Senior Threat Intelligence Analyst, Crypto

• Develop novel collection strategies and analytic methodologies to surface threat actor activity that isn't visible through conventional tooling or open databases
• Conduct proactive threat hunting across on-chain and off-chain data sources to identify emerging illicit networks before they're widely known
• Track, analyze, and report on threat actors, campaigns, and illicit networks operating in the crypto ecosystem
• Identify and assess adversary TTPs, infrastructure, and behavior to support detection and attribution efforts
• Leverage OSINT and other intelligence methods to uncover hidden threats and generate actionable insights
• Produce high-quality intelligence that reaches law enforcement and government partners worldwide
• Collaborate with data, engineering, and product teams to enhance TRM's intelligence capabilities
• Be a leading voice on the illicit use of crypto and blockchain technologies, * Our team values open communication and a collaborative work environment, where feedback and ideas are encouraged from all members.
• We prioritize flexibility and adaptability, ensuring that everyone stays aligned through regular check-ins and progress updates. Operating with a strong focus on shared goals, we work together to meet deadlines while supporting individual growth and innovation.
• We are a globally distributed team that leans heavily on asynchronous communication. While we aim for ~3-4 hours of overlap with the Pacific Time Zone, schedules are flexible and may occasionally adjust to support team collaboration., We hire and grow against three leadership principles. They're the standards for how we operate, treat each other, and make decisions.
• Impact-Oriented Trailblazer: We put customers first and move with speed, focus, and adaptability. We treat every plan like an experiment - test, ship, measure, and iterate quickly.
• Master Craftsperson: We care deeply about our craft. We balance speed with high standards, own outcomes end-to-end, and invest in getting better everyday.
• Inspiring Colleague: We add clarity and energy, not noise. We bring humility, candor, and a one-team mindset - giving and receiving feedback to make the team stronger., By submitting your application, you are agreeing to allow TRM to process your personal information in accordance with the TRM Privacy Policy.

Our typical hiring cycles for specialized roles span 24 to 36 months. Accordingly, we retain your personal information for up to 36 months to evaluate your application and to consider you for current and future employment opportunities, unless you request earlier deletion or a different retention period is required or permitted by law.

To notify TRM Labs that you believe this job posting is non-compliant, please submit a report through this form. No response will be provided to inquiries unrelated to job posting compliance.

The use of AI tools of any kind (including but not limited to notetakers, interview assistants, and real-time coaching tools such as Otter.ai, Fireflies, Fathom, Cluey, or similar) during TRM interviews is not permitted without prior approval from TRM. TRM uses its own internal tools for note-taking to ensure a consistent and confidential experience for all candidates.

We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made via this form.

• Proven experience in threat intelligence, cyber intelligence, or national security intelligence roles (this is not an entry-level position)
• Fluency in Russian, Chinese (Mandarin or Cantonese), or Arabic, with the ability to conduct research and analysis in that language, is strongly preferred and may be required in some cases. Please specify your language proficiency and any relevant experience in your application.
• A track record of generating net-new intelligence - developing original hypotheses, pursuing non-obvious investigative threads, and surfacing findings that others miss
• Working knowledge of blockchain and cryptocurrency - including how transactions work, on-chain tracing concepts, and the role of crypto in financial crime (e.g., ransomware, sanctions evasion, darknet markets)
• Experience tracking threat actors, cybercrime groups, or nation-state activity - including analysis of TTPs, infrastructure, and behavioral patterns to support attribution
• Strong analytical and communication skills with the ability to produce clear, actionable intelligence reports with high intelligence tradecraft standards.
• Ability to collaborate cross-functionally with technical and non-technical stakeholders
• Comfort operating in ambiguous, low-signal environments where the analytic path forward has to be constructed, not followed - and the ownership mindset to drive it independently
• Hands-on experience with blockchain analysis tools (e.g., Chainalysis Reactor, TRM, Elliptic) or formal cryptocurrency investigation experience
• Relevant certifications (e.g., GIAC, CEH, Chainalysis Reactor Certification) or background in cybersecurity, intelligence, or investigations, * Utilizes sound judgment and the 80/20 principle to drive rapid, high-impact outcomes.
• Demonstrates the ability to iterate quickly in response to evolving threat landscapes.
• Leverages creative problem-solving to ensure prompt and effective threat actor engagement to acquire attribution within 24 hours.
• Employs a diverse set of methodologies to scale and optimize threat intelligence production for customer needs within 72 hours., * Priorities and targets to change quickly as we experiment and iterate
• Work that often requires operating with a high degree of ambiguity
• A high level of personal ownership and accountability
• Close collaboration across teams and functions
• Frequent, high-touch communication
• Creative problem solving and out-of-the-box thinking
• A pace that rewards urgency, adaptability, and outcomes

This environment is energizing for people who enjoy building, solving hard problems, and making progress in situations that are not always fully defined. It also requires comfort navigating ambiguity, adjusting course as new information emerges, and maintaining focus and positivity in a fast-moving and intense environment.

We also recognize that this style of operating is not for everyone. If you are primarily optimizing for predictability or a consistently balanced workload, we encourage you to use the interview process to pressure test whether this environment is truly the right fit. We want teammates who thrive here, not just survive here.

At the same time, many people find this work deeply rewarding. If you are excited by meaningful problems, motivated by ambitious goals, and energized by working alongside mission-driven colleagues, there is a good chance you will find TRM to be an exceptional place to grow and contribute. Learn more: Interviewing at TRM: How We Hire and What Success Looks Like

TRM Labs provides AI-powered intelligence solutions that help public and private sector agencies investigate and disrupt crime. TRM's platforms enable investigators to trace illicit activity, build cases, and construct operating pictures of threat networks. Leading agencies and businesses worldwide rely on TRM to make the world safer and more secure., TRM moves quickly. We are a high velocity, high ownership team that expects clarity, follow-through, and impact. People who thrive here are energized by hard problems, experimentation, and continuous feedback. If something takes months elsewhere, it will ship here in days., We believe AI meaningfully changes how top performers operate. We expect every team member to use AI to accelerate and reimagine their craft, not just automate surface tasks. At TRM, AI fluency means you are among the top 10 percent of operators in your function in how you apply AI to: * Accelerate repeatable workflows * Structure and solve problems * Improve output quality * Increase speed and leverage You will be evaluated on applied AI fluency during the interview process., At TRM we care deeply about our craft. We are looking for individuals who want their work to matter, who experiment with speed and rigor, and who take pride in building a safer world for billions of people. If you're excited by TRM's mission but don't check every box, we encourage you to apply - we hire for slope, judgment, and the will to learn fast. TRM is a Series C company with $220M in total funding, backed by Blockchain Capital, Goldman Sachs, Bessemer, Y Combinator, Thoma Bravo, and others. Headquartered in San Francisco, TRM operates as a distributed-first company with hubs in Los Angeles, San Francisco, New York, Washington D.C., London, and Singapore., TRM Labs does not accept unsolicited agency resumes. Please do not forward resumes to TRM employees. TRM Labs is not responsible for any fees related to unsolicited resumes and will not pay fees to any third-party agency or company without a signed agreement.