<div class="content-intro"><p><strong data-stringify-type="bold">What we do:</strong><br>Halcyon is the industry’s first dedicated, adaptive security platform that combines multiple proprietary advanced prevention engines along with AI models focused specifically on stopping ransomware.</p><p><strong data-stringify-type="bold">Who we are:</strong><br>Halcyon was formed in 2021 by a team of cyber industry veterans after battling the scourge of ransomware (and advanced threats) for years at some of the largest global security vendors. Comprised of leaders from Cylance (now Blackberry), Accuvant (now Optiv), Fireye and ISS X-Force (now IBM), Halcyon is focused on building products and solutions for mid-market and enterprise customers.</p><p>As a remote-native, completely distributed global team, we recognize great talent can exist anywhere. We invite you to apply to a job you’re interested in and we'll work a plan to meet your needs.</p></div><p><strong><span data-contrast="none">The Role:</span></strong><span data-ccp-props="{}"> </span></p><p><span class="NormalTextRun SCXW230143874 BCX0">Halcy</span><span class="NormalTextRun SCXW230143874 BCX0">on’</span><span class="NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW230143874 BCX0">s missio</span><span class="NormalTextRun SCXW230143874 BCX0">n is </span><span class="NormalTextRun SCXW230143874 BCX0">to</span> <span class="NormalTextRun SCXW230143874 BCX0">empower</span><span class="NormalTextRun SCXW230143874 BCX0"> our customers with a solution t</span><span class="NormalTextRun SCXW230143874 BCX0">hat</span> <span class="NormalTextRun SCXW230143874 BCX0">defeat</span><span class="NormalTextRun SCXW230143874 BCX0">s</span><span class="NormalTextRun SCXW230143874 BCX0"> ransomware</span><span class="NormalTextRun SCXW230143874 BCX0">, </span><span class="NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW230143874 BCX0">mak</span><span class="NormalTextRun SCXW230143874 BCX0">e</span><span class="NormalTextRun SCXW230143874 BCX0">s</span><span class="NormalTextRun SCXW230143874 BCX0"> "ransomware history"</span><span class="NormalTextRun SCXW230143874 BCX0">, and </span><span class="NormalTextRun SCXW230143874 BCX0">ensures</span> <span class="NormalTextRun SCXW230143874 BCX0">operational resilience</span><span class="NormalTextRun SCXW230143874 BCX0">.</span><span class="NormalTextRun SCXW230143874 BCX0"> To support this</span><span class="NormalTextRun SCXW230143874 BCX0"> mission</span><span class="NormalTextRun SCXW230143874 BCX0">, we are </span><span class="NormalTextRun SCXW230143874 BCX0">seeking</span><span class="NormalTextRun SCXW230143874 BCX0"> a highly skilled</span> <span class="NormalTextRun SCXW230143874 BCX0"><strong>Threat Analyst </strong>with deep tec</span><span class="NormalTextRun SCXW230143874 BCX0">hnical </span><span class="NormalTextRun SCXW230143874 BCX0">ex</span><span class="NormalTextRun SCXW230143874 BCX0">pertise</span><span class="NormalTextRun SCXW230143874 BCX0"> in malware reversing</span><span class="NormalTextRun SCXW230143874 BCX0">, </span><span class="NormalTextRun SCXW230143874 BCX0">detection engineering</span><span class="NormalTextRun SCXW230143874 BCX0">, and security operations</span><span class="NormalTextRun SCXW230143874 BCX0">. This role is critical to advancing our detection</span><span class="NormalTextRun SCXW230143874 BCX0">, </span><span class="NormalTextRun SCXW230143874 BCX0">prevention</span><span class="NormalTextRun SCXW230143874 BCX0">, and response </span><span class="NormalTextRun SCXW230143874 BCX0">capabilities, ensuring broad cover</span><span class="NormalTextRun SCXW230143874 BCX0">age of </span><span class="NormalTextRun SCXW230143874 BCX0">e</span><span class="NormalTextRun SCXW230143874 BCX0">merging</span><span class="NormalTextRun SCXW230143874 BCX0"> th</span><span class="NormalTextRun SCXW230143874 BCX0">reats</span><span class="NormalTextRun SCXW230143874 BCX0">, </span><span class="NormalTextRun SCXW230143874 BCX0">elim</span><span class="NormalTextRun SCXW230143874 BCX0">inating</span><span class="NormalTextRun SCXW230143874 BCX0"> false positives</span><span class="NormalTextRun SCXW230143874 BCX0">, and effectively responding to </span><span class="NormalTextRun SCXW230143874 BCX0">these </span><span class="NormalTextRun SCXW230143874 BCX0">threats</span><span class="NormalTextRun SCXW230143874 BCX0">. The right candidate will </span><span class="NormalTextRun SCXW230143874 BCX0">ensure</span> <span class="NormalTextRun SCXW230143874 BCX0">that </span><span class="NormalTextRun SCXW230143874 BCX0">our customers </span><span class="NormalTextRun SCXW230143874 BCX0">are </span><span class="NormalTextRun SCXW230143874 BCX0">kept </span><span class="NormalTextRun SCXW230143874 BCX0">safe from the latest ransomware </span><span class="NormalTextRun SCXW230143874 BCX0">w</span><span class="NormalTextRun SCXW230143874 BCX0">ithout </span><span class="NormalTextRun SCXW230143874 BCX0">im</span><span class="NormalTextRun SCXW230143874 BCX0">pacting</span><span class="NormalTextRun SCXW230143874 BCX0"> legitimate business operations.</span><br> <br><strong><span data-contrast="none">Responsibilities</span></strong></p><ul><li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="none">Monitor and analyze security events to detect, investigate, contain, and escalate potential threats. Correlate data across multiple sources to identify malicious activity and patterns.</span></li><li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Triage and assess events to determine impact, contain incidents, and drive threat remediation.</li><li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Reverse engineer Windows PE files and other malicious binaries using static and dynamic techniques to uncover capabilities, persistence methods, and indicators of compromise (IOCs).</li><li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Design, develop, and maintain internal tools to support threat triage, correlation, and research (log parsers, incident tracking systems, custom sandboxes, etc.).</li><li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Conduct malware analysis in disassemblers, debuggers, and sandbox environments to understand payloads, infection chains, and evasion techniques.</li><li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Research and track evolving ransomware techniques, publishing findings to improve detection logic and response processes.</li><li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Collaborate closely with Customers, Incident Response, Engineering and Customer Success to improve product resilience and ensure smooth customer communication during security events.<span data-ccp-props="{}"> </span></li></ul><p><strong><span data-contrast="none">Skills and Qualifications</span></strong><span data-ccp-props="{}"> </span></p><ul><li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="none">10+ years of combined experience in reverse engineering, detection engineering, threat research, incident response, or security operations related roles.</span></li><li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">High proficiency in <strong><span data-contrast="none">malware reversing</span></strong><span data-contrast="none">, with demonstrated expertise in analyzing </span><strong><span data-contrast="none">Windows PE files</span></strong><span data-contrast="none">, unpacking obfuscated samples, and extracting behavioral and static indicators.</span></li><li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Experience with <strong><span data-contrast="none">Artificial Intelligence / Machine Learning</span></strong><span data-contrast="none"> methodologies and their practical use cases </span><span data-contrast="none">to enhance cybersecurity strategies and operational efficiency.</span></li><li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Hands-on experience with <strong><span data-contrast="none">Yara, Python</span></strong><span data-contrast="none">, and scripting languages (PowerShell, Bash/Shell, Batch).</span></li><li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Advanced knowledge of <strong><span data-contrast="none">static and dynamic analysis</span></strong><span data-contrast="none"> using tools such as IDA Pro, Ghidra, x64dbg, WinDbg, Cuckoo or similar sandboxes.</span></li><li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Familiarity with <strong><span data-contrast="none">EDR evasion techniques</span></strong><span data-contrast="none">, persistence mechanisms, and exploitation methods.</span></li><li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><strong><span data-contrast="none">Cloud Service Provider</span></strong><span data-contrast="none"> experience preferred (cloud log analysis, security, threat hunting in cloud environments).</span></li><li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Proven track record in cyber threat research, malware analysis, or security operations.</li><li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Strong collaboration and communication skills, with the ability to explain technical findings to both technical and non-technical stakeholders.<span data-ccp-props="{}"> </span></li></ul><p><strong><span data-contrast="none">Benefits:</span></strong><span data-ccp-props="{}"> </span></p><p><span data-contrast="none">Halcyon offers the following benefits to eligible employees:</span></p><ul><li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="none">Comprehensive healthcare (medical, dental, and vision) with premiums paid in full for employees and dependents.</span></li><li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">401k plan with a generous employer contribution.</li><li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Short and long-term disability coverage, basic life and AD&D insurance plans.</li><li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Medical and dependent care FSA options.</li><li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Flexible PTO policy.</li><li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Parental leave.</li><li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1">Generous equity offering.<span data-ccp-props="{}"> </span></li></ul><p><span data-contrast="none">The Company reserves the right to modify or change these benefits programs at any time, with or without notice.</span><span data-ccp-props="{}"> </span></p><p><strong><span data-contrast="none">Base Salary Range</span></strong><span data-contrast="none">: $175,000 - $200,000, 10% bonus, and equity.</span></p><div class="content-conclusion"><p>In accordance with applicable state and federal laws, the range provided is Halcyon’s reasonable estimate of the base compensation for this role. The actual amount may differ based on non-discriminatory factors such as experience, knowledge, skills, abilities, and location. Base pay is one part of the total package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and equity in the Company.</p><p><strong>We understand it takes a diverse team of highly intelligent, passionate, curious, and creative people to develop the exceptional product we are building. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity employer.</strong></p></div>