About Canonical

Canonical is the pioneering tech company behind Ubuntu, the world's leading open source operating system powering AI, IoT, cloud computing, and countless devices globally. As publishers of Ubuntu, Canonical's products touch nearly every organization and household, driving innovation in open source software. With a remote-first culture, Canonical recruits top talent worldwide, fostering collaboration across time zones while emphasizing work-life balance and professional growth. Join a team that's securing the future of open source at scale.

Role Overview

The Threat Intelligence Lead at Canonical owns the company's threat intelligence strategy and execution. Reporting directly to the CISO, you'll analyze cyber threat actors targeting Canonical and the broader open source ecosystem, leveraging Tactics, Techniques, and Procedures (TTPs) to strengthen products and internal controls. This worldwide remote role positions you as a thought leader, collaborating with internal teams and the cybersecurity community to protect Ubuntu users everywhere.

Why Threat Intelligence Matters at Canonical

Ubuntu's ubiquity makes it a prime target for supply chain attacks. You'll study trends, report findings, and advise engineering on detections and mitigations, safeguarding Canonical and the global open source community.

Key Responsibilities

• Build and own Canonical’s threat intelligence strategy from the ground up.
• Develop and maintain OSINT research environments using tools like Buscador, Maltego, Shodan, and social media scrapers.
• Identify, track, and analyze targeted intrusion threats, trends, and TTPs from proprietary and open source datasets.
• Coordinate adversary and campaign tracking across teams.
• Collaborate with product, engineering, OPSEC, and IS teams to implement security controls and mitigation strategies.
• Conduct executive briefings, internal reports, and contribute to the global threat intelligence community.
• Identify intelligence gaps and propose innovative tools and research projects.

Qualifications & Requirements

The ideal Threat Intelligence Lead brings proven leadership in threat intelligence or similar roles, deep knowledge of open source threats, networking, and infrastructure.

• High competence with OSINT frameworks (e.g., OSINT Framework, Trace Labs VM).
• Ability to track adversary tradecraft with incomplete data.
• Experience influencing enterprise architecture or product decisions via intelligence.
• Excellent communication skills to tailor technical content for diverse audiences.
• Willingness to travel twice yearly for up to two-week company events.

Desired Characteristics

• Professional portfolio of OSINT scripts, tools, or frameworks.
• Demonstrated OSINT community involvement (share links).
• Bachelor’s degree in computer science, information security, or related field.
• Certifications like GOSI, SANS SEC487/SEC587, IntelTechniques OSIP.
• Background in tech companies or government/military SIGINT.

Benefits & Perks

Canonical offers competitive, performance-based compensation reviewed annually, plus a bonus structure. Enjoy a fully distributed work environment tailored to global needs.

• USD 2,000 yearly personal learning and development budget.
• Biannual in-person team sprints with Priority Pass and travel upgrades.
• Generous annual holiday leave, maternity/paternity leave.
• Employee Assistance Programme and recognition rewards.
• Opportunities to travel and connect with colleagues worldwide.

Career Growth

At Canonical, growth is continuous. This leadership role reports to the CISO, offering visibility into executive strategy. Leverage your $2,000 learning budget for certifications, conferences, or tools. Contribute to Ubuntu's security evolution, establish thought leadership, and advance in a company prioritizing open source innovation. High performers see frequent compensation adjustments and global impact.

Why Join Canonical

Be part of the team securing Ubuntu for billions. Canonical's remote-first culture empowers you with flexibility, top-tier benefits, and a mission-driven environment. As a Threat Intelligence Lead, you'll shape cybersecurity for open source, collaborate with elite engineers, and position Canonical as an industry leader. With Ubuntu at the heart of AI, cloud, and IoT, your work protects the world's digital infrastructure.

Role FAQs

Is this role fully remote?

Yes, home-based worldwide, with two annual in-person sprints up to two weeks.

What salary can I expect?

Compensation is competitive, based on experience and location, with annual reviews and bonuses. Estimates range from USD 160,000 to 220,000.

What OSINT experience is required?

Advanced proficiency in tools like Maltego, Shodan, and custom tradecraft; leadership in tracking threats essential.

How does this role impact Ubuntu?

Directly enhances product security against supply chain threats, benefiting millions of users.

What's the reporting structure?

Reports to the CISO, with cross-functional collaboration.