[Remote] Threat Intelligence Analyst, Finanical Networks

Note: The job is a remote job and is open to candidates in USA. TRM Labs is a company dedicated to building a safer world through AI-powered intelligence solutions. As a Threat Intelligence Analyst focused on Financial Networks, you will analyze and report on threat actors using both traditional financial systems and cryptocurrency to disrupt illicit activities.

Responsibilities

• Develop novel collection strategies and analytic methodologies to surface threat actor activity that isn't visible through conventional tooling or open databases
• Conduct proactive threat hunting across on-chain and off-chain data sources to identify emerging illicit networks before they're widely known
• Map financial networks used for sanctions evasion — including commodity flows, corporate ownership structures, and offshore financial centers — and connect them to on-chain activity
• Track, analyze, and report on threat actors, campaigns, and illicit networks that operate across both traditional financial infrastructure and the crypto ecosystem
• Identify and assess adversary TTPs, infrastructure, and behavior to support detection and attribution efforts
• Leverage OSINT and other intelligence methods to uncover hidden threats and generate actionable insights
• Produce high-quality intelligence that reaches law enforcement and government partners worldwide
• Collaborate with data, engineering, and product teams to enhance TRM's intelligence capabilities
• Be a leading voice on how adversaries exploit the intersection of traditional finance and crypto to move illicit value

Skills

• Proven experience in threat intelligence, cyber intelligence, or national security intelligence roles (this is not an entry-level position)
• A track record of generating net-new intelligence — developing original hypotheses, pursuing non-obvious investigative threads, and surfacing findings that others miss
• Working knowledge of blockchain and cryptocurrency — including how transactions work, on-chain tracing concepts, and the role of crypto in financial crime (e.g., ransomware, sanctions evasion, darknet markets)
• Demonstrated ability to analyze corporate ownership structures, beneficial ownership, and cross-border fund flows — including how adversaries use trade finance, commodity flows, and offshore financial centers to move value
• Experience tracking threat actors, nation-state activity, or sanctioned entities — including analysis of TTPs, infrastructure, and financial behavior to support attribution
• Strong analytical and communication skills with the ability to produce clear, actionable intelligence reports with high intelligence tradecraft standards
• Ability to collaborate cross-functionally with technical and non-technical stakeholders
• Comfort operating in ambiguous, low-signal environments where the analytic path forward has to be constructed, not followed — and the ownership mindset to drive it independently
• Hands-on experience with blockchain analysis tools (e.g., Chainalysis Reactor, TRM, Elliptic) or formal cryptocurrency investigation experience
• Relevant certifications (e.g., GIAC, CEH, Chainalysis Reactor Certification) or background in cybersecurity, intelligence, or investigations
• Fluency in Russian, Chinese (Mandarin or Cantonese), or Farsi, with the ability to conduct research and analysis in that language, is strongly preferred and may be required in some cases
• Background in sanctions enforcement, financial intelligence, or corporate investigations is strongly preferred

Company Overview

Company H1B Sponsorship