×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security

Ransomware Intelligence Analyst

Job in Rexburg, Madison County, Idaho, 83440, USA
Listing for: Framework Ventures
Full Time position
Listed on 2026-06-07
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

What we do:

Halcyon is the industry’s first dedicated, adaptive security platform that combines multiple proprietary advanced prevention engines along with AI models focused specifically on stopping ransomware.

Who we are:

Halcyon was formed in 2021 by a team of cyber industry veterans after battling the scourge of ransomware (and advanced threats) for years at some of the largest global security vendors. Comprised of leaders from Cylance (now Blackberry), Accuvant (now Optiv), Fireye and ISS X-Force (now IBM), Halcyon is focused on building products and solutions for mid-market and enterprise customers. As a remote-native, completely distributed global team, we recognize great talent can exist anywhere.

The Role:

Our newly created Ransomware Research Center is looking for a curious and driven Ransomware Intelligence Analyst to conduct ransomware-focused intelligence and research efforts. In this role, you will track threat actors, understand their tradecraft, map affiliate operations, and analyze cryptocurrency transactions to produce intelligence that protects organizations from extortion, data theft, and operational disruption. This isn’t a role where you’ll be handed a playbook and told to color inside the lines.

You’ll have the autonomy and trust to shape this position and deliverables for success. The role is ideal for an experienced intelligence or threat analyst who is ready to take ownership, bring bold ideas to the table, and see them through to real-world impact.

Responsibilities:
  • Conduct proactive research on Monitor open-source, underground, technical data, and proprietary intelligence sources to track ransomware operations, leaks, and affiliate activity.
  • Drive strategic and operational intelligence analysis of ransomware groups, including actor motivations, affiliate networks, victim targeting, and revenue models.
  • Hunt for threat actor infrastructure, map evolving TTPs for high-impact ransomware families, and track shifts in tooling, access brokers, and extortion techniques.
  • Produce high-impact finished intelligence and deliver briefings for a wide variety of audiences, including executives, information security personnel, customers, media, and the general public.
  • Collaborate across security operations, incident response, and engineering teams to ensure effective integration of data and research into the Halcyon Anti-Ransomware Platform.
  • Maintain working relationships with external partners, law enforcement, and intelligence-sharing alliances to support broader counter-ransomware efforts.
  • Identify opportunities to degrade or disrupt ransomware operations through exposure, disruption, or legal/policy collaboration.
Skills and

Qualifications:
  • 5+ years of experience in cyber threat intelligence, cryptocurrency tracing, digital forensics, or a related role.
  • Bachelor’s degree in Computer Science, Cybersecurity, or Digital Forensics; or Intelligence Analysis, Data Analysis, Applied Math or Statistics, or related degrees with appropriate additional cyber coursework.
  • Deep familiarity with ransomware-as-a-service (RaaS) models, affiliate structures, and the evolution of extortion and data leak tactics.
  • Strong understanding of malware analysis workflows, underground forums, and ransomware payment infrastructure (e.g., crypto tracing, leak site activity).
  • Proficiency with a scripting language (Python preferred) for data collection, transformation, and analysis.
  • Fluency with common open source intelligence (OSINT), cyber threat intelligence, and/or blockchain research tools.
  • Understanding of enrichment sources (e.g., Virus Total, Shodan, Abuse

    IPDB, etc.).
  • Proven ability to integrate intelligence (e.g., structure analytic techniques, Diamond Model) and tracking methodologies (e.g., Mitre ATT&CK, Cyber Kill Chain) to assess cyber threat activity.
  • Strong research and writing skills with a track record of producing high-impact ransomware intelligence reports that connect patterns across technical and non-technical data and context.
  • Exceptional communication skills — both written and verbal — with the ability to brief leadership and influence decision-making.
  • Ability to research independently and then use that…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search