Security Analyst, Threat Intelligence Operations (English) - Singapore

Product area

The Core team builds the technical foundation behind Google’s flagship products. We are owners and advocates for the underlying design elements, developer platforms, product components, and infrastructure at Google. These are the essential building blocks for excellent, safe, and coherent experiences for our users and drive the pace of innovation for every developer. We look across Google’s products to build central solutions, break down technical barriers and strengthen existing systems. As the Core team, we have a mandate and a unique opportunity to impact important technical decisions across the company.

Job description

In this role, you will be a key member of the newly established Threat Intelligence Operations (TIO) function. Your primary mission is to contextualize threat intelligence specifically for Alphabet. You will be responsible for providing actionable intelligence to proactively identify coverage gaps and strengthen the overall security posture of the organization.

Qualifications

Job responsibilities

• Combine public reporting with internal security data from sources such as threat scenarios consolidated in optimus and enterprise security intelligence .
• Evaluate known threats against current defensive and protective capabilities to identify coverage gaps, leveraging code reviews to assess the efficacy of technical defenses and detection logic.
• Conduct limited, focused manual hunting to ensure intelligence remains grounded in operational reality.
• Produce high-quality threat assessments to get threat scenarios integrated into threat catalogue and engineering roadmaps.

Minimum qualifications

• Bachelor's degree or equivalent practical experience.
• 2 years of experience in cyber security, threat intelligence, or threat analysis.
• Experience in intelligence aggregation, evaluating threat coverage gaps, or threat modeling.
• Experience with automation via coding or scripting, as well as querying data using SQL to support threat hunting or intelligence gathering.
• Ability to communicate in English fluently to support cross-team relationship management and publish high-quality advisories.

Preferred qualifications

• Experience evaluating defensive capabilities and producing actionable threat advisories.
• Experience working collaboratively with Detection and Response (D&R) and operational teams to drive security improvements.
• Deep understanding of common attacker tactics, tools, and techniques (TTPs), as well as agentic threats and internal abuse vectors.
• Excellent problem-solving and investigative skills, with the ability to explain complex detection or control gaps to various audiences.