openashbyhqbvp
Senior Blockchain Intelligence Analyst, Ransomware
TRM Labs
LocationUnited States
WorkplaceRemote
EmploymentFullTime
Posted2026-06-27T00:08:32.128+00:00
Last observed2026-06-29 00:42:41.151660
Job idbvp-trm-labs:ashbyhq:f6e96bdf-5535-4d92-8ee0-593364cf2baf
BUILD A SAFER WORLD. TRM Labs provides AI-powered intelligence solutions that help public and private sector agencies investigate and disrupt crime. TRM's platforms enable investigators to trace illicit activity, build cases, and construct operating pictures of threat networks. Leading agencies and businesses worldwide rely on TRM to make the world safer and more secure. ABOUT THE ROLE: We're looking for a Senior Blockchain Intelligence Analyst to operate as a high-judgment, high-autonomy individual contributor specializing in ransomware. In this role, you'll leverage blockchain analytics, cyber threat intelligence, and cryptocurrency attribution to trace ransomware proceeds, identify threat actor infrastructure, and generate actionable intelligence that supports investigations, disruption efforts, and evidentiary workflows. This is not a people-management role. We're looking for an experienced analyst who can independently lead complex investigations, develop high-confidence assessments, uncover novel attribution, and elevate the team's tradecraft through technical expertise, mentorship, and example. You should be equally comfortable tracing funds across blockchains, identifying laundering and cash-out infrastructure, correlating technical, financial, and behavioral signals, and synthesizing fragmented data into clear, defensible intelligence that enables internal and external partners to make informed operational decisions. The Impact You Will Have: - Produce impactful finished intelligence on ransomware actors, affiliates, facilitators, and laundering pathways, including actor profiles, lead packages, attribution assessments, and operational reporting suitable for investigative, executive, and partner audiences. - Lead complex end-to-end blockchain investigations from initial seed indicators such as victim payment addresses, deposit addresses, transactions, exchange exposure, infrastructure leads, or IP-linked activity through to full attribution and actionable recovery or disruption opportunities. - Trace ransomware-related funds across multiple blockchains, bridges, mixers, peel chains, and nested services, identifying controllers, counterparties, cash-out services, and recovery touchpoints. - Correlate on-chain activity with OSINT, threat intelligence, attribution partner data, and off-chain identity or infrastructure signals to build a complete picture of adversary behavior within the broader cybercrime ecosystem. - Own investigative workstreams from discovery through validation, escalation, and written production, including drafting intelligence products that are source-cited, auditable, and operationally useful. - Support TRM’s ransomware asset recovery mission by surfacing high-quality leads, identifying seizure or freeze opportunities, and helping partners move quickly before funds are off-ramped. - Drive analytical leadership across active ransomware investigations by prioritizing work, maintaining rigorous standards, and mentoring other analysts without formal people management responsibilities. - Partner closely with internal and external stakeholders, including investigators, threat intelligence teammates, product teams, and public-sector or private-sector partners, to ensure analytical outputs reflect real investigative tradecraft and support cross-functional operations. - Help strengthen TRM’s ransomware coverage by contributing new attribution, refining investigative methodologies, and improving repeatable workflows for lead generation and asset recovery support. - Support external briefings, customer or partner engagements, and capability-building sessions where ransomware tracing, attribution, and recovery tradecraft must be explained clearly and credibly. WHAT SUCCESS LOOKS LIKE: - You generate meaningful attribution, investigative leads, and recovery opportunities in ransomware cases where the answers are not obvious and the financial trail is deliberately obscured. - You consistently produce finished int
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.