Senior Blockchain Intelligence Analyst, Ransomware

Join TRM as a Senior Blockchain Intelligence Analyst specializing in ransomware. Leverage blockchain analytics and cyber threat intelligence to trace ransomware proceeds and support investigations.

Build a Safer World. TRM Labs provides AI-powered intelligence solutions that help public and private sector agencies investigate and disrupt crime. TRM's platforms enable investigators to trace illicit activity, build cases, and construct operating pictures of threat networks. Leading agencies and businesses worldwide rely on TRM to make the world safer and more secure.

• •Produce impactful finished intelligence on ransomware actors, affiliates, facilitators, and laundering pathways, including actor profiles, lead packages, attribution assessments, and operational reporting suitable for investigative, executive, and partner audiences.
• •Lead complex end-to-end blockchain investigations from initial seed indicators such as victim payment addresses, deposit addresses, transactions, exchange exposure, infrastructure leads, or IP-linked activity through to full attribution and actionable recovery or disruption opportunities.
• •Trace ransomware-related funds across multiple blockchains, bridges, mixers, peel chains, and nested services, identifying controllers, counterparties, cash-out services, and recovery touchpoints.
• •Correlate on-chain activity with OSINT, threat intelligence, attribution partner data, and off-chain identity or infrastructure signals to build a complete picture of adversary behavior within the broader cybercrime ecosystem.
• •Own investigative workstreams from discovery through validation, escalation, and written production, including drafting intelligence products that are source-cited, auditable, and operationally useful.
• •Support TRM’s ransomware asset recovery mission by surfacing high-quality leads, identifying seizure or freeze opportunities, and helping partners move quickly before funds are off-ramped.
• •Drive analytical leadership across active ransomware investigations by prioritizing work, maintaining rigorous standards, and mentoring other analysts without formal people management responsibilities.
• •Partner closely with internal and external stakeholders, including investigators, threat intelligence teammates, product teams, and public-sector or private-sector partners, to ensure analytical outputs reflect real investigative tradecraft and support cross-functional operations.
• •Help strengthen TRM’s ransomware coverage by contributing new attribution, refining investigative methodologies, and improving repeatable workflows for lead generation and asset recovery support.
• •Support external briefings, customer or partner engagements, and capability-building sessions where ransomware tracing, attribution, and recovery tradecraft must be explained clearly and credibly.

• •A high velocity, high ownership team that expects clarity, follow-through, and impact.
• •Opportunities to experiment and iterate quickly.
• •A collaborative environment with close communication across teams and functions.
• •A pace that rewards urgency, adaptability, and outcomes.
• •The chance to work on meaningful problems and ambitious goals.

• •5-8+ years of professional experience in blockchain intelligence, crypto investigations, cybercrime analysis, threat intelligence, financial crime investigations, or a comparable senior analytical role.
• •Blockchain tracing expertise — Deep hands-on experience tracing funds across multiple blockchains and through laundering or obfuscation techniques such as mixers, chain-hopping, bridges, peel chains, and layered cash-out behavior.
• •Extensive investigative tradecraft — Demonstrated ability to independently run complex investigations and synthesize findings into clear written intelligence products, including investigative assessments, lead packages, fund-flow analysis, and attribution reporting.
• •Ransomware domain expertise — including a deep understanding of the broader cybercrime ecosystem and the relationships among ransomware operators, affiliates, initial access brokers, malware developers, laundering networks, and cash-out services.
• •Excellent written and verbal communication — especially the ability to turn technically complex tracing findings into understandable, actionable intelligence for government and private-sector audiences.
• •Judgment and execution — Strong judgment, curiosity, and the ability to operate effectively in a fast-moving, high-stakes environment where timing matters and outputs must still stand up to scrutiny.
• •AI fluency — Experience leveraging AI tools and large language models (LLMs) to accelerate research, surface insights, and augment analytical workflows, with the ability to critically evaluate AI-generated outputs for accuracy and relevance.
• •US Citizenship required.