The Role:
Halcyon is redefining what modern security products can achieve, focusing on disrupting the ransomware economy through innovative, prevention-first technology. We’re seeking an experienced Reverse Engineer with a strong background in malware analysis, security research, and anti-virus technologies to help us stay ahead of emerging threats. This individual will play a key role in refining detection accuracy, expanding coverage, and contributing to the next generation of anti-ransomware defense.
Responsibilities:
- Reverse engineer malware and suspicious binaries using both static and dynamic techniques to extract indicators of compromise (IOCs), identify evasion techniques, and map behavior to the ransomware attack chain.
- Monitor and triage security events, identifying malicious activity through data correlation, pattern analysis, and contextual threat enrichment.
- Develop and maintain internal tools and scripts to support threat hunting, triage, and automated analysis workflows (Python, C, C++, shell scripting).
- Analyze and assess PE file structures, obfuscation methods, and payload delivery mechanisms to detect new or evolving threats.
- Collaborate with engineering teams to translate research into detections and product enhancements, and work closely with Customer Success during incident response.
- Contribute to threat intelligence efforts and share actionable findings internally to improve detection and prevention strategies.
Minimum Qualifications:
- Strong experience in reverse engineering malware using tools such as IDA Pro, Ghidra, x64dbg, WinDbg, or similar.
- Deep understanding of Windows internals, PE file format, and ransomware attack chains.
- Prior experience at an anti-virus (AV) or endpoint security company, or certification in reverse engineering (e.g., GREM, CREA, CRT, OSCE).
- Proficient in one or more development/scripting languages: Python, C, C++.
- Experience developing Yara rules and malware detection signatures.
- Excellent communication skills and ability to clearly convey complex technical findings.
- A passion for staying ahead of adversaries in an ever-evolving threat landscape.
Bonus Points:
- Experience with kernel-level analysis or rootkit detection.
- Prior research publications or community contributions in malware analysis.
- Experience automating malware analysis pipelines or integrating sandbox results into detection infrastructure.
