Senior Security Engineer, Threat Intelligence

About 1Password: At 1Password, we're building the foundation for a safe, productive digital future. Our mission is to unleash employee productivity without compromising security by ensuring every identity is authentic, every application sign-in is secure, and every device is trusted. We innovated the market-leading enterprise password manager and pioneered Extended Access Management, a new cybersecurity category built for the way people and AI agents work today.

Role Overview: At 1Password, security isn't just a feature – it's our foundation. The Security Operations team's mission is to protect the business by securing the systems, tools, and processes that power how we work. The Cyber Threat Intelligence (CTI) function helps drive intelligence-led security. Our goal is not just to track threats, but to turn adversary behavior and emerging techniques into real improvements across detection, response, and adversary simulation. This role is focused on operationalizing intelligence. You will build automation, integrate intelligence into security tooling, develop intelligence-driven hunting hypotheses, and help ensure threat intelligence directly influences how we detect, respond to, and simulate attacks.

What You'll Do

• Track and analyze threat actors, campaigns, and techniques targeting identity and cloud environments
• Translate intelligence into actionable detections, hunting hypotheses, and adversary simulations
• Partner with Detection Engineering, Incident Response, and other security teams to drive security decisions
• Produce clear technical assessments and executive-ready insights to inform risk prioritization
• Build and maintain automated pipelines to ingest, enrich, and distribute threat intelligence
• Map adversary behaviors to internal telemetry and control coverage to identify gaps
• Apply AI and intelligent tooling to accelerate analysis and correlation while maintaining rigor
• Strengthen intelligence-led security practices through hypothesis-driven hunting and continuous learning

Who You Are

• An adversary-focused security engineer who understands attacker behavior and defensive systems.
• A builder who enjoys designing automation, integrations, and scaling workflows.
• Comfortable writing code, working with APIs, and integrating security platforms.
• Analytical and hypothesis-driven, with strong judgment in assessing threat credibility and relevance.
• A strong collaborator who can translate intelligence into practical security improvements.
• Able to clearly communicate complex ideas to technical and non-technical audiences.

What You Bring

• 5+ years of experience in cyber threat intelligence, with 3+ years focused on security engineering and automation.
• Strong understanding of modern attacker techniques, particularly in identity, credential abuse, cloud exploitation, and AI-assisted attack scenarios.
• Experience integrating threat intelligence platforms and building automation around intelligence ingestion and enrichment.
• Proficiency in scripting or programming (e.g., Python, Go) and working with APIs and data pipelines.
• Experience applying AI/ML-assisted tools to enhance intelligence analysis or signal prioritization.
• Willingness to participate in an on-call rotation and support security incidents during high-severity or off-hours events.