Group 1001 is a consumer-centric, technology-driven family of insurance companies on a mission to deliver outstanding value and operational performance by combining financial strength and stability with deep insurance expertise and a can-do culture. Group1001’s culture emphasizes the importance of collaboration, communication, core business focus, risk management, and striving for outcomes. This goal extends to how we hire and onboard our most valuable assets – our employees.
Why This Role Matters:
As the Threat Intelligence Lead, you will design, operationalize, and mature the organization’s Cyber Threat Intelligence (CTI) program. This role blends hands-on engineering with intelligence analysis - building automation pipelines, integrating data sources, and developing scalable intelligence capabilities to detect and mitigate threats.
You will lead the strategic development of intelligence requirements (PIRs), produce actionable insights on novel and emerging threats, and translate intelligence findings into measurable security control improvements. This role is both strategic and operational, requiring a balance between analytical rigor, engineering execution, and clear communication to drive organizational uplift.
How You'll Contribute:
Threat Intelligence Engineering & Automation
Build and enhance automation pipelines for collection, enrichment, and dissemination of intelligence using scripting, APIs, and SOAR platforms.
Onboard a Threat Intelligence Platform (TIP) and identify and implement new technologies to improve efficiency in threat data processing, analysis, and reporting.
Develop and maintain integrations across multiple threat data sources (OSINT, commercial, ISAC, and law enforcement).
Program Development & Strategy
Establish and maintain Priority Intelligence Requirements (PIRs) aligned to organizational risks and business priorities.
Mature CTI methodologies for analysis, attribution, and threat-actor profiling.
Develop repeatable processes for intelligence-led risk reduction and control enhancements.
Partner with security engineering and security operations to ensure CTI outputs inform control design, detection logic, and response playbooks.
Operational Intelligence & Incident Support
Support incident response and threat hunting through contextual intelligence and trend analysis.
Perform deep-dive investigations into novel and emerging threats, focusing on relevance to the organization’s ecosystem.
Maintain real-time situational awareness of ongoing campaigns, ransomware trends, and nation-state activity.
Contribute to post-incident reviews and drive lessons learned into prevention and detection improvements.
Stakeholder Engagement & Reporting
Produce high-quality intelligence reports, briefings, and dashboards tailored to executive, operational, and technical audiences.
Collaborate cross-functionally with IT, Legal, Fraud, and Risk teams to translate intelligence into actionable outcomes.
Deliver regular briefings to leadership on emerging threats, threat landscape evolution, and control improvement opportunities.
Elevate the organization’s overall intelligence maturity through storytelling, awareness, and actionable reporting.
Continuous Improvement & External Engagement
Engage with trusted intelligence communities, ISACs, and peers to stay ahead of evolving threats.
Benchmark the program against CTI frameworks (MITRE ATT&CK, Diamond Model, Cyber Kill Chain).
Foster innovation by exploring AI/ML-driven intelligence analysis or automation where appropriate.
What We're Looking For:
Bachelor’s degree in Computer Science, Information Security, Intelligence Studies, or related fields.
8+ years of experience in cyber threat intelligence, security engineering, or SOC/IR operations.
Strong technical foundation with hands-on experience building automation (Python, APIs, SOAR, TIPs).
Deep understanding of threat intelligence frameworks and analytical methodologies (MITRE ATT&CK, Kill Chain, STIX/TAXII).
Demonstrated ability to produce intelligence reports that influence security decisions and drive measurable control uplift.
Exceptional communication skills, capable of translating complex intelligence into clear and actionable outcomes.
Strong collaboration and stakeholder management skills across business and technical functions.
Highly organized, self-directed, and comfortable operating as an individual contributor in a fast-paced, evolving environment.
Compensation:
Our compensation reflects the cost of labor across several U.S. geographic markets. The base pay for this position ranges from $175,000/year in our lowest geographic market up to $225,000/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.
Benefits Highlights:
Employees who meet benefit eligibility guidelines and work 30 hours or more weekly, have the ability to enroll in Group 1001’s benefits package. Employees (and their families) are eligible to participate in the Company’s comprehensive health, dental, and vision insurance plan options. Employees are also eligible for Basic and Supplemental Life Insurance, Short and Long-Term Disability. All employees (regardless of hours worked) have immediate access to the Company’s Employee Assistance Program and wellness programs—no enrollment is required. Employees may also participate in the Company’s 401K plan, with matching contributions by the Company.
Group 1001, and its affiliated companies, is strongly committed to providing a supportive work environment where employee differences are valued. Diversity is an essential ingredient in making Group 1001 a welcoming place to work and is fundamental in building a high-performance team. Diversity embodies all the differences that make us unique individuals. All employees share the responsibility for maintaining a workplace culture of dignity, respect, understanding and appreciation of individual and group differences.
#LI-AS1 #LI-REMOTE