Cybersecurity Engineer - Rules Architect
WFH Flexible Plano, TX Engineering
Job Type


INTRUSION seeks a Cybersecurity Rules Architect. As the Cybersecurity Rules Architect, you will act as the primary data scientist leading the implementation of the logic that determines the threat reputation of billions of IP addresses and domain names based on historical activity. Your output will be deployed in customer networks and have a direct impact on enhancing their cybersecurity posture. You will be responsible for the delicate balance of providing aggressive security while minimizing false positives to ensure customers are protected from threats while their critical business operations are not impacted.

This role requires a strong analytic mindset coupled with a strong philosophy for how to protect networks. In this role you will be both an analyst and a programmer—proposing cybersecurity theories and then testing them.

You will have the freedom to innovate new solutions and methods to test theories and visualize data. We seek individuals who thrive on data exploration and the thrill of solving challenging problems 

Essential Functions


  • Develop and maintain the processing logic which builds the reputation and categorization lists use from Intrusion Shield by creating a rules pipeline around a multitude of historical usage and threat datasets 
  • Make bold decisions on the direction of the rule list and be able to defend why those decisions improve security posture
  • Identify, evaluate and integrate 3rd party threat intelligence feed datasets into your algorithms
  • Investigate customer feedback of false positives and work to better tune algorithms
  • Work closely with the threat analytics team to develop novel approaches to identifying common threat actor patterns
  • Model and predict the impact of new algorithms on customer traffic
  • Collaborate with marketing to affirm whether emerging APT indicators would have been prevented by your rules

Qualifications (Education, Certifications and/ or Training)


  • Minimum of a Bachelor’s Degree, preferably in Computer Science, Computer Engineering, Information Technology or Mathematics.



  • 3+ years professional experience in data analytics/data science.
  • 2+ year experience in security-related fields.
  • Proficient in Python development.
  • Proficient in SQL.

Essential Skills


  • Understanding of network communication protocols and transport layers, including TCP/IP, HTTP, and DNS.
  • Exposure to machine learning algorithms
  • Ability to describe the malware kill-chain lifecycle.
  • Comfortable with Linux shell and common GNU utilities.
  • Experience with NoSQL technologies such as Hadoop, HBase, Hive, Pig, and Spark.
  • Ability to analyze, summarize, visualize and critique patterns from raw network communications data in a clear and effective manner.
  • Ability to work well in a team environment.
  • Clear, effective writing skills.
  • Kind, passionate, collaborative, driven, smart.


INTRUSION is a 38-year-old publicly traded company (INTZ) that is a trusted partner of the federal government's Department of Defense (DOD) with over 800 man-years of cyberforensics expertise. Our recently launched commercial product, Shield, is a real-time Artificial Intelligence (AI) driven Cybersecurity protection layer that prevents ransomware attacks and data breaches.

For 25+ years, INTRUSION’s solution has leveraged the world’s largest, threat-enriched big data cloud that was built by analyzing, recording, and indexing current and new Internet traffic. Additionally, Shield uses real-time AI to inspect every packet of data moving in and out of networks without impacting performance to kill malicious network threats in real-time. Shield is a plug-n-play solution with no long-term contract required.

Join us to win the war on cybercrime! More information about INTRUSION can be found at


  • Competitive salaries and comprehensive benefits.
  • On-going learning opportunities within a diverse, inclusive, and rewarding work environment.
  • INTRUSION is an Equal Employment Opportunity Employer.