Senior Threat Intelligence Analyst

OPSWAT, a global leader in IT, OT, and ICS critical infrastructure cybersecurity, delivers an end-to-end platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks, secure their devices, and ensure compliance. Over the last 20 years our commitment to innovative technology has earned the trust of more than 1,700 organizations, governments, and institutions globally, solidifying our role in protecting the world’s critical infrastructure and securing our way of life.

The Position

The Senior Threat Intelligence Analyst leads the organization’s efforts in collecting, analyzing, and disseminating threat intelligence derived from Indicators of Compromise (IOCs) generated by an existing sandbox product. This role focuses on producing actionable, high-quality threat intelligence to inform strategic and operational security decisions, while also providing leadership and mentorship to junior analysts. The ideal candidate will excel in leveraging sandbox-generated data, correlating it with external intelligence sources, and driving the development of advanced threat intelligence capabilities to protect against sophisticated cyber threats.

What You Will be Doing

• Advanced IOC Analysis and Intelligence Production:

o Lead the analysis of IOCs (e.g., malicious IPs, domains, file hashes, and behavioral patterns) from the organization’s sandbox product to produce high-impact threat intelligence.

o Correlate sandbox outputs with open-source, commercial, and proprietary threat intelligence feeds to provide comprehensive threat insights.

o Develop and deliver detailed threat intelligence products, including strategic reports, threat actor profiles, and tactical alerts on emerging threats and TTPs (tactics, techniques, and procedures).

• Strategic Threat Intelligence Leadership:

o Guide the development and execution of the organization’s threat intelligence strategy, ensuring alignment with business objectives and risk priorities.

o Oversee the identification and prioritization of emerging cyber threats by analyzing trends and patterns in sandbox data and external intelligence sources.

o Drive the creation of threat intelligence frameworks and methodologies to enhance the organization’s proactive defense capabilities.

• Team Leadership and Mentorship:

o Mentor and supervise junior threat intelligence analysts, providing guidance on IOC analysis, intelligence production, and professional development.

o Lead training initiatives to upskill the team on advanced threat intelligence techniques, sandbox technologies, and industry best practices.

o Foster a collaborative team environment, promoting knowledge-sharing and continuous improvement.

• Threat Intelligence Dissemination and Collaboration:

o Present high-quality intelligence briefings, reports, and dashboards to executive leadership, technical teams, and external stakeholders.

o Lead engagement with industry partners, ISACs, and threat intelligence-sharing platforms (e.g., MISP, ThreatConnect) to enhance collective defense efforts.

o Collaborate with cross-functional teams, including SOC, incident response, and risk management, to integrate threat intelligence into security operations.

• Sandbox Optimization and Process Improvement:

o Oversee the utilization of sandbox-generated IOCs, ensuring data is effectively leveraged for intelligence production.

o Recommend and implement enhancements to sandbox configurations and workflows to improve IOC quality and relevance.

o Evaluate and integrate new threat intelligence tools and technologies to augment sandbox capabilities.

• Continuous Threat Monitoring and Expertise:

o Stay ahead of the evolving cyber threat landscape, including advanced persistent threats (APTs), malware campaigns, and adversary methodologies.

o Maintain expertise in the MITRE ATT&CK framework and other threat intelligence standards to contextualize and prioritize findings.

o Lead research into emerging threats and contribute to thought leadership through whitepapers, blogs, or industry presentations.

 

What We Need from You 

• Education:

o Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field, or equivalent work experience.

o Advanced certifications (e.g., GCTI, CTIA, CISSP, or equivalent) are highly preferred.

• Experience:

o 5+ years of experience in threat intelligence, with at least 2 years in a senior or leadership role.

o Extensive experience processing and analyzing IOCs from sandbox environments (e.g., Cuckoo Sandbox, CrowdStrike Falcon Sandbox, Hatching Triage, or similar).

o Proven track record of producing strategic and tactical threat intelligence for diverse audiences.

o Experience leading or mentoring teams in a cybersecurity or threat intelligence context.

• Skills and Competencies:

o Expert-level understanding of cyber threats, including malware, phishing, and APTs.

o Advanced proficiency in analyzing IOCs, including file hashes, IP addresses, domains, and behavioral indicators.

o Strong knowledge of threat intelligence platforms (e.g., ThreatConnect, MISP, Recorded Future) and OSINT collection techniques.

o Proficiency in scripting languages (e.g., Python, PowerShell) for automating IOC processing and intelligence workflows.

o Exceptional communication skills, with the ability to translate complex threat intelligence into actionable insights for technical and executive audiences.

o Leadership skills with a demonstrated ability to guide teams and drive strategic initiatives.

o Ability to thrive in a fast-paced, dynamic environment and manage multiple priorities effectively.

 

It Would be Nice if You Had

• Experience integrating sandbox-derived intelligence with cloud-native and enterprise security platforms.
• Familiarity with advanced malware analysis or reverse engineering techniques.
• Prior leadership in threat intelligence-sharing communities or industry working groups.
• Published research or contributions to the cybersecurity community (e.g., whitepapers, conference talks).

OPSWAT is an equal opportunity employer. We celebrate diversity and are committed to providing an environment where equal employment opportunities are extended to all employees and applicants, free of discrimination and harassment of any type. All employment decisions are based on individual qualifications, job requirements, and business needs without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other category protected by federal, state, or local laws.

Recruiting Agencies: we do not accept unsolicited resumes from third party agencies for any of our open positions. To submit resumes for our jobs, there must be a recruiting contract approved by our legal team and endorsed by both parties. We are currently not accepting additional 3rd party agencies at this time.