Threat Intelligence Analyst

OPSWAT, a global leader in IT, OT, and ICS critical infrastructure cybersecurity, delivers an end-to-end platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks, secure their devices, and ensure compliance. Over the last 20 years our commitment to innovative technology has earned the trust of more than 1,700 organizations, governments, and institutions globally, solidifying our role in protecting the world’s critical infrastructure and securing our way of life.

The Position

The Threat Intelligence Analyst is responsible for collecting, analyzing, and disseminating threat intelligence derived from Indicators of Compromise (IOCs) generated by an existing sandbox product and external sources. This role focuses on processing sandbox outputs to produce actionable intelligence, identifying emerging cyber threats, and supporting organizational security strategies.

The ideal candidate will excel in leveraging sandbox-generated data, correlating it with external intelligence sources, and communicating findings to enhance the organization’s threat awareness.

What You Will Be Doing

• IOCs Processing and Intelligence Generation:

o Collect and analyze IOCs (e.g., malicious IPs, domains, file hashes, and behavioral patterns) from the organization’s sandbox product to develop actionable threat intelligence.

o Correlate sandbox outputs with open-source and commercial threat intelligence feeds to enrich findings and validate threats.

o Produce detailed threat intelligence reports, including insights on threat actors, tactics, techniques, and procedures (TTPs).

• Threat Monitoring and Trend Identification:

o Monitor sandbox-generated data to identify emerging threats, campaigns, and trends in the cyber threat landscape.

o Track threat actor behavior and malware campaigns using IOCs to provide proactive intelligence for organizational defense.

o Maintain and update threat intelligence profiles to reflect evolving threats and adversary methodologies.

• Intelligence Sharing and Collaboration:

o Prepare and deliver concise briefings, reports, and dashboards summarizing sandbox-derived intelligence for technical and non-technical stakeholders.

o Collaborate with cybersecurity teams to share actionable intelligence and support strategic decision-making.

o Contribute to threat intelligence-sharing initiatives with industry partners, ISACs, or platforms like MISP.

• Sandbox Data Utilization:

o Leverage sandbox outputs to extract meaningful IOCs and contextualize them within the broader threat landscape.

o Recommend improvements to sandbox data collection processes to enhance the quality and relevance of IOCs.

o Stay informed on sandboxing technologies to maximize the value of generated intelligence.

• Continuous Learning and Improvement:

o Stay updated on the latest cyber threats, malware trends, and threat intelligence methodologies.

o Participate in training and knowledge-sharing to enhance team capabilities in threat intelligence.

o Monitor threat intelligence platforms and sources to ensure timely and relevant updates to organizational defenses.

 

What We Need From You 

• Education:

o Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field, or equivalent work experience.

o Relevant certifications (e.g., GCTI, CTIA, or equivalent) are preferred.

• Experience:

o 2+ years of experience in threat intelligence or related cybersecurity roles.

o Hands-on experience processing IOCs from sandbox environments (e.g., Cuckoo Sandbox, CrowdStrike Falcon Sandbox, Hatching Triage, or similar).

o Familiarity with threat intelligence platforms (e.g., ThreatConnect, MISP, or Recorded Future).

• Skills and Competencies:

o Strong understanding of cyber threats, including malware, phishing, and advanced persistent threats (APTs).

o Proficiency in analyzing IOCs such as file hashes, IP addresses, domains, and behavioral indicators.

o Knowledge of the MITRE ATT&CK framework and TTPs for threat contextualization.

o Experience with scripting languages (e.g., Python) for automating IOC processing or intelligence workflows is a plus.

o Excellent written and verbal communication skills for delivering clear and actionable intelligence.

o Ability to work collaboratively in a fast-paced, team-oriented environment.

 

It Would Be Nice If You Had

• Experience integrating sandbox-derived intelligence with cloud-native security platforms.
• Familiarity with open-source intelligence (OSINT) collection and analysis techniques.
• Previous experience contributing to threat intelligence-sharing communities or platforms.

OPSWAT is an equal opportunity employer. We celebrate diversity and are committed to providing an environment where equal employment opportunities are extended to all employees and applicants, free of discrimination and harassment of any type. All employment decisions are based on individual qualifications, job requirements, and business needs without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other category protected by federal, state, or local laws.

Recruiting Agencies: we do not accept unsolicited resumes from third party agencies for any of our open positions. To submit resumes for our jobs, there must be a recruiting contract approved by our legal team and endorsed by both parties. We are currently not accepting additional 3rd party agencies at this time.