Threat Analyst

What we do:

Halcyon is the industry’s first dedicated, adaptive security platform that combines multiple proprietary advanced prevention engines along with AI models focused specifically on stopping ransomware.

Who we are:

Halcyon was formed in 2021 by a team of cyber industry veterans after battling the scourge of ransomware (and advanced threats) for years at some of the largest global security vendors. Comprised of leaders from Cylance (now Blackberry), Accuvant (now Optiv), Fireye and ISS X-Force (now IBM), Halcyon is focused on building products and solutions for mid-market and enterprise customers.

As a remote-native, completely distributed global team, we recognize great talent can exist anywhere. We invite you to apply to a job you’re interested in and we'll work a plan to meet your needs.

The Role:

Halcyon’s mission is to redefine what a security product can deliver. To support this, we are seeking a skilled Threat Analyst with deep technical expertise in malware reversing and detection engineering. This role is critical to advancing our detection and prevention capabilities, ensuring broad coverage of emerging threats while eliminating false positives. The right candidate will help keep our customers safe from the latest ransomware and malware families without impacting legitimate business operations.

Responsibilities

• Monitor and analyze security events to detect, investigate, and escalate potential incidents. Correlate data across multiple sources to identify malicious activity and patterns.
• Triage and assess events to determine impact, contain incidents, and drive threat remediation.
• Reverse engineer Windows PE files and other malicious binaries using static and dynamic techniques to uncover capabilities, persistence methods, and indicators of compromise (IOCs).
• Design, develop, and maintain internal tools to support threat triage, correlation, and research (log parsers, incident tracking systems, custom sandboxes, etc.).
• Conduct malware analysis in disassemblers, debuggers, and sandbox environments to understand payloads, infection chains, and evasion techniques.
• Research and track evolving ransomware techniques, publishing findings to improve detection logic and response processes.
• Collaborate closely with Engineering and Customer Success to improve product resilience and ensure smooth customer communication during security events.

Skills and Qualifications

• 5+ years of experience
• Proficiency in malware reversing, with demonstrated expertise in analyzing Windows PE files, unpacking obfuscated samples, and extracting behavioral and static indicators.
• Hands-on experience with Yara, Python, and scripting languages (PowerShell, Batch, Bash/Shell).
• Advanced knowledge of static and dynamic analysis using tools such as IDA Pro, Ghidra, x64dbg, WinDbg, and Cuckoo or similar sandboxes.
• Familiarity with EDR evasion techniques, persistence mechanisms, and exploitation methods.
• Cloud exposure preferred: AWS experience (cloud log analysis, EC2/S3 security, threat hunting in cloud environments).
• Proven track record in cyber threat research, malware analysis, or security operations.
• Strong collaboration and communication skills, with the ability to explain technical findings to both technical and non-technical stakeholders.

Benefits:

• Comprehensive healthcare (medical, dental, and vision) with premiums paid in full for employees and dependents.
• Short and long-term disability coverage, basic life and AD&D insurance plans.
• Medical and dependent care FSA options.
• 401k plan with a generous employer contribution.
• Flexible PTO policy.
• Parental leave.
• Generous equity offerings.