Threat Analyst

The Position 

OPSWAT is looking for an experienced and motivated Threat Analyst to join our Threat Intelligence team. The ideal candidate will have a background in cyber threat intelligence (CTI) and a passion for maintaining awareness of the global threat landscape through identifying, tracking, and countering emerging threats. Focus areas include broad awareness on cybersecurity threats, including identifying intrusion sets, pursuing known adversary groups, analyzing malware, dissecting adversary TTPs, as well as uncovering and tracking adversary infrastructure. The Threat Analyst will help maintain robust documentation, create effective detection countermeasures, and provide actionable insights to help our customers establish meaningful threat-informed defensive capabilities. 

What You Will Be Doing 

• Conduct in-depth analysis of cyber threats, vulnerabilities, and emerging trends to support OPSWAT's threat intelligence efforts. Identify and provide actionable insights to help drive our threat intelligence products.
• Monitor open source threat research, proprietary third-party cyber intelligence products, internal product telemetry and available technical data sources. Extract, document, and perform analysis of key information to drive insights and maintain awareness of evolution and advancements in the threat landscape.
• Perform analysis of malicious software, utilizing static and dynamic methodologies to identify key capabilities and behaviors. Extract insights that enable identification of known and emerging malware families, capture intelligence related to threat actor usage and campaign clusters, and formulate effective analytics to detect and track malicious code in both initial access and post-exploit phases.
• Prepare detailed reports on threat intelligence findings and present them to stakeholders, including internal teams, customers, prospects, and the public. Share insights through blogs, webinars, whitepapers, and briefings; attend and speak at relevant conferences and working groups and collaborate with other researchers in the community to maximize impact and access to shared insights.
• Utilize threat analysis tools and platforms to collect, process, enrich and curate technical threat intelligence. Stay updated on the latest tools and technologies in the field, including in the offensive and defensive sectors.
• Partner with internal product teams and technology owners to provide guidance on effective approaches to countering threat actor activity. Apply knowledge of foundational, proven practices while developing innovative approaches to defending against advanced security threats. 

What We Need From You

• Strong analytical and critical thinking skills, with the ability to process complex information and identify patterns, trends, and anomalies.
• Effective communication skills, both written and verbal.
• Strong organization skills, with the ability to effectively structure and manage large amounts of knowledge and investigative data over time.
• 3+ years of experience in threat intelligence, malware analysis, security threat research, detection engineering or a related role. 
• Working familiarity with commonly used threat and intrusion analysis models, including the intelligence lifecycle, MITRE ATT&CK, Diamond Model, or Cyber Kill Chain. 
• Strong understanding of file formats, operating system environments, network protocols. Familiarity with modern computing, internet, and cloud infrastructure. 
• Familiarity with threat analysis tools and software, including intrusion detection systems such as Suricata or Snort, and file identification and clustering tools like YARA. 
• Experience in developing analysis tooling, integration scripts and API clients in a language such as Python or Go.
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Relevant intelligence focused certifications (e.g., GCTI, CTIA, CRTIA) are a plus.
• This position may require occasional travel to domestic or international locations to attend conferences, deliver briefings, or participate in key company events. 

What We Offer 

• Competitive salaries, professional development opportunities, and a supportive work environment.
• Opportunities to engage in challenging and fulfilling threat response work, countering adversaries operating in areas of critical infrastructure organizations and other sensitive targets.
• A chance to play a crucial role in safeguarding critical infrastructure organizations against cyber threats.