Threat Analyst

Threat Analyst

Do you have demonstrable threat analysis skills?

Over the past years, the cyber security landscape has changed drastically. The number and sophistication of financially motivated, nation state and other type of threats faced by organizations is greater than ever before and this trend shows no signs of slowing down.

Since its creation in 1999, Fox-IT has a strong focus on understanding the threat landscape and the relevant threat actors. Understanding their motivation, identifying their targets and way of working, has always been the key differentiator in our work, long before threat intelligence became a buzzword. For us, threat intelligence is about improving our services and technology. It has also led to InTELL; our world class threat intelligence service for financial services.

As the market for Threat Intelligence is growing and new opportunities arise, we are investing to broaden and strengthen our intelligence capabilities. Our Intelligence business line delivers high-end intelligence products both to internal and external customers. The business line has a commercial intelligence proposition that we make available to our customers, but we also supply internal business lines with intelligence for our threat detection & emergency response services and supports these business lines wherever possible with intelligence related activities.

Our Threat Analysts form the technical core of our Intelligence team. They find, analyse and monitor a broad variety of threats; combining intelligence gathering skills with malware reverse engineering expertise.

The team has built a very strong reputation where it comes to collecting our own data and combining this with open source and closed sources.

 Key Responsibilities of a Threat Analyst

  • Real time monitoring of a variety of data sources such as underground forums, underground malware infrastructures, closed and open security forums and threat sharing groups for new threats targeting one of our clients or of general interest to the intelligence community;
  • Reverse engineering of sophisticated malware samples and contributing to the malware analysis infrastructure;
  • In-depth analysis of attack modus operandi;
  • Producing actionable intelligence for our customers;
  • Writing intelligence reports for our customers and other colleagues within Fox-IT;
  • Interact with customers through for example the intelligence portal, answering customer requests and providing additional insights into threats if required;
  • Regularly participate in threat focus meetings with customers;
  • Supporting NCC response teams and security operation centers with file analysis or design of detection mechanisms through rules.

Job Requirements and Qualifications

We’re looking for analysts with the background and skill sets listed below. If you recognize yourself in the profile, and it doesn’t match 100%, then don’t worry. Our aim is to hire world class talent. So if you’re talented, motivated and committed to develop yourself into such a profile than you have a good shot at this position. Furthermore, we try to build diversity in our teams, which means that we recruit people from different backgrounds, seniority and technical levels.


  • Demonstrable threat analysis skills: analysis of malware, exploit kits, mobile apps, etc;
  • Experience with cyber intelligence gathering and analysis including Open Source Intelligence (OSINT), closed source intelligence, attribution and – actor tracking;
  • Strong analytical and investigative skills;
  • Ability to communicate findings, both verbally and in writing;
  • Critical and creative thinker;
  • Good English language skills, both verbal and writing;
  • Ability to function as part of a (virtual) team;
  • Passion for information security and desire to deliver world class service, both to internal and external customers
  • Reverse engineering skills: OllyDbg, IDA Pro, WinDbg, etc.
  • Rules development: YARA, Snort, Suricata, , Bro etc.
  • Python, C++ or Java programming skills;
  • HUMINT intelligence (monitoring and participating in underground forums, maintaining fake personae, etc);


  • Network Protocols (from data to application layers)
  • Knowledge of Microsoft Windows Internals
  • Experience with: System/Computer forensics, Network forensics, Memory forensics, Mobile devices forensics

Location and procedure

Working from the head office in Delft (preferred) or working remotely from other countries in Europe.

Due to the sensitive nature of the work, our customers and the data we handle, candidates will be required to undergo a stringent screening procedure and to submit to background checks.

Become a Foxer!

Do you recognize yourself in the description above and do you see the match? Tell us why! Send this, together with your resume to vacatures[at] or apply via the blue button in the upper right corner of this page.

Do you have a question? Send an email to vacatures[at] or call +31 (0)15 284 79 99 and ask for Mara Jochem.

Please note that you will not receive an automatic delivery confirmation, for security reasons. We will contact you within 8 working days;
An extended screening is a part of the hiring procedure at Fox-IT.
Help from R&S agencies is, for sure well intentioned, but (really) not necessary.

Neem contact op

+31 (0) 15 284 79 99