What we do:
Halcyon is the industry’s first dedicated, adaptive security platform that combines multiple proprietary advanced prevention engines along with AI models focused specifically on stopping ransomware.

Who we are:
Halcyon was formed in 2021 by a team of cyber industry veterans after battling the scourge of ransomware (and advanced threats) for years at some of the largest global security vendors. Comprised of leaders from Cylance (now Blackberry), Accuvant (now Optiv), Fireye and ISS X-Force (now IBM), Halcyon is focused on building products and solutions for mid-market and enterprise customers.

As a remote-native, completely distributed global team, we recognize great talent can exist anywhere. We invite you to apply to a job you’re interested in and we'll work a plan to meet your needs.

• Reverse engineer malware and suspicious binaries using both static and dynamic techniques to extract indicators of compromise (IOCs), identify evasion techniques, and map behavior to the ransomware attack chain.
• Monitor and triage security events, identifying malicious activity through data correlation, pattern analysis, and contextual threat enrichment.
• Develop and maintain internal tools and scripts to support threat hunting, triage, and automated analysis workflows (Python, C, C++, shell scripting).
• Analyze and assess PE file structures, obfuscation methods, and payload delivery mechanisms to detect new or evolving threats.
• Collaborate with engineering teams to translate research into detections and product enhancements, and work closely with Customer Success during incident response.
• Contribute to threat intelligence efforts and share actionable findings internally to improve detection and prevention strategies.

• Strong experience in reverse engineering malware using tools such as IDA Pro, Ghidra, x64dbg, WinDbg, or similar.
• Deep understanding of Windows internals, PE file format, and ransomware attack chains.
• Prior experience at an anti-virus (AV) or endpoint security company, or certification in reverse engineering (e.g., GREM, CREA, CRT, OSCE).
• Proficient in one or more development/scripting languages: Python, C, C++.
• Experience developing Yara rules and malware detection signatures.
• Excellent communication skills and ability to clearly convey complex technical findings.
• A passion for staying ahead of adversaries in an ever-evolving threat landscape.

• Experience with kernel-level analysis or rootkit detection.
• Prior research publications or community contributions in malware analysis.
• Experience automating malware analysis pipelines or integrating sandbox results into detection infrastructure.

In accordance with applicable state and federal laws, the range provided is Halcyon’s reasonable estimate of the base compensation for this role. The actual amount may differ based on non-discriminatory factors such as experience, knowledge, skills, abilities, and location. Base pay is one part of the total package that is provided to compensate and recognize employees for their work, and this role may be eligible for additional discretionary bonuses/incentives, and equity in the Company.

We understand it takes a diverse team of highly intelligent, passionate, curious, and creative people to develop the exceptional product we are building. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity employer.