Senior Threat Detection Analyst

OPSWAT, a global leader in IT, OT, and ICS critical infrastructure cybersecurity, delivers an end-to-end platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks, secure their devices, and ensure compliance. Over the last 20 years our commitment to innovative technology has earned the trust of more than 1,700 organizations, governments, and institutions globally, solidifying our role in protecting the world’s critical infrastructure and securing our way of life.

The Position

The Senior Threat Detection Analyst leads the organization’s threat analysis and detection engineering efforts, utilizing an existing sandbox product as the primary detection software to identify and mitigate cyber threats. This role focuses on analyzing Indicators of Compromise (IOCs) generated by the sandbox, developing advanced detection capabilities within the sandbox environment, and leading technical initiatives to enhance security operations. The ideal candidate will excel in leveraging the sandbox product for real-time threat detection, mentoring junior analysts, and optimizing detection workflows, with minimal focus on broader threat intelligence activities.

What You Will be Doing

• Threat Analysis Using Sandbox Product :

o Perform in-depth analysis of IOCs (e.g., malicious IPs, domains, file hashes, and behavioral patterns) generated by the organization’s sandbox product to identify and characterize cyber threats.

o Investigate suspicious activities, such as malware behavior and network anomalies, directly within the sandbox environment to assess threat severity, scope, and impact.

o Prioritize detected threats based on sandbox outputs to guide response actions.

• Detection Engineering Within Sandbox Environment :

o Develop, tune, and optimize detection rules, signatures, and alerts within the sandbox product to enhance its threat detection capabilities.

o Configure the sandbox product to integrate IOCs and behavioral indicators into broader security workflows, ensuring seamless detection across the organization’s infrastructure.

o Enhance sandbox detection algorithms and settings to improve the accuracy and efficiency of IOC generation for real-time threat identification.

• Leadership and Mentorship :

o Mentor junior analysts in threat analysis and detection engineering techniques specific to the sandbox product, fostering expertise in its use.

o Lead technical initiatives to advance the organization’s threat detection capabilities, focusing on maximizing the sandbox product’s effectiveness.

o Promote a collaborative team environment, driving knowledge-sharing and skill development in sandbox-based detection.

• Sandbox Optimization and Process Improvement :

o Lead efforts to optimize the sandbox product’s configuration, ensuring high-quality IOC outputs and efficient detection workflows.

o Develop scripts or automation tools (e.g., in Python or PowerShell) to streamline IOC analysis and detection rule deployment within the sandbox environment.

o Evaluate and recommend enhancements to the sandbox product to strengthen its role as the primary detection software.

o Correlate sandbox-generated IOCs with external threat intelligence feeds to validate detection findings, but focus primarily on immediate threat analysis and response.

o Provide limited threat intelligence insights to support team awareness, without leading broader intelligence initiatives.

• Continuous Improvement and Expertise :

o Stay current on evolving cyber threats, malware trends, and advancements in sandbox-based detection technologies.

o Lead training sessions on sandbox-driven threat analysis and detection engineering for the cybersecurity team.

o Participate in industry forums to stay informed on best practices for sandbox-based detection solutions.

What We Need from You

• Education :

o Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field, or equivalent work experience.

o Advanced certifications (e.g., GCIH, CEH, OSCP, or equivalent) are highly preferred.

• Experience :

o 5+ years of experience in threat analysis, detection engineering, or related cybersecurity roles, with at least 2 years in a senior or leadership capacity.

o Extensive hands-on experience using sandbox products (e.g., Cuckoo Sandbox, CrowdStrike Falcon Sandbox, Hatching Triage, or similar) as primary detection software for IOC analysis.

o Proven expertise in developing and tuning detection rules within sandbox environments and integrating outputs with security operations.

• Skills and Competencies :

o Expert-level understanding of cyber threats, including malware, exploits, and attack vectors.

o Advanced proficiency in analyzing IOCs, such as file hashes, IP addresses, domains, and behavioral indicators, within a sandbox environment.

o Strong experience with scripting languages (e.g., Python, PowerShell) for automating sandbox-based analysis and detection workflows.

o Knowledge of network protocols, system forensics, and malware analysis techniques.

o Familiarity with MITRE ATT&CK framework to map threats to sandbox-based detection strategies.

o Exceptional problem-solving and analytical skills, with a focus on actionable detection outcomes.

o Leadership skills with a proven ability to mentor teams and drive sandbox-focused technical projects.

o Strong communication skills to articulate findings and recommendations to technical and non-technical stakeholders.

It Would be Nice if You Had

• Experience configuring and optimizing cloud-based sandbox solutions for enterprise-scale detection.
• Background in advanced malware analysis or reverse engineering within sandbox environments.
• Prior leadership in a Security Operations Center (SOC) or incident response role using sandbox tools.
• Contributions to open-source detection tools or sandbox-related cybersecurity communities.