About The Position

As a Lead Cyber Threat Intelligence Analyst, you will conduct ad hoc investigations, time sensitive blockchain analysis for our partners, and develop solutions that allow TRM to scale rapidly and effectively. You will collaborate with an experienced team of blockchain intelligence experts, engineers, and data scientists to deliver cutting-edge support to TRM's clients.

Requirements

  • 8+ years of experience in cyber threat intelligence, intelligence analysis, incident-driven investigations, or a closely related analytical field, with at least 1+ years of experience in a people lead/manager role.
  • Demonstrated experience producing finished intelligence products such as actor profiles, campaign reports, attribution assessments, or infrastructure mapping.
  • Deep familiarity with cyber investigations, infrastructure attribution, campaign analysis, and actor profiling.
  • Strong OSINT instincts and the ability to resolve identities, aliases, and behavior across fragmented sources.
  • The ability to connect technical findings to financial infrastructure, including wallets, laundering paths, sanctions exposure, or identity-linked leads when relevant to the investigation.
  • Excellent judgment about analytical confidence, evidentiary strength, and what can or cannot be defended in a report, referral, or operational setting.
  • A track record of leading complex investigations, improving workflows, and helping other analysts do better work.
  • Excellent written and verbal communication skills, with the ability to package findings for technical and non-technical audiences alike.
  • Comfort operating in a fast-paced environment where priorities can change quickly and ambiguity is normal.
  • AI fluency is required. AI tools should be a meaningful part of your research, synthesis, and workflow acceleration toolkit, with strong human quality control over the resulting output.

Responsibilities

  • Produce finished cyber threat intelligence, including actor profiles, campaign reports, IOC packages, infrastructure attributions, and evidence-ready analytical outputs.
  • Act as a senior analytical lead across multiple active actors and campaigns at once, helping prioritize work, improve quality, and coach other analysts.
  • Lead complex investigations from seed indicators such as domains, IPs, hashes, aliases, or wallets through to attributed actors, clusters, or campaign pictures.
  • Correlate technical indicators with OSINT, identity signals, infrastructure patterns, and financial-rail activity to build a fuller understanding of adversary behavior.
  • Triage large indicator sets, cluster infrastructure, and turn fragmented signals into clear, defensible findings that stakeholders can act on immediately.
  • Support incident responders, threat hunters, investigators, leadership, and external partners with timely, high-confidence intelligence products and briefings.
  • Help evaluate and operationalize new analytical tooling by pressure-testing it on real workflows and identifying where it meaningfully reduces analyst effort.
  • Contribute to better investigation workflows, analytic standards, and repeatable methods that increase analyst throughput without sacrificing rigor.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service