protect our bank's financial infrastructure and members by anticipating, identifying, analyzing, and documenting advanced cyber threats. Operating beyond reactive alert monitoring, you will focus on understanding who might attack our organization next and how. You will act as a subject matter expert, leveraging your investigative mindset and technical skill set to translate raw data into actionable intelligence that informs tactical network defenses and strategic executive decisions. In this role, you will help mentor junior analysts and play a vital part in maturing our intelligence operations.

Key Responsibilities

Intelligence Analysis & Reporting: Produce high-quality, actionable intelligence reports, briefings, and alerts for both technical stakeholders and executive leadership. Utilize communication frameworks and data analysis to clearly convey analytical judgments and translate technical threats into the language of business risk across departments.
Adversary Tracking & Threat Hunting: Track threat actors and campaigns targeting the financial sector, focusing on their tactics, techniques, and procedures (TTPs). Map adversary behaviors using industry-standard models such as the MITRE ATT&CK framework, the Cyber Kill Chain, or the Diamond Model.
Proactive Threat Discovery: Execute proactive threat hunting and infrastructure tracking to identify new detection opportunities based on evolving TTPs.
Tool & Platform Optimization: Utilize and manage the Threat Intelligence Platform (TIP) to gather, analyze, and enrich intelligence. Validate indicators using internal security tools and manage intelligence sources, including open-source feeds, commercial data, and dark web monitoring.
Cross-Functional Collaboration: Partner closely with the Security Operations Center (SOC), Insider Threat, Fraud Risk, and other stakeholders to gather and prioritize requirements based on their needs. Provide context through enrichment of security alerts, reduce false positive rates, and ensure intelligence drives proactive defense and rapid containment during incidents.
Program Maturation & Mentorship: Apply structured analytic techniques (SATs) to mitigate cognitive biases during investigations. Aid in the automation of routine intelligence workflows, and assist in developing key performance metrics to demonstrate the CTI program's return on investment (ROI).

Required Qualifications

Experience: 5 to 8 years of overall cybersecurity experience, with at least 2 to 4 years of dedicated experience in Cyber Threat Intelligence.
Communication: Exceptional written and verbal communication skills, with a proven ability to present complex threat information to non-technical stakeholders effectively.
Technical Proficiency: Hands-on experience with SIEM platforms, TIPs, network traffic analysis, and malware analysis concepts. Strong understanding of enterprise IT networks, operating system principles, and exploit weaponization.
Analytical Skills: Demonstrated ability to analyze large volumes of technical and non-technical data to identify patterns, anomalies, and actionable insights.
Scripting & Automation: Familiarity with scripting languages to interact with datasets and automate manual data enrichment processes.

Nice to Haves

Industry certifications such as CISSP, CISM, GCIH, or specialized SANS training (e.g., FOR578: Cyber Threat Intelligence).
Previous experience working in the financial services sector.
Familiarity with information sharing standards (STIX/TAXII) and financial industry groups (e.g., FS-ISAC).

Compensation and Benefits

The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location.

To view all of our comprehensive and competitive benefits, visit our **Benefits at SoFi **page!

SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.

The Company hires the best qualified candidate for the job, without regard to protected characteristics.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

New York applicants: Notice of Employee Rights

SoFi is committed to an inclusive culture. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email accommodations@sofi.com.

Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.

Internal Employees

If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.