Halcyon

Ransomware Intelligence Analyst

Halcyon

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $150,000 - $180,000 per year

Job Level

Mid-LevelSenior

Tech Stack

Cyber SecurityNumpyOpen SourcePandasPythonSQL

About the role

  • Conduct proactive research on Monitor open-source, underground, technical data, and proprietary intelligence sources to track ransomware operations, leaks, and affiliate activity.
  • Drive strategic and operational intelligence analysis of ransomware groups, including actor motivations, affiliate networks, victim targeting, and revenue models.
  • Hunt for threat actor infrastructure, map evolving TTPs for high-impact ransomware families, and track shifts in tooling, access brokers, and extortion techniques.
  • Produce high-impact finished intelligence and deliver briefings for a wide variety of audiences, including executives, information security personnel, customers, media, and the general public.
  • Collaborate across security operations, incident response, and engineering teams to ensure effective integration of data and research into the Halcyon Anti-Ransomware Platform.
  • Maintain working relationships with external partners, law enforcement, and intelligence-sharing alliances to support broader counter-ransomware efforts.
  • Identify opportunities to degrade or disrupt ransomware operations through exposure, disruption, or legal/policy collaboration.

Requirements

  • 5+ years of experience in cyber threat intelligence, cryptocurrency tracing, digital forensics, or a related role.
  • Bachelor’s degree in Computer Science, Cybersecurity, or Digital Forensics; or Intelligence Analysis, Data Analysis, Applied Math or Statistics, or related degrees with appropriate additional cyber coursework.
  • Deep familiarity with ransomware-as-a-service (RaaS) models, affiliate structures, and the evolution of extortion and data leak tactics.
  • Strong understanding of malware analysis workflows, underground forums, and ransomware payment infrastructure (e.g., crypto tracing, leak site activity).
  • Proficiency with a scripting language (Python preferred) for data collection, transformation, and analysis.
  • Fluency with common open source intelligence (OSINT), cyber threat intelligence, and/or blockchain research tools. Understanding of enrichment sources (e.g., VirusTotal, Shodan, AbuseIPDB, etc.).
  • Proven ability to integrate intelligence (e.g., structure analytic techniques, Diamond Model) and tracking methodologies (e.g., Mitre ATT&CK, Cyber Kill Chain) to assess cyber threat activity.
  • Strong research and writing skills with a track record of producing high-impact ransomware intelligence reports that connect patterns across technical and non-technical data and context.
  • Exceptional communication skills — both written and verbal — with the ability to brief leadership and influence decision-making.
  • Ability to research independently and then use that independent work to collaborate effectively with team members and external partners.
  • Experience supporting or briefing law enforcement, government, or sector-wide ransomware initiatives.
  • Bonus: Familiarity with a Databricks environment, including notebooks, Delta tables, and job scheduling.
  • Bonus: SQL proficiency for querying structured data with Databricks and other databases.
  • Bonus: Experience with Pandas, NumPy, and other Python data analysis libraries.
  • Bonus: Comfort with Jupyter notebooks and data visualization libraries (Matplotlib, Seaborn, Plotly)
  • Bonus: Proficiency in a high-priority foreign language like Russian, Mandarin Chinese, Portuguese, or Farsi.