What we do:
Halcyon is the industry’s first dedicated, adaptive security platform that combines multiple proprietary advanced prevention engines along with AI models focused specifically on stopping ransomware.
Who we are:
Halcyon was formed in 2021 by a team of cyber industry veterans after battling the scourge of ransomware (and advanced threats) for years at some of the largest global security vendors. Comprised of leaders from Cylance (now Blackberry), Accuvant (now Optiv), Fireye and ISS X-Force (now IBM), Halcyon is focused on building products and solutions for mid-market and enterprise customers.
As a remote-native, completely distributed global team, we recognize great talent can exist anywhere. We invite you to apply to a job you’re interested in and we'll work a plan to meet your needs.
We're developing a sophisticated security alert management system for enterprise environments. The system integrates with the Halcyon security platform to process, analyze, and facilitate the triage of security alerts. Our solution helps security teams efficiently categorize threats, distinguish between true and false positives, and maintain appropriate response protocols.
We're seeking an experienced Python developer with a strong background in security operations to join our team. This role involves enhancing and maintaining a critical security alert processing and triage system that security analysts rely on daily to identify and respond to potential threats.
Develop, maintain, and enhance Python-based security alert processing systems
Implement integrations with security APIs including VirusTotal and Halcyon's security platform
Design and improve user interfaces for security alert triage via Slack interfaces
Create and maintain secure database operations for alert storage and tracking
Implement automated threat classification and scoring mechanisms
Optimize alert processing workflows to reduce analyst fatigue and improve response times
Collaborate with security operations teams to ensure system effectiveness
7+ years of Python development experience, particularly with API integrations
Experience with security platforms and security alert management
Familiarity with threat intelligence concepts and security operations workflows
Knowledge of database systems (particularly SQLite) and SQL query optimization
Understanding of RESTful API design and consumption
Experience with asynchronous programming and multi-threading in Python
Ability to work with JSON data structures and API responses
Experience with Slack API integrations and interactive message components
Knowledge of security tooling (VirusTotal, YARA rules, etc.)
Understanding of malware analysis and classifications
Familiarity with container technologies (Docker, Kubernetes)
Experience with cloud security concepts and platforms
Security certifications (CISSP, OSCP, Security+, etc.)
Experience with Flask or other lightweight web frameworks
You'll be working with:
Python 3.x
SQLite for database operations
RESTful APIs (Halcyon, VirusTotal, etc.)
Slack API for interactive alerts
JSON data processing
GitHub for version control
YARA rules for threat detection
Flask for web service components
This system handles the following key functions:
Processing incoming security alerts from various sources
Enriching alerts with threat intelligence data
Presenting critical alert information to security analysts
Facilitating informed decision-making on alert triage (true positive/false positive)
Maintaining records of alert dispositions and analyst notes
Automating routine alert handling based on established patterns
Generating reports on alert trends and analyst activities
In accordance with applicable state and federal laws, the range provided is Halcyon’s reasonable estimate of the base compensation for this role. The actual amount may differ based on non-discriminatory factors such as experience, knowledge, skills, abilities, and location. Base pay is one part of the total package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and equity in the Company.
We understand it takes a diverse team of highly intelligent, passionate, curious, and creative people to develop the exceptional product we are building. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity employer.
