Principal Threat Intelligence Analyst, Google Threat Intelligence Group

• Lead ad-hoc teams to coordinate the overall response to significant threat actor operations.
• Jump into emerging threat activity to conduct initial analysis, swiftly assessing the scope, severity, and potential impact of the threat.
• Lead the publication process for rapid-release threat intelligence, including public-facing blogs, customer reporting, and internal enablement materials.
• Serve as a trusted advisor to executive leadership and external stakeholders by providing tailored briefings on emerging threats, incident progress, and business risks.
• Provide technical leadership and mentorship to analysts within GTIG and the broader organization, fostering a culture of continuous improvement.

Minimum qualifications:

• Bachelor's degree or equivalent practical experience.
  
• 7 years of experience in cyber threat intelligence or incident response.
• Experience with Digital Forensics and Incident Response (DFIR) in both functional and leadership capacities or working with or managing intelligence researchers across the intelligence production lifecycle.
• Experience performing analysis within the cyber threat life cycle (e.g., digital forensics techniques/artifacts, malware research, and vulnerability exploitation.).

Preferred qualifications:

• Experience in SecOps, Security Information and Event Management
  (SIEM), and detection engineering, with a proven ability to correlate malicious activity, analyze primary-source malware, and interpret software exploitation and vulnerability metrics.
• Track record of producing polished, investigative deliverables under tight deadlines, including intelligence reporting and public-facing blog posts.
• Ability to scale operational impact by developing automated solutions using both Large Language Model (LLM) based and legacy workflows.
• Skilled at managing complex internal and external relationships and translating highly technical risks into actionable insights for executive audiences.

We are seeking a highly exceptional Principal Threat Intelligence Analyst to join our Cyber Threat Coordination Center (CTCC). In this role, you will operate at the very center of Google Threat Intelligence Groups (GTIG’s) response to complex, high-impact cybersecurity events. Serving as an incident commander, you will orchestrate immediate, continuous, and organized responses to critical incidents and widespread threat campaigns. You will be the critical link that translates complex technical threat data into clear narratives, maintaining situational awareness for executive stakeholders, and ensuring that GTIG speaks with "one voice" across all internal and external channels. Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. Mandiant's cybersecurity expertise has earned the trust of security professionals and company executives around the world. Our unique combination of renowned frontline experience responding to some of the most complex breaches, nation-state grade threat intelligence, machine intelligence, and the industry's best security validation ensures that Mandiant knows more about today's advanced threats than anyone.

At Google, we have a vision of empowerment and equitable opportunity for all Aboriginal and Torres Strait Islander peoples and commit to building reconciliation through Google’s technology, platforms and people and we welcome Indigenous applicants. Please see our Reconciliation Action Plan for more information.

Note: Google's hybrid workplace includes remote and in-office roles. By applying to this position you will have an opportunity to share your preferred working location from the following:

In-office locations: Sydney NSW, Australia; Docklands VIC, Australia.
Remote location(s): Australian Capital Territory, AU; New South Wales, AU; Northern Territory, AU; Queensland, AU; South Australia, AU; Tasmania, AU; Victoria, AU.

• Bachelor's degree or equivalent practical experience.
  
• 7 years of experience in cyber threat intelligence or incident response.
• Experience with Digital Forensics and Incident Response (DFIR) in both functional and leadership capacities or working with or managing intelligence researchers across the intelligence production lifecycle.
• Experience performing analysis within the cyber threat life cycle (e.g., digital forensics techniques/artifacts, malware research, and vulnerability exploitation.).