Ransomware Intelligence Analyst

What we do:
Halcyon is the industry’s first dedicated, adaptive security platform that combines multiple proprietary advanced prevention engines along with AI models focused specifically on stopping ransomware.

Who we are:
Halcyon was formed in 2021 by a team of cyber industry veterans after battling the scourge of ransomware (and advanced threats) for years at some of the largest global security vendors. Comprised of leaders from Cylance (now Blackberry), Accuvant (now Optiv), Fireye and ISS X-Force (now IBM), Halcyon is focused on building products and solutions for mid-market and enterprise customers.

As a remote-native, completely distributed global team, we recognize great talent can exist anywhere. We invite you to apply to a job you’re interested in and we'll work a plan to meet your needs.

The Role:

Our newly created Ransomware Research Center is looking for a curious and driven Ransomware Intelligence Analyst to conduct ransomware-focused intelligence and research efforts. In this role, you will track threat actors, understand their tradecraft, map affiliate operations, and analyze cryptocurrency transactions to produce intelligence that protects organizations from extortion, data theft, and operational disruption. This isn’t a role where you’ll be handed a playbook and told to color inside the lines. You’ll have the autonomy and trust to shape this position and deliverables for success. The role is ideal for an experienced intelligence or threat analyst who is ready to take ownership, bring bold ideas to the table, and see them through to real-world impact. 

Responsibilities:

• Conduct proactive research on open-source, underground, technical data, and proprietary intelligence sources to track ransomware operations, leaks, and affiliate activity.
• Drive strategic and operational intelligence analysis of ransomware groups, including actor motivations, affiliate networks, victim targeting, and revenue models.
• Hunt for threat actor infrastructure, map evolving TTPs for high-impact ransomware families, and track shifts in tooling, access brokers, and extortion techniques.
• Produce high-impact finished intelligence and deliver briefings for a wide variety of audiences, including executives, information security personnel, customers, media, and the general public.
• Collaborate across security operations, incident response, and engineering teams to ensure effective integration of data and research into the Halcyon Anti-Ransomware Platform. 
• Maintain working relationships with external partners, law enforcement, and intelligence-sharing alliances to support broader counter-ransomware efforts.
• Identify opportunities to degrade or disrupt ransomware operations through exposure, disruption, or legal/policy collaboration.

Skills and Qualifications:

• 5+ years of experience in cyber threat intelligence, cryptocurrency tracing, digital forensics, or a related role.
• Bachelor’s degree in Computer Science, Cybersecurity, or Digital Forensics; or Intelligence Analysis, Data Analysis, Applied Math or Statistics, or related degrees with appropriate additional cyber coursework.
• Deep familiarity with ransomware-as-a-service (RaaS) models, affiliate structures, and the evolution of extortion and data leak tactics.
• Strong understanding of malware analysis workflows, underground forums, and ransomware payment infrastructure (e.g., crypto tracing, leak site activity). 
• Proficiency with a scripting language (Python preferred) for data collection, transformation, and analysis.
• Fluency with common open source intelligence (OSINT), cyber threat intelligence, and/or blockchain research tools. Understanding of enrichment sources (e.g., VirusTotal, Shodan, AbuseIPDB, etc.).
• Proven ability to integrate intelligence (e.g., structure analytic techniques, Diamond Model) and tracking methodologies (e.g., Mitre ATT&CK, Cyber Kill Chain) to assess cyber threat activity. 
• Strong research and writing skills with a track record of producing high-impact ransomware intelligence reports that connect patterns across technical and non-technical data and context.
• Exceptional communication skills — both written and verbal — with the ability to brief leadership and influence decision-making.
• Ability to research independently and then use that independent work to collaborate effectively with team members and external partners. 
• Experience supporting or briefing law enforcement, government, or sector-wide ransomware initiatives.

Bonus Skills and Qualifications:

• Familiarity with a Databricks environment, including notebooks, Delta tables, and job scheduling.
• SQL proficiency for querying structured data with Databricks and other databases.
• Experience with Pandas, NumPy, and other Python data analysis libraries.  
• Comfort with Jupyter notebooks and data visualization libraries (Matplotlib, Seaborn, Plotly)
• Proficiency in a high-priority foreign language like Russian, Mandarin Chinese, Portuguese, or Farsi.

Benefits:

 Halcyon offers the following benefits to eligible employees:

• Comprehensive healthcare (medical, dental, and vision) with premiums paid in full for employees and dependents.

• 401k plan with a generous employer contribution.

• Short and long-term disability coverage, basic life and AD&D insurance plans.

• Medical and dependent care FSA options.

• Flexible PTO policy.

• Parental leave.

• Generous equity offering.

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.​

Base Salary Range: $150,000 - $180,000

Bonus Target: 10%

In accordance with applicable state and federal laws, the range provided is Halcyon’s reasonable estimate of the base compensation for this role. The actual amount may differ based on non-discriminatory factors such as experience, knowledge, skills, abilities, and location. Base pay is one part of the total package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and equity in the Company.

We understand it takes a diverse team of highly intelligent, passionate, curious, and creative people to develop the exceptional product we are building. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity employer.