Threat Detection and Intelligence Team Lead

Join Fortinet, a cybersecurity pioneer with over two decades of excellence, as we continue to shape the future of cybersecurity and redefine the intersection of networking and security. At Fortinet, our mission is to safeguard people, devices, and data everywhere.

We are currently seeking a dynamic Threat Detection and Intelligence Team Lead to guide a team of talented analysts. In this pivotal role, you will combine hands-on technical expertise with team leadership to drive the development of high-fidelity detection content and integrate threat intelligence into our rapidly growing business.

Key Responsibilities

As the Team Lead, you will:

Lead & Mentor: Provide day-to-day guidance, technical mentorship, and code/rule reviews to a team of Threat Detection Analysts.

Drive Detection Strategy: Lead the end-to-end lifecycle of detection content—from initial threat identification to rule development, optimization, and validation.

Threat Intelligence Integration: Spearhead the integration of threat intelligence into the product detection pipeline and telemetry strategy, ensuring the team stays ahead of emerging threats.

Coverage & Quality: Own detection coverage mapping and lead coverage gap assessments. Oversee quality assurance processes to validate detection logic and minimize false positives.

Technical Execution: Actively participate in designing and implementing detection logic for threats across Windows, Linux, and macOS.

Advanced Analysis: Guide the team in deep-dive malware analysis and behavioral profiling to support detection development.

Landscape Awareness: Track high-priority threat actors and malware campaigns, maintaining strategic awareness to guide the team's roadmap priorities.

We Are Looking For

An insightful and influential technical leader. We encourage you to apply for this position if you have the following qualities:

Experience: 6+ years of experience in the Threat Detection or Threat Intelligence field, with prior experience mentoring or leading a technical team.

Detection Engineering: Hands-on expertise in developing and tuning high-fidelity detection content (such as YARA rules) and familiarity with frameworks like MITRE ATT&CK.

OS Internals: Strong understanding of Windows internals (process trees, memory artifacts, system calls, audit logs) and familiarity with Linux/macOS.

Data Analysis: Experience analyzing large-scale telemetry, log data, and detection outputs to identify anomalies and validate coverage (Bigtable, ELK, Splunk expertise is an advantage).

Malware Knowledge: Deep familiarity with the malware landscape (APT groups, Ransomware families, Crimeware) and the ability to reverse engineer or deconstruct malicious tools.

Scripting: Proficiency in Python, PowerShell, or Bash for automation and tool development.

Product Experience: Experience working on a product team (EDR, XDR, AV, Endpoint Security)—Advantage.

Soft Skills: A collaborative team player with the ability to work independently and communicate complex technical details effectively in English.

Why Join Us

At Fortinet, we embrace diversity and inclusivity. We encourage applications from diverse backgrounds and identities. Explore our welcoming work environment designed for a rewarding career journey with an attractive Total Rewards package to support you with your overall health and financial well-being. Join us in bringing solutions that make a meaningful and lasting impact to our 660,000+ customers around the globe.

We will only notify shortlisted candidates.

Fortinet will not entertain any unsolicited resumes, please refrain from sending them to any Fortinet employees or Fortinet email aliases. Should any Agency submit any resumes to Fortinet, these resumes if considered, will be assumed to have been given by the Agency free of any related fees/charges.

#LI-Hybrid