About The Position

TRM Labs provides AI-powered intelligence solutions that help public and private sector agencies investigate and disrupt crime. TRM's platforms enable investigators to trace illicit activity, build cases, and construct operating pictures of threat networks. Leading agencies and businesses worldwide rely on TRM to make the world safer and more secure. We're looking for a Senior Blockchain Intelligence Analyst to operate as a high-judgment, high-autonomy individual contributor specializing in ransomware. In this role, you'll leverage blockchain analytics, cyber threat intelligence, and cryptocurrency attribution to trace ransomware proceeds, identify threat actor infrastructure, and generate actionable intelligence that supports investigations, disruption efforts, and evidentiary workflows. This is not a people-management role. We're looking for an experienced analyst who can independently lead complex investigations, develop high-confidence assessments, uncover novel attribution, and elevate the team's tradecraft through technical expertise, mentorship, and example. You should be equally comfortable tracing funds across blockchains, identifying laundering and cash-out infrastructure, correlating technical, financial, and behavioral signals, and synthesizing fragmented data into clear, defensible intelligence that enables internal and external partners to make informed operational decisions.

Requirements

  • 5-8+ years of professional experience in blockchain intelligence, crypto investigations, cybercrime analysis, threat intelligence, financial crime investigations, or a comparable senior analytical role.
  • Blockchain tracing expertise — Deep hands-on experience tracing funds across multiple blockchains and through laundering or obfuscation techniques such as mixers, chain-hopping, bridges, peel chains, and layered cash-out behavior.
  • Extensive investigative tradecraft — Demonstrated ability to independently run complex investigations and synthesize findings into clear written intelligence products, including investigative assessments, lead packages, fund-flow analysis, and attribution reporting.
  • Ransomware domain expertise — including a deep understanding of the broader cybercrime ecosystem and the relationships among ransomware operators, affiliates, initial access brokers, malware developers, laundering networks, and cash-out services.
  • Excellent written and verbal communication — especially the ability to turn technically complex tracing findings into understandable, actionable intelligence for government and private-sector audiences.
  • Judgment and execution — Strong judgment, curiosity, and the ability to operate effectively in a fast-moving, high-stakes environment where timing matters and outputs must still stand up to scrutiny.
  • AI fluency — Experience leveraging AI tools and large language models (LLMs) to accelerate research, surface insights, and augment analytical workflows, with the ability to critically evaluate AI-generated outputs for accuracy and relevance.
  • US Citizenship required

Nice To Haves

  • Experience in government, national security, law enforcement, incident response, or mature private-sector investigative or threat intelligence programs.
  • Familiarity with OSINT, cybercrime infrastructure research, and cross-domain analytical methods that combine blockchain activity with off-chain signals and adversary behavior.
  • Comfort with modern investigative tooling, including AI and structured data environments such as TRM, Maltego, Palantir, or similar platforms.
  • Experience conducting HUMINT collection and engaging threat actors via dark web forums and encrypted messaging platforms.
  • Experience mentoring peers, shaping analytical standards, or improving investigative workflows without formal people management.
  • Advanced practitioner-level knowledge of crypto forensics concepts such as manual demixing, smart contracts, bridges, Ethereum- and TRON-based investigations, and OSINT-based data extraction.
  • Recognized subject matter depth, broader organizational influence, and a track record of shaping methodology or high-priority investigative strategy beyond individual case execution.

Responsibilities

  • Produce impactful finished intelligence on ransomware actors, affiliates, facilitators, and laundering pathways, including actor profiles, lead packages, attribution assessments, and operational reporting suitable for investigative, executive, and partner audiences.
  • Lead complex end-to-end blockchain investigations from initial seed indicators such as victim payment addresses, deposit addresses, transactions, exchange exposure, infrastructure leads, or IP-linked activity through to full attribution and actionable recovery or disruption opportunities.
  • Trace ransomware-related funds across multiple blockchains, bridges, mixers, peel chains, and nested services, identifying controllers, counterparties, cash-out services, and recovery touchpoints.
  • Correlate on-chain activity with OSINT, threat intelligence, attribution partner data, and off-chain identity or infrastructure signals to build a complete picture of adversary behavior within the broader cybercrime ecosystem.
  • Own investigative workstreams from discovery through validation, escalation, and written production, including drafting intelligence products that are source-cited, auditable, and operationally useful.
  • Support TRM’s ransomware asset recovery mission by surfacing high-quality leads, identifying seizure or freeze opportunities, and helping partners move quickly before funds are off-ramped.
  • Drive analytical leadership across active ransomware investigations by prioritizing work, maintaining rigorous standards, and mentoring other analysts without formal people management responsibilities.
  • Partner closely with internal and external stakeholders, including investigators, threat intelligence teammates, product teams, and public-sector or private-sector partners, to ensure analytical outputs reflect real investigative tradecraft and support cross-functional operations.
  • Help strengthen TRM’s ransomware coverage by contributing new attribution, refining investigative methodologies, and improving repeatable workflows for lead generation and asset recovery support.
  • Support external briefings, customer or partner engagements, and capability-building sessions where ransomware tracing, attribution, and recovery tradecraft must be explained clearly and credibly.

Benefits

  • AI fluency is a baseline expectation at TRM.
  • We believe AI meaningfully changes how top performers operate. We expect every team member to use AI to accelerate and reimagine their craft, not just automate surface tasks.
  • At TRM, AI fluency means you are among the top 10 percent of operators in your function in how you apply AI to: Accelerate repeatable workflows, Structure and solve problems, Improve output quality, Increase speed and leverage.
  • You will be evaluated on applied AI fluency during the interview process.
  • We hire and grow against three leadership principles. They’re the standards for how we operate, treat each other, and make decisions.
  • Impact-Oriented Trailblazer: We put customers first and move with speed, focus, and adaptability. We treat every plan like an experiment – test, ship, measure, and iterate quickly.
  • Master Craftsperson: We care deeply about our craft. We balance speed with high standards, own outcomes end‑to‑end, and invest in getting better everyday.
  • Inspiring Colleague: We add clarity and energy, not noise. We bring humility, candor, and a one‑team mindset — giving and receiving feedback to make the team stronger.
  • TRM is a Series C company with $220M in total funding, backed by Blockchain Capital, Goldman Sachs, Bessemer, Y Combinator, Thoma Bravo, and others.
  • Headquartered in San Francisco, TRM operates as a distributed-first company with hubs in Los Angeles, San Francisco, New York, Washington D.C., London, and Singapore.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service