Cyber Threat Analyst

Chainlink Labs is seeking a Cyber Threat Analyst to conduct cyber threat intelligence analysis. The Analyst will play a critical role in proactively identifying, analyzing, and mitigating sophisticated cyber threats, dissecting malware and adversary techniques, conducting technical threat research, and developing detection methodologies to enhance security posture.

Overview

Department

Job type

Full time

Compensation

Salary not specified

Location

United States

Resume Assistance

See how well your resume matches this job role with our AI-powered score. By uploading your resume, you agree to our Terms of Service

Click to upload

or drag and drop

pdf, doc, or docx (max. 10MB)

Ready to apply?

You're one step away - it takes less than a minute to upload your resume

About Us

Chainlink Labs is one of the primary contributing developers of Chainlink, the industry-standard oracle platform bringing the capital markets onchain and powering the majority of decentralized finance. The Chainlink stack provides the essential data, interoperability, compliance, and privacy standards needed to power advanced blockchain use cases for institutional tokenized assets, Decentralized Finance (DeFi), payments, stablecoins, and more. Many of the world’s largest financial services institutions have also adopted Chainlink’s standards and infrastructure, including Swift, Euroclear, Mastercard, Fidelity International, UBS, ANZ, Aave, GMX, Lido, and many others.Chainlink Labs is a world-class team of over 600 developers, researchers, and capital markets experts, and has ranked amongFortune's Best Workplaces in Technology,Fortune's Best Medium Workplace, and theTop 100 Global Most Loved Workplaces. Learn more atchain.linkorchainlinklabs.com.

Your Impact

Proactively track malicious infrastructure, hunt for new malware samples, and adversary tools to identify new adversary tooling, detection opportunities, and mitigation strategies.

Create precise detection rules (e.g., YARA, Sigma) and develop custom tools and scripts to identify malicious activity proactively.

Conduct deep-dive intelligence analysis and investigations related to suspicious activity and attempted attacks.

Serve as an SME for malware reverse engineering, with a focus on ARM binaries.

Maintain a working knowledge of adversarial tactics and techniques, and how they are being used to achieve current objectives.

Collaborate with and support the investigations of other Cybersecurity Operations and Information Security teams.

Requirements

At least two years of experience in cyber threat analysis or threat investigations.

Demonstrated a high-level understanding of recent cyber trends, campaigns, incidents, and threat actor groups.

Familiarity with Vertex Synapse and its Storm scripting language or experience with similar intelligence analysis tools.

Real-life experience in detection engineering, including using SIEMs and writing effective detection rules in YARA or Sigma.

Experience using technical data sources like file repositories, passive DNS, or internet service scans for threat research purposes.

Understanding of network protocols such as HTTP, DNS, TLS.

Prior experience with automated malware sandboxes to analyze malicious samples and identify detection opportunities. Proficiency with reverse engineering tools, such as Binary Ninja and Ghidra.

Preferred Requirements

In-depth understanding of threats targeting the blockchain ecosystem, especially in relation to their tools and tradecraft, and how web2 threats affect web3 systems.

Proven track record of building and maintaining logging, analysis, or enrichment pipelines, preferred languages include Python, Rust or Golang.

Excellent verbal and written communication skills with prior experience in presenting research findings to internal and external stakeholders.

Understanding of structured analytic techniques to help mitigate bias in analysis.

All roles with Chainlink Labs are global and remote-based. Unless otherwise stated, we ask that you try to overlap some working hours with Eastern Standard Time (EST).

We carefully review all applications and aim to provide a response to every candidate within two weeks after the job posting closes. The closing date is listed on the job advert, so we encourage you to take the time to thoughtfully prepare your application. We want to fully consider your experience and skills, and you will hear from us regarding the status of your application shortly after the closing date.

Chainlink Labs is an equal opportunity employer. All qualified applicants will receive equal consideration for employment in compliance with applicable laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us via thisform.

Information collected and processed as part of your Chainlink Labs Careers profile, and any job applications you choose to submit is subject to ourPrivacy Policy. By submitting your application, you are agreeing to our use and processing of your data as required.