Detection Content Lead

What we do:
Halcyon is the industry’s first dedicated, adaptive security platform that combines multiple proprietary advanced prevention engines along with AI models focused specifically on stopping ransomware.

Who we are:
Halcyon was formed in 2021 by a team of cyber industry veterans after battling the scourge of ransomware (and advanced threats) for years at some of the largest global security vendors. Comprised of leaders from Cylance (now Blackberry), Accuvant (now Optiv), Fireye and ISS X-Force (now IBM), Halcyon is focused on building products and solutions for mid-market and enterprise customers.

As a remote-native, completely distributed global team, we recognize great talent can exist anywhere. We invite you to apply to a job you’re interested in and we'll work a plan to meet your needs.

About the Role
Halcyon's goal is to deliver an anti-ransomware solution that breaks new ground in what a security product can achieve. We're hiring a Detection Content Lead to own and scale our security content operations, starting with kernel drivers, file analysis, and certificate management. This is a player-coach role where you'll do hands-on content work while building the team and systems needed for growth.

Responsibilities

          Content Operations & Development

• Drive security content decisions for kernel drivers, file classifications, and certificate validations with direct hands-on analysis
• Build and optimize content validation pipelines balancing automation with appropriate human oversight
•  Establish quality assurance processes that maintain high accuracy while meeting rapid response requirements
• Design content workflows that can scale from individual contributor work to team-based operations
  
  Team Building & Leadership
• Start as individual contributor and build team to 2-5 people within 12 months
• Collaborate with adjacent security teams to leverage existing expertise during ramp-up
• Establish training programs and operational playbooks for content specializations
• Evaluate and redesign existing processes where improvements can drive efficiency
  
  Technical Architecture & Integration
• Design and implement content management workflows across multiple security content types
•  Build monitoring and alerting systems for content performance and false positive detection
• Create escalation procedures for high-risk content decisions and incident response
• Establish metrics and SLAs for content delivery and quality standards
  
  Required Technical Skills
• 5-10 years in cybersecurity operations, threat analysis, or security product development
• Deep expertise in at least 2-3 of the following areas:
  -Kernel driver analysis and Windows system internals
  -File analysis, malware classification, and static/dynamic analysis techniques
  -Digital certificates and certificate validation workflows
  -Network intelligence, IP reputation, and DNS-based threat detection
  -Behavioral detection and signature development
  -Experience designing and implementing technical workflows and automation
  -Strong understanding of ransomware TTPs and defensive countermeasures
  -Proven ability to make rapid technical decisions while maintaining quality standards
  -Experience building or scaling technical teams from the ground up
  
  Bonus Technical Skills

• Previous experience in anti-malware, EDR, or endpoint security products
• Experience with threat intelligence platforms (MISP, ThreatConnect, etc.)
• Knowledge of SOAR platforms and security orchestration
• Published research or tools in file analysis or threat detection
• Relevant certifications (CISSP, GCIH, GCFA, SANS)

       Why Join Us?

• Own the detection content strategy for cutting-edge ransomware protection technology
•  Start hands-on and grow into team leadership with clear growth trajectory
• Collaborate with threat research, engineering, and product teams to shape product capabilities
• Freedom to redesign and optimize processes for maximum impact
• Build the foundation for detection content operations that will scale with the company

      Benefits:

• Comprehensive healthcare (medical, dental, and vision) with premiums paid in full for employees and dependents.
• 401k plan with a generous employer contribution.
• Short and long-term disability coverage, basic life, and AD&D insurance plans.
• Medical and dependent care FSA options.
• Flexible PTO policy.
• Parental leave.
• Generous equity offering.

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.​

Base Salary Range: $220k-$250k + 10% bonus + equity

In accordance with applicable state and federal laws, the range provided is Halcyon’s reasonable estimate of the base compensation for this role. The actual amount may differ based on non-discriminatory factors such as experience, knowledge, skills, abilities, and location. Base pay is one part of the total package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and equity in the Company.

We understand it takes a diverse team of highly intelligent, passionate, curious, and creative people to develop the exceptional product we are building. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity employer.