Be a part of it. Join the #AccelFamily

Senior Software Engineer - Threat Intelligence



Software Engineering
Posted on Thursday, May 30, 2024

About Us:

SentinelOne is defining the future of cybersecurity through our XDR platform that automatically prevents, detects, and responds to threats in real-time. Singularity XDR ingests data and leverages our patented AI models to deliver autonomous protection. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle.

We are a values-driven team where names are known, results are rewarded, and friendships are formed. Trust, accountability, relentlessness, ingenuity, and OneSentinel define the pillars of our collaborative and unified global culture. We're looking for people that will drive team success and collaboration across SentinelOne. If you’re enthusiastic about innovative approaches to problem-solving, we would love to speak with you about joining our team!

What are we looking for?

Detection Research department ensures robust detection coverage against all Tactics, Techniques, and Procedures, exploits, and prevalent malware across operating systems and cloud-native computing environments. We use Threat Intelligence to stay ahead of threat actors and malware, which are evolving at an unprecedented pace. Our Threat Intelligence Engineering team develops and maintains tools, databases, and automation for malware analysts and other experts in the company.

We are seeking a highly technical, hands-on, and self-sufficient Software Engineer to join our dynamic Threat Intelligence Engineering team. As an ideal candidate you should have hands-on experience as a Fullstack, Backend or DevOps engineer, with an experimental mindset and ready to solve non-trivial engineering problems.

You will be responsible for fast delivery of successful proof of concepts and evolving them into sustainable products as well as supporting existing threat intel solutions and infrastructure.

What will you do?

  • Develop and maintain tools and systems that collect, process and analyze threat intelligence data.
  • Collaborate with cross-functional teams to design and implement innovative solutions for threat detection and response.
  • Rapidly prototype and validate new ideas and technologies to stay ahead of emerging threats.
  • Contribute to the maturation of POCs into robust, scalable, and maintainable systems.
  • Ensure the highest standards of engineering excellence over the long term, with attention to detail and quality.

What skills and knowledge should you bring?

  • At least one year of experience with asynchronous programming in Python (three years of Python programming with a different stack will suffice).
  • Proven experience in software development and engineering best practices using multiple programming languages at the same time.
  • Good understanding of basic AWS concepts and components such as S3, IAM, VPC, Autoscaling and Load balancing.
  • Knowledge of API documentation formats, ability to find how to query (fetch data from) documented or not-so-well documented REST services.
  • Excellent problem-solving skills and a strong "I can make it work" mentality.
  • Demonstrated ability to learn and adapt to new technologies and methodologies quickly.

You’ll stand out, if you are also familiar with:

  • cybersecurity concepts, including threat actors, TTPs (Tactics, Techniques, and Procedures), and the MITRE ATT&CK framework.
  • threat intelligence platforms (e.g. MISP, Synapse), sharing formats (e.g., STIX), and related APIs.
  • corporate systems integrations (e.g., Slack, Atlassian, Authentication providers, Zendesk) and/or Jenkins, GitHub, Google Docs APIs.
  • Terraform or OpenTofu with custom or 3-rd party providers
  • Kubernetes, Elastic Container Service, managing secrets and sensitive data with Swarm and/or AWS.
  • building multi-architecture Docker images.
  • basic Cost Management principles in AWS.
  • tools like Yara, CAPA, IDA, Ghidra in a non-GUI (console, automation) environment.

Why us?

Because you will work on real-world problems with risks of millions of dollars (protecting against Ransomware and other threats) and make an impact by preventing our customers from appearing in global news after being attacked. You will be joining a technologically cutting-edge project and will be able to influence the architecture, design, and building of our core platform. You will meet extraordinary challenges and work with the very BEST in the industry.

On top of that we offer you

  • Flexible working hours, this is a remote role based within Italy; we provide IWG pass to major coworking chains
    • Optionally for those willing to relocate to the Czech Republic relocation assistance is available for any candidates that are already eligible to work in the EU

  • Generous employee stock plan in the form of RSUs (restricted stock units), not options; 4 years vesting with 1 year cliff and then quarterly, stock refresh yearly
  • Yearly bonus depending on the performance of the company, paid out in 2 installments
  • Global gender-neutral Parental Leave (16 weeks, beyond the leave provided by the local laws) & Grandparent Leave
  • Volunteering paid day off & Additional paid Company holidays off (e.g. 4 days in 2022)
  • Global Employee Assistance Program (confidential counseling related to both personal and work life matters)
  • Udemy Business platform for Hard/Soft skills Training & Support for your further educational activities/trainings
  • Above-standard referral bonus

& Aditional country-specific benefits to Italy

SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

SentinelOne participates in the E-Verify Program for all U.S. based roles.