Threat intelligence analysts sit upstream of most cybersecurity work. Their job is to figure out what’s happening before an attack fully unfolds into a widespread problem. The role pulls from multiple disciplines — part investigator, part data analyst, part strategist — to track threats from bad actors and understand what matters in a constant stream of noise. That can mean tracing a ransomware campaign across endpoints, following suspicious traffic through cloud systems or piecing together scattered signals into a larger pattern.
In this day and age, with artificial intelligence making online criminal activity easier than ever, companies are building teams to get ahead of cyber attacks as much as possible. According to the U.S. Bureau of Labor Statistics, roles related to information security are projected to grow by 32 percent through 2032. Employers, like the ones listed below, are increasingly looking for candidates who can work across tools and data sources while still telling a clear story about attacker intent.
Top Companies Hiring Threat Intelligence Analysts
- Palo Alto Networks
- Microsoft
- Google Cloud
- CrowdStrike
- Cisco
Top Companies Hiring Threat Intelligence Analysts
Headquarters: Armonk, New York
Founded: 1911
Company size: 260k+ employees
Industry: IT and Artificial Intelligence
IBM’s X-Force works directly inside enterprise and critical infrastructure systems. This type of access gives its analysts visibility into threats that rarely show up in public data, tracking activity across the dark web and mapping risks to industries like energy, finance and manufacturing. Open roles tend to prioritize candidates who can synthesize intelligence across multiple sources, including underground forums, and translate it into risk insights for large organizations.
Headquarters: Mountain View, California
Founded: 2008
Company size: 190k+ employees
Industry: Cloud Computing and Cybersecurity
Since folding Mandiant into its ecosystem, Google Cloud has built one of the most forward-facing threat intelligence operations out there. A lot of the work comes down to tracking persistent threats and dissecting malware families as they show up across global infrastructure, pulling from both frontline breach response insights and massive datasets like VirusTotal. Hiring tends to favor analysts who can pivot between reverse engineering, incident response and intelligence reporting, while also being able to communicate their findings to both technical and executive audiences.
Headquarters: San Jose, California
Founded: 1984
Company size: 86k+ employees
Industry: Networking and Cybersecurity
Cisco’s Talos Intelligence Group operates with a unique vantage point, as it’s able to draw from the company’s deep control over internet infrastructure to monitor threats at the network layer. That visibility translates into intelligence on everything from phishing campaigns to large-scale botnets moving across global traffic. Hiring leans toward analysts with networking fundamentals, experience in packet analysis and the ability to work with open-source intelligence to contextualize what’s happening on the wire.
Headquarters: Redmond, Washington
Founded: 1975
Company size: 220k+ employees
Industry: Enterprise Software and Cloud Computing
Microsoft’s Threat Intelligence team operates at a scale few can match, analyzing 100 trillion signals a day across Windows, Azure and enterprise software to track global threat actors. Analysts here are often embedded in long-running investigations into nation-state groups, where the work blends telemetry analysis with geopolitical context. Open roles consistently call for strong detection engineering skills (KQL, Sentinel), familiarity with endpoint data and the ability to attribute campaigns across massive distributed systems.
Headquarters: Santa Clara, California
Founded: 2005
Company size: 15k+ employees
Industry: Cybersecurity
Through its Unit 42 division, Palo Alto Networks combines frontline incident response with large-scale cloud telemetry. The company’s expanding platform, which only got stronger following its acquisition of CyberArk, leans heavily on analysts who can move fluidly between threat hunting, malware reverse engineering and briefing enterprise clients on active campaigns. Current listings emphasize experience with MITRE ATT&CK mapping, cloud environments — AWS, Azure and GCP — and the ability to translate messy intrusion data into a clear understanding of the threat.
Headquarters: Seattle, Washington
Founded: 2006
Company size: 143k+ employees
Industry: Cloud Computing
AWS’s security team operates behind the scenes of a huge portion of the internet, protecting the cloud infrastructure other companies rely on. Amazon Web Services alone holds 30 percent of the global cloud market. Threat intelligence here is deeply tied to cloud-native attack patterns, including account takeovers, misconfigurations and large-scale DDoS activity. Job listings often call for candidates with hands-on experience with cloud and distributed systems, as well as the ability to analyze high-volume telemetry without losing sight of attacker behavior.
Headquarters: Reston, Virginia
Founded: 1969
Company size: 47k+ employees
Industry: Defense and Government IT Services
Leidos is one of the primary contractors supporting cyber and intelligence operations for the U.S. government. Threat intelligence analysts here are more likely to work on mission-driven problems tied to military operations and classified systems, so job responsibilities emphasize security clearances, past experience with government frameworks and the ability to operate in highly structured environments.
Headquarters: Sunnyvale, California
Founded: 2000
Company size: 14k+ employees
Industry: Cybersecurity
Through its FortiGuard Labs, Fortinet processes intelligence from millions of deployed devices. With that constant stream of data, analysts focus on spotting zero-day exploits and tracking threats targeting IoT and operational technology systems. Its hiring criteria typically includes malware analysis skills, familiarity with embedded systems and the ability to quickly validate and escalate newly discovered threats.
Headquarters: San Jose, California
Founded: 2007
Company size: 7k+ employees
Industry: Cybersecurity and Cloud Security
Zscaler’s ThreatLabz team is built around the realities of zero trust architecture, where traffic is constantly inspected as it moves through encrypted channels. Its intelligence work focuses heavily on web-based threats, including malware delivery through HTTPS and lateral movement inside cloud environments. Most roles are looking for analysts who are comfortable digging into network traffic, understand how SSL inspection works and can spot subtle patterns in encrypted data.
Headquarters: Austin, Texas
Founded: 2011
Company size: 10k+ employees
Industry: Cybersecurity
CrowdStrike’s Falcon Intelligence team is known for its detailed adversary tracking. The company’s platform is built on endpoint detection and response data, where analysts spend much of their time connecting behavioral signals to specific actors and campaigns. Job postings emphasize experience in threat hunting and Python, along with the ability to work with EDR telemetry, especially for candidates who can connect technical findings to real-world attacker intent.
