Cyber Threat Analyst

About Us 

Chainlink Labs is one of the primary contributing developers of Chainlink, the industry-standard oracle platform bringing the capital markets onchain and powering the majority of decentralized finance. The Chainlink stack provides the essential data, interoperability, compliance, and privacy standards needed to power advanced blockchain use cases for institutional tokenized assets, Decentralized Finance (DeFi), payments, stablecoins, and more. Many of the world’s largest financial services institutions have also adopted Chainlink’s standards and infrastructure, including Swift, Euroclear, Mastercard, Fidelity International, UBS, ANZ, Aave, GMX, Lido, and many others.

Chainlink Labs is a world-class team of over 600 developers, researchers, and capital markets experts, and has ranked among Fortune's Best Workplaces in Technology, Fortune's Best Medium Workplace, and the Top 100 Global Most Loved Workplaces. Learn more at chain.link or chainlinklabs.com.

The Cyber Threat Analyst is responsible for conducting cyber threat intelligence analysis with a strong technical emphasis on infrastructure pivoting, malware analysis, and detection engineering in alignment with Chainlink Labs’ vision and objectives. The Analyst will play a critical role in proactively identifying, analyzing, and mitigating sophisticated cyber threats, dissecting malware and adversary techniques, conducting technical threat research, and developing detection methodologies to enhance security posture.

• Proactively track malicious infrastructure, hunt for new malware samples, and adversary tools to identify new adversary tooling, detection opportunities, and mitigation strategies.

• Create precise detection rules (e.g., YARA, Sigma) and develop custom tools and scripts to identify malicious activity proactively.

• Conduct deep-dive intelligence analysis and investigations related to suspicious activity and attempted attacks.

• Serve as an SME for malware reverse engineering, with a focus on ARM binaries.

• Maintain a working knowledge of adversarial tactics and techniques, and how they are being used to achieve current objectives.

• Collaborate with and support the investigations of other Cybersecurity Operations and Information Security teams.

• At least two years of experience in cyber threat analysis or threat investigations.

• Demonstrated a high-level understanding of recent cyber trends, campaigns, incidents, and threat actor groups.

• Familiarity with Vertex Synapse and its Storm scripting language or experience with similar intelligence analysis tools.

• Real-life experience in detection engineering, including using SIEMs and writing effective detection rules in YARA or Sigma.

• Experience using technical data sources like file repositories, passive DNS, or internet service scans for threat research purposes.

• Understanding of network protocols such as HTTP, DNS, TLS.

• Prior experience with automated malware sandboxes to analyze malicious samples and identify detection opportunities. Proficiency with reverse engineering tools, such as Binary Ninja and Ghidra.

• In-depth understanding of threats targeting the blockchain ecosystem, especially in relation to their tools and tradecraft, and how web2 threats affect web3 systems.

• Proven track record of building and maintaining logging, analysis, or enrichment pipelines, preferred languages include Python, Rust or Golang.

• Excellent verbal and written communication skills with prior experience in presenting research findings to internal and external stakeholders.

• Understanding of structured analytic techniques to help mitigate bias in analysis.

All roles with Chainlink Labs are global and remote-based. Unless otherwise stated, we ask that you try to overlap some working hours with Eastern Standard Time (EST).

We carefully review all applications and aim to provide a response to every candidate within two weeks after the job posting closes. The closing date is listed on the job advert, so we encourage you to take the time to thoughtfully prepare your application. We want to fully consider your experience and skills, and you will hear from us regarding the status of your application shortly after the closing date.

Commitment to Equal Opportunity

Chainlink Labs is an equal opportunity employer. All qualified applicants will receive equal consideration for employment in compliance with applicable laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us via this form.

Global Data Privacy Notice for Job Candidates and Applicants

Information collected and processed as part of your Chainlink Labs Careers profile, and any job applications you choose to submit is subject to our Privacy Policy. By submitting your application, you are agreeing to our use and processing of your data as required.