Sr. Threat Intelligence Automation Engineer

Denver, CO, USA

Full Time Senior-level / Expert
Slack logo
Apply now Apply later

Our Security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to ensure we provide low friction high-impact security across everything we do.

As a member of the Slack Security Customer Protection team, you are the first line of detection of bad actors using Slack in unwanted and unexpected ways. As Slack’s data, customers, and features grow, protecting customers’ data from unwanted behaviors becomes an ever more important and challenging problem. The Security Customer Protection team develops and uses tooling to tease out high-quality signal from all the noise, to detect unwanted behaviors, such as abuse of users, workspaces, or tokens. Your work directly impacts the way millions of people, teams and businesses get things done.

Slack has a positive, diverse, and supportive culture—we look for people who are curious, inventive, and work to be a little better every single day. In our work together we aim to be smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, why not say hello?

What you will be doing

  • Proactive discovery and prevention of threat actors and unwanted activity in Slack, from the angle of threat intelligence sharing
  • Apply threat intelligence in Slack at scale through scripting
  • Create actions to discover and proactively prevent threats in Slack
  • Engineer novel solutions to automate threat analysis challenges
  • Work closely with other engineering teams to design and build long-term solutions for stopping malicious activity
  • Develop new dashboards to visualize and surface data for analysis and reporting
  • Participate in the greater threat intelligence community to surface events relevant to Slack
  • Use data and tools to understand and hunt for threats in the environment
  • Understand the underpinnings of how Slack works, and where bad actors could take advantage, to develop improved detective tools
  • Expose measurable data to partners to improve Slack’s ability to detect future threats
  • Participate in CorpSec detection and response activities and rotation up to 25%

What you should have

  • 5-7 years work experience in threat intelligence analysis
  • Experience drawing metadata and IOCs from threat intelligence, to correlate to malicious campaigns
  • Practical experience hunting for unwanted activity in large data sets
  • Proficiency using relational database tools such as SQL or Postgres
  • Experience with Python, Linux, Kibana, Splunk and engineering fundamentals at scale such as AWS, Chef, and Terraform
  • Understanding of bad actors, threat intelligence, and abuse; involvement remediating abuse or security-related incidents is a plus
  • You have a Bachelor's degree in Computer Science, Engineering or a related field, or equivalent training, fellowship, or work experience

Slack is registered as an employer in many, but not all, states. If you are not located in or able to work from a state where Slack is registered, you will not be eligible for employment. Visa sponsorship may not be available in certain remote locations.

Visa sponsorship is not available for candidates living outside the country of this position.


The base pay range targeted for this role is $145,833 - $175,000. This base pay range is for illustrative purposes only. This position is eligible for additional compensation and benefits including: incentive compensation; health benefits; flexible spending account; retirement benefits; life insurance; commuter benefits; paid time off (including PTO, emergency time off, paid sick leave, medical leave, volunteer time off, civic duty leave, bereavement leave, floating holidays and paid holidays); parental leave and benefits; mobile phone and internet allowance; perks stipend; and other employee perks and benefits. 

The actual offer, reflecting the total compensation package and benefits, will be at the company’s sole discretion, and determined by a myriad of factors including, but not limited to, years of experience, depth of experience, and other relevant business considerations. The company also reserves the right to amend or modify employee perks and benefits at any time.


Job region(s): North America
Job stats:  37  1  0
  • Share this job via
  • or

Explore more Information Security career opportunities