Staff Threat Intelligence Engineer

Posted:
3/23/2025, 5:00:00 PM

Location(s):
New York, New York, United States ⋅ New York, United States

Experience Level(s):
Mid Level ⋅ Senior

Field(s):
IT & Security

At CVS Health, we’re building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.

As the nation’s leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues – caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

Who You Are

A seasoned Cyber Threat Intelligence (CTI) professional with 7 to 10 years of experience in cybersecurity, specializing in threat intelligence analysis, cybercrime monitoring, and strategic security operations.
Proficient in leveraging threat intelligence platforms such as Recorded Future, Intel 471, ISAC, and FlashPoint to proactively identify and mitigate threats.
Adept at gathering, analyzing, and interpreting threat intelligence data to provide actionable insights for risk mitigation and response.
Experienced in leading intelligence-driven security strategies and collaborating with cross-functional teams to enhance an organization's security posture.
Strong understanding of TTPs (Tactics, Techniques, and Procedures) used by threat actors, with expertise in frameworks like MITRE ATT&CK and Cyber Kill Chain.
Skilled in developing and operationalizing intelligence-sharing processes within the organization and across trusted industry groups.
Strong leadership skills with a proven ability to mentor junior security professionals and drive continuous improvement in threat intelligence practices.

Role Responsibilities

Threat Intelligence Operations

Lead the development and implementation of a comprehensive Cyber Threat Intelligence (CTI) program, integrating intelligence feeds, tools, and analytical methods.
Conduct deep-dive analysis of cyber threats, including APT groups, cybercrime actors, and emerging threats, using intelligence tools like Recorded Future, Intel 471, ISAC, and FlashPoint.
Monitor open-source intelligence (OSINT), dark web sources, and private intelligence feeds to track potential threats relevant to the organization.
Develop intelligence reports and briefings for security leadership and key stakeholders, translating complex threat data into actionable recommendations.
Collaborate with SOC, Incident Response, and Red Team functions to ensure proactive threat hunting and risk mitigation.

Collaboration & Strategy

Work closely with Security Operations, IT, and Business Leaders to align CTI efforts with the organization’s risk management strategies.
Establish and maintain relationships with industry peers, law enforcement, ISACs, and threat-sharing communities to enhance collective cyber defense.
Drive threat modeling initiatives to anticipate and prepare for emerging cyber threats.
Advise leadership on strategic cybersecurity investments, leveraging intelligence-driven insights.

Incident Response & Threat Hunting

Support incident response investigations by providing real-time threat intelligence analysis and adversary profiling.
Conduct threat correlation and attribution exercises, linking malicious activity to known threat actors and campaigns.
Assist in the development of detection rules (YARA, Sigma, STIX/TAXII) and security automation processes to enhance response capabilities.

Mentorship & Innovation

Lead and mentor a team of cyber threat intelligence analysts, fostering a culture of continuous learning and development.
Stay at the forefront of threat intelligence trends, evolving adversary tactics, and emerging technologies to enhance CTI capabilities.
Evaluate and recommend new tools and technologies to improve intelligence gathering, analysis, and dissemination processes.

development and implementation of a comprehensive Cyber Threat Intelligence (CTI) program, integrating intelligence feeds, tools, and analytical methods.
Conduct deep-dive analysis of cyber threats, including APT groups, cybercrime actors, and emerging threats, using intelligence tools like Recorded Future, Intel 471, ISAC, and FlashPoint.
Monitor open-source intelligence (OSINT), dark web sources, and private intelligence feeds to track potential threats relevant to the organization.
Develop intelligence reports and briefings for security leadership and key stakeholders, translating complex threat data into actionable recommendations.
Collaborate with SOC, Incident Response, and Red Team functions to ensure proactive threat hunting and risk mitigation.

Collaboration & Strategy

Work closely with Security Operations, IT, and Business Leaders to align CTI efforts with the organization’s risk management strategies.
Establish and maintain relationships with industry peers, law enforcement, ISACs, and threat-sharing communities to enhance collective cyber defense.
Drive threat modeling initiatives to anticipate and prepare for emerging cyber threats.
Advise leadership on strategic cybersecurity investments, leveraging intelligence-driven insights.

Incident Response & Threat Hunting

Support incident response investigations by providing real-time threat intelligence analysis and adversary profiling.
Conduct threat correlation and attribution exercises, linking malicious activity to known threat actors and campaigns.
Assist in the development of detection rules (YARA, Sigma, STIX/TAXII) and security automation processes to enhance response capabilities.

Mentorship & Innovation

Lead and mentor a team of cyber threat intelligence analysts, fostering a culture of continuous learning and development.
Stay at the forefront of threat intelligence trends, evolving adversary tactics, and emerging technologies to enhance CTI capabilities.
Evaluate and recommend new tools and technologies to improve intelligence gathering, analysis, and dissemination processes.

Required Qualifications

7+ years of experience in Cyber Threat Intelligence, Threat Hunting, or Incident Response.
5+ years of experience in threat intelligence platforms such as Recorded Future, Intel 471, ISAC, and FlashPoint.
5+ years of experience in cyber threat analysis, malware analysis, and adversary tracking.
5+ years of experience with MITRE ATT&CK framework, Cyber Kill Chain, and TTP analysis.
3+ years of experience in using scripting languages such as Python, PowerShell, or Bash for security automation.
3+ years of experience with SIEM, EDR, and SOAR technologies to integrate CTI workflows.

Preferred Qualifications

Experience working with government agencies, financial institutions, or critical infrastructure sectors.
Certifications such as GCTI (GIAC Cyber Threat Intelligence), CISSP, CEH, or OSINT-related certifications.
Hands-on experience with dark web intelligence gathering and threat actor engagement techniques.
Ability to communicate complex intelligence insights to both technical and non-technical audiences.
Strong understanding of nation-state and financially motivated cyber threats.

Education

Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience)

Pay Range

The typical pay range for this role is:

$130,295.00 - $260,590.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company’s equity award program.

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.
No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.
Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefits

We anticipate the application window for this opening will close on: 03/31/2025

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.

CVS Pharmacy Inc

Website: https://cvshealth.com/

Headquarter Location: Woonsocket, Rhode Island, United States

Employee Count: 10001+

Year Founded: 1963

IPO Status: Public

Last Funding Type: Post-IPO Equity

Industries: Health Care ⋅ Medical ⋅ Pharmaceutical ⋅ Retail ⋅ Sales

(USA) Member Specialist

Walmart • 3/25/2025 ⋅ United States

Staff SRE, Infrastructure Security

MongoDB • 2/24/2025 ⋅ United States

Information Technology Analyst II

New York Presbyterian Hospital • 3/28/2025 ⋅ India, United States

Cybersecurity Analyst

AnaVation • 3/24/2025 ⋅ United States

Enterprise Architect - VP

State Street • 3/17/2025 ⋅ Poland

Notify

postings

pricing

login