FreeHire

trmlabs

Staff Cyber Threat Intelligence Analyst

Show

Build a Safer World.

TRM Labs provides AI-powered intelligence solutions that help public and private sector agencies investigate and disrupt crime. TRM's platforms enable investigators to trace illicit activity, build cases, and construct operating pictures of threat networks. Leading agencies and businesses worldwide rely on TRM to make the world safer and more secure.

About the role:

As a Staff Cyber Threat Intelligence Analyst, you will conduct high-complexity investigations, support time-sensitive blockchain analysis for our partners, and shape investigative methods, workflows, and analytical capabilities that allow TRM to scale rapidly and effectively.

You will collaborate with blockchain intelligence experts, engineers, and data scientists to raise the quality, repeatability, and operational relevance of TRM’s cyber threat intelligence capabilities.

The impact you will have:

  • Produce finished cyber threat intelligence, including actor profiles, campaign reports, IOC packages, infrastructure attributions, and evidence-ready analytical outputs.

  • Act as a staff-level analytical leader across multiple active actors and campaigns at once, raising quality, shaping standards, and coaching other analysts through exemplary tradecraft and judgment.

  • Drive the highest-complexity investigations from seed indicators such as domains, IPs, hashes, aliases, or wallets through to attributed actors, clusters, or campaign pictures, and codify the methods others can reuse.

  • Correlate technical indicators with OSINT, identity signals, infrastructure patterns, and financial-rail activity to build a fuller understanding of adversary behavior.

  • Triage large indicator sets, cluster infrastructure, and turn fragmented signals into clear, defensible findings while improving the repeatability and rigor of how this work is done across the team.

  • Support incident responders, threat hunters, investigators, leadership, and external partners with timely, high-confidence intelligence products and briefings, especially where judgment, prioritization, and ambiguity are unusually high.

  • Evaluate and operationalize new analytical tooling by pressure-testing it on real workflows and identifying where it meaningfully reduces analyst effort, improves quality, or creates reusable leverage across investigations.

  • Drive better investigation workflows, analytic standards, and repeatable methods that increase analyst throughput without sacrificing rigor.

  • Partner across intelligence, engineering, and data science to translate investigative tradecraft into scalable analytical capabilities and product-informed improvements.

What we're looking for:

  • 8+ years of experience in cyber threat intelligence, intelligence analysis, incident-driven investigations, or a closely related analytical field.

  • Demonstrated experience producing finished intelligence products such as actor profiles, campaign reports, attribution assessments, or infrastructure mapping.

  • Deep expertise in cyber investigations, infrastructure attribution, campaign analysis, and actor profiling, including the ability to set a high bar for analytical rigor in these areas.

  • Strong OSINT instincts and the ability to resolve identities, aliases, and behavior across fragmented sources.

  • The ability to connect technical findings to financial infrastructure, including wallets, laundering paths, sanctions exposure, or identity-linked leads when relevant to the investigation.

  • Excellent judgment about analytical confidence, evidentiary strength, and what can or cannot be defended in a report, referral, or operational setting, including the ability to guide others on those standards.

  • A track record of leading complex investigations, improving workflows, shaping analytical standards, and raising the quality of work beyond your own cases.

  • Excellent written and verbal communication skills, with the ability to package findings for technical and non-technical audiences alike.

  • Comfort operating in a fast-paced environment where priorities can change quickly and ambiguity is normal.

  • AI fluency is required. AI tools should be a meaningful part of your research, synthesis, and workflow acceleration toolkit, with strong human quality control over the resulting output.

About the Team:

  • TRM's intelligence and investigations work combines national-security-grade tradecraft with deep analytical workflows across cyber, OSINT, and blockchain-enabled threat activity.

  • This role sits at the intersection of intelligence production, investigations, and product-informed tradecraft, helping ensure TRM’s analytical capabilities remain operationally relevant, scalable, and high-quality across multiple use cases and stakeholders.

  • Distributed team with an async-first approach via Slack and Notion, plus structured syncs for alignment

  • High autonomy, high standards, low bureaucracy — work directly with analysts, engineers, and customers who depend on your output

Team Operating Rhythms:

  • Weekly team syncs to align targeting priorities and review disruption opportunities

  • Daily async standups via Slack on active work, returns, and target packages in flight

  • Primary time zone overlap: US Eastern / Central

  • All output documented in Notion and TRM’s investigative tools

  • Surge availability expected during time-sensitive disruption windows

Learn about TRM Speed in this position:

  • Move quickly from a single lead or indicator to an initial analytical picture while the signal is still operationally useful.

  • Support partners and internal teams on time-sensitive issues where fast, defensible judgment matters more than perfect information.

  • Continuously adapt your tradecraft as adversaries, data sources, and analytical tooling evolve.

Life at TRM

We are building a safer world. That promise shows up in how we work every day.

TRM moves quickly. We are a high velocity, high ownership team that expects clarity, follow-through, and impact. People who thrive here are energized by hard problems, experimentation, and continuous feedback. If something takes months elsewhere, it will ship here in days.

Our work sits at the intersection of AI, national security, and fighting crime. The problems are complex, the stakes are real, and the environment evolves quickly. The pace and intensity of the work reflect the importance of the mission. As a result, the way we operate requires a high level of ownership, adaptability, collaboration, and creative problem-solving.

At TRM, you should expect:

  • Priorities and targets to change quickly as we experiment and iterate

  • Work that often requires operating with a high degree of ambiguity

  • A high level of personal ownership and accountability

  • Close collaboration across teams and functions

  • Frequent, high-touch communication

  • Creative problem solving and out-of-the-box thinking

  • A pace that rewards urgency, adaptability, and outcomes

This environment is energizing for people who enjoy building, solving hard problems, and making progress in situations that are not always fully defined. It also requires comfort navigating ambiguity, adjusting course as new information emerges, and maintaining focus and positivity in a fast-moving and intense environment.

We also recognize that this style of operating is not for everyone. If you are primarily optimizing for predictability or a consistently balanced workload, we encourage you to use the interview process to pressure test whether this environment is truly the right fit. We want teammates who thrive here, not just survive here.

At the same time, many people find this work deeply rewarding. If you are excited by meaningful problems, motivated by ambitious goals, and energized by working alongside mission-driven colleagues, there is a good chance you will find TRM to be an exceptional place to grow and contribute. Learn more: Interviewing at TRM: How We Hire and What Success Looks Like

AI Fluency at TRM

AI fluency is a baseline expectation at TRM.

We believe AI meaningfully changes how top performers operate. We expect every team member to use AI to accelerate and reimagine their craft, not just automate surface tasks.

At TRM, AI fluency means you are among the top 10 percent of operators in your function in how you apply AI to:

  • Accelerate repeatable workflows

  • Structure and solve problems

  • Improve output quality

  • Increase speed and leverage

You will be evaluated on applied AI fluency during the interview process.

Leadership Principles

We hire and grow against three leadership principles. They’re the standards for how we operate, treat each other, and make decisions.

  • Impact-Oriented Trailblazer: We put customers first and move with speed, focus, and adaptability. We treat every plan like an experiment – test, ship, measure, and iterate quickly.

  • Master Craftsperson: We care deeply about our craft. We balance speed with high standards, own outcomes end‑to‑end, and invest in getting better everyday.

  • Inspiring Colleague: We add clarity and energy, not noise. We bring humility, candor, and a one‑team mindset — giving and receiving feedback to make the team stronger.

Join our Mission

At TRM we care deeply about our craft. We are looking for individuals who want their work to matter, who experiment with speed and rigor, and who take pride in building a safer world for billions of people. If you’re excited by TRM’s mission but don’t check every box, we encourage you to apply — we hire for slope, judgment, and the will to learn fast.

TRM is a Series C company with $220M in total funding, backed by Blockchain Capital, Goldman Sachs, Bessemer, Y Combinator, Thoma Bravo, and others. Headquartered in San Francisco, TRM operates as a distributed-first company with hubs in Los Angeles, San Francisco, New York, Washington D.C., London, and Singapore.

Privacy Policy and Additional Information

By submitting your application, you agree to allow TRM Labs to process your personal information in accordance with our Privacy Policy.

We collect the information you provide (such as your resume, work history, and contact details) solely for the purpose of evaluating your candidacy for current and future roles at TRM.

Because our hiring cycles for certain positions may span 24 to 36 months, we retain your personal information for up to 36 months from the date of your application. After that period, your data is deleted unless a different retention period is required or permitted by law.

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with applicable data protection laws, you have the right to access, correct, or request deletion of your personal data at any time before that period ends. To exercise any of these rights, contact us at privacy@trmlabs.com.

To notify TRM Labs that you believe this job posting is non-compliant, please submit a report through this form. No response will be provided to inquiries unrelated to job posting compliance.

The use of AI tools of any kind (including but not limited to notetakers, interview assistants, and real-time coaching tools such as Otter.ai, Fireflies, Fathom, Cluey, or similar) during TRM interviews is not permitted without prior approval from TRM. TRM uses its own internal tools for note-taking to ensure a consistent and confidential experience for all candidates.

We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made via this form.

Recruitment agencies

TRM Labs does not accept unsolicited agency resumes. Please do not forward resumes to TRM employees. TRM Labs is not responsible for any fees related to unsolicited resumes and will not pay fees to any third-party agency or company without a signed agreement.

Learn More: Company Values | Interviewing | FAQs