Threat Intelligence Lead

The Threat Intelligence Lead will own Canonical's threat intelligence strategy and execution, including understanding which cyber threat actors target Canonical and utilizing intelligence on Tactics, Techniques, and Procedures (TTP) to enhance our products and cybersecurity controls. This role involves collaborating with internal stakeholders and the wider cybersecurity community to establish Canonical as a thought leader in open source threat intelligence.

This position reports to the CISO and involves leading threat actor research related to software supply chains, analyzing attack trends in the open source software landscape, and advising engineering teams on threat detection and mitigation strategies.

1. Build and own Canonical's threat intelligence strategy.
2. Develop and maintain OSINT research environments and tradecraft.
3. Identify, track, and analyze cyber threats and trends using proprietary and open source data.
4. Collaborate across teams to inform on relevant activities.
5. Contribute to the global threat intelligence community, establishing Canonical as a thought leader.
6. Advise product and engineering teams on cybersecurity threats and mitigation strategies.
7. Assist the OPSEC and IS teams in implementing security controls.
8. Identify intelligence gaps and propose new tools and research projects.
9. Conduct briefings for executives, stakeholders, and customers.

• Experienced threat intelligence leader or similar background.
• Knowledge of open source threat landscape and networking concepts.
• Proficient with OSINT tools such as Buscador, Trace Labs OSINT VM, Maltego, Shodan, social media scraping tools.
• Skilled in organizing and tracking adversary tradecraft trends.
• Experience influencing enterprise architecture or product decisions with threat data.
• Excellent communication skills, able to tailor technical content for diverse audiences.
• Willing to travel twice a year for up to two weeks.

• Portfolio of OSINT scripts, tools, or frameworks.
• Active involvement in the OSINT community (provide links).
• Bachelor's degree in computer science, information security, or related fields.
• Certifications such as GOSI, SANS SEC487 & SEC587, IntelTechniques OSIP.
• Experience in tech companies or government/military signal intelligence.

We offer competitive compensation based on location, experience, and performance, with annual reviews and bonuses. Benefits include:

• Distributed work environment with biannual in-person team sprints.
• USD 2,000 annual learning and development budget.
• Recognition rewards, holiday leave, maternity/paternity leave.
• Employee Assistance Programme.
• Opportunities for travel and company event upgrades.

Canonical is a leader in open source technology, publishing Ubuntu, a key platform for AI, IoT, and cloud. We are a remote-first company since 2004, committed to excellence and diversity. We foster an inclusive workplace free from discrimination, valuing diverse perspectives to create better products and work environments.