TRM Labs provides AI-powered intelligence solutions that help public and private sector agencies investigate and disrupt crime. TRM's platforms enable investigators to trace illicit activity, build cases, and construct operating pictures of threat networks. Leading agencies and businesses worldwide rely on TRM to make the world safer and more secure.
We're looking for a Senior Blockchain Intelligence Analyst to operate as a high-judgment, high-autonomy individual contributor specializing in ransomware. In this role, you'll leverage blockchain analytics, cyber threat intelligence, and cryptocurrency attribution to trace ransomware proceeds, identify threat actor infrastructure, and generate actionable intelligence that supports investigations, disruption efforts, and evidentiary workflows.
This is not a people-management role. We're looking for an experienced analyst who can independently lead complex investigations, develop high-confidence assessments, uncover novel attribution, and elevate the team's tradecraft through technical expertise, mentorship, and example.
You should be equally comfortable tracing funds across blockchains, identifying laundering and cash-out infrastructure, correlating technical, financial, and behavioral signals, and synthesizing fragmented data into clear, defensible intelligence that enables internal and external partners to make informed operational decisions.
The Impact You Will Have:
Produce impactful finished intelligence on ransomware actors, affiliates, facilitators, and laundering pathways, including actor profiles, lead packages, attribution assessments, and operational reporting suitable for investigative, executive, and partner audiences.
Lead complex end-to-end blockchain investigations from initial seed indicators such as victim payment addresses, deposit addresses, transactions, exchange exposure, infrastructure leads, or IP-linked activity through to full attribution and actionable recovery or disruption opportunities.
Trace ransomware-related funds across multiple blockchains, bridges, mixers, peel chains, and nested services, identifying controllers, counterparties, cash-out services, and recovery touchpoints.
Correlate on-chain activity with OSINT, threat intelligence, attribution partner data, and off-chain identity or infrastructure signals to build a complete picture of adversary behavior within the broader cybercrime ecosystem.
Own investigative workstreams from discovery through validation, escalation, and written production, including drafting intelligence products that are source-cited, auditable, and operationally useful.
Support TRM’s ransomware asset recovery mission by surfacing high-quality leads, identifying seizure or freeze opportunities, and helping partners move quickly before funds are off-ramped.
Drive analytical leadership across active ransomware investigations by prioritizing work, maintaining rigorous standards, and mentoring other analysts without formal people management responsibilities.
Partner closely with internal and external stakeholders, including investigators, threat intelligence teammates, product teams, and public-sector or private-sector partners, to ensure analytical outputs reflect real investigative tradecraft and support cross-functional operations.
Help strengthen TRM’s ransomware coverage by contributing new attribution, refining investigative methodologies, and improving repeatable workflows for lead generation and asset recovery support.
Support external briefings, customer or partner engagements, and capability-building sessions where ransomware tracing, attribution, and recovery tradecraft must be explained clearly and credibly.
You generate meaningful attribution, investigative leads, and recovery opportunities in ransomware cases where the answers are not obvious and the financial trail is deliberately obscured.
You consistently produce finished intelligence that partners trust and use in operational, investigative, and strategic contexts.
Your work helps TRM and its partners move faster on high-priority ransomware activity without sacrificing rigor, auditability, or defensibility.
You improve team capability by mentoring peers, refining tradecraft, and strengthening repeatable workflows for ransomware investigations and asset recovery support.
You help make blockchain-enabled financial intelligence a differentiator in how TRM understands, attributes, and disrupts ransomware activity across the cybercrime ecosystem.
5-8+ years of professional experience in blockchain intelligence, crypto investigations, cybercrime analysis, threat intelligence, financial crime investigations, or a comparable senior analytical role.
Blockchain tracing expertise — Deep hands-on experience tracing funds across multiple blockchains and through laundering or obfuscation techniques such as mixers, chain-hopping, bridges, peel chains, and layered cash-out behavior.
Extensive investigative tradecraft — Demonstrated ability to independently run complex investigations and synthesize findings into clear written intelligence products, including investigative assessments, lead packages, fund-flow analysis, and attribution reporting.
Ransomware domain expertise — including a deep understanding of the broader cybercrime ecosystem and the relationships among ransomware operators, affiliates, initial access brokers, malware developers, laundering networks, and cash-out services.
Excellent written and verbal communication — especially the ability to turn technically complex tracing findings into understandable, actionable intelligence for government and private-sector audiences.
Judgment and execution — Strong judgment, curiosity, and the ability to operate effectively in a fast-moving, high-stakes environment where timing matters and outputs must still stand up to scrutiny.
AI fluency — Experience leveraging AI tools and large language models (LLMs) to accelerate research, surface insights, and augment analytical workflows, with the ability to critically evaluate AI-generated outputs for accuracy and relevance.
US Citizenship required
Experience in government, national security, law enforcement, incident response, or mature private-sector investigative or threat intelligence programs.
Familiarity with OSINT, cybercrime infrastructure research, and cross-domain analytical methods that combine blockchain activity with off-chain signals and adversary behavior.
Comfort with modern investigative tooling, including AI and structured data environments such as TRM, Maltego, Palantir, or similar platforms.
Experience conducting HUMINT collection and engaging threat actors via dark web forums and encrypted messaging platforms.
Experience mentoring peers, shaping analytical standards, or improving investigative workflows without formal people management.
Advanced practitioner-level knowledge of crypto forensics concepts such as manual demixing, smart contracts, bridges, Ethereum- and TRON-based investigations, and OSINT-based data extraction.
Recognized subject matter depth, broader organizational influence, and a track record of shaping methodology or high-priority investigative strategy beyond individual case execution.
Weekly team syncs to align targeting priorities and review disruption opportunities
Daily async standups via Slack on active work, returns, and target packages in flight
Primary time zone overlap: US Eastern / Central
All output documented in Notion and TRM’s investigative tools
Surge availability expected during time-sensitive disruption windows
We are building a safer world. That promise shows up in how we work every day.
TRM moves quickly. We are a high velocity, high ownership team that expects clarity, follow-through, and impact. People who thrive here are energized by hard problems, experimentation, and continuous feedback. If something takes months elsewhere, it will ship here in days.
Our work sits at the intersection of AI, national security, and fighting crime. The problems are complex, the stakes are real, and the environment evolves quickly. The pace and intensity of the work reflect the importance of the mission. As a result, the way we operate requires a high level of ownership, adaptability, collaboration, and creative problem-solving.
At TRM, you should expect:
Priorities and targets to change quickly as we experiment and iterate
Work that often requires operating with a high degree of ambiguity
A high level of personal ownership and accountability
Close collaboration across teams and functions
Frequent, high-touch communication
Creative problem solving and out-of-the-box thinking
A pace that rewards urgency, adaptability, and outcomes
This environment is energizing for people who enjoy building, solving hard problems, and making progress in situations that are not always fully defined. It also requires comfort navigating ambiguity, adjusting course as new information emerges, and maintaining focus and positivity in a fast-moving and intense environment.
We also recognize that this style of operating is not for everyone. If you are primarily optimizing for predictability or a consistently balanced workload, we encourage you to use the interview process to pressure test whether this environment is truly the right fit. We want teammates who thrive here, not just survive here.
At the same time, many people find this work deeply rewarding. If you are excited by meaningful problems, motivated by ambitious goals, and energized by working alongside mission-driven colleagues, there is a good chance you will find TRM to be an exceptional place to grow and contribute. Learn more: Interviewing at TRM: How We Hire and What Success Looks Like
AI fluency is a baseline expectation at TRM.
We believe AI meaningfully changes how top performers operate. We expect every team member to use AI to accelerate and reimagine their craft, not just automate surface tasks.
At TRM, AI fluency means you are among the top 10 percent of operators in your function in how you apply AI to:
Accelerate repeatable workflows
Structure and solve problems
Improve output quality
Increase speed and leverage
You will be evaluated on applied AI fluency during the interview process.
We hire and grow against three leadership principles. They’re the standards for how we operate, treat each other, and make decisions.
Impact-Oriented Trailblazer: We put customers first and move with speed, focus, and adaptability. We treat every plan like an experiment – test, ship, measure, and iterate quickly.
Master Craftsperson: We care deeply about our craft. We balance speed with high standards, own outcomes end‑to‑end, and invest in getting better everyday.
Inspiring Colleague: We add clarity and energy, not noise. We bring humility, candor, and a one‑team mindset — giving and receiving feedback to make the team stronger.
At TRM we care deeply about our craft. We are looking for individuals who want their work to matter, who experiment with speed and rigor, and who take pride in building a safer world for billions of people. If you’re excited by TRM’s mission but don’t check every box, we encourage you to apply — we hire for slope, judgment, and the will to learn fast.
TRM is a Series C company with $220M in total funding, backed by Blockchain Capital, Goldman Sachs, Bessemer, Y Combinator, Thoma Bravo, and others. Headquartered in San Francisco, TRM operates as a distributed-first company with hubs in Los Angeles, San Francisco, New York, Washington D.C., London, and Singapore.
By submitting your application, you agree to allow TRM Labs to process your personal information in accordance with our Privacy Policy.
We collect the information you provide (such as your resume, work history, and contact details) solely for the purpose of evaluating your candidacy for current and future roles at TRM.
Because our hiring cycles for certain positions may span 24 to 36 months, we retain your personal information for up to 36 months from the date of your application. After that period, your data is deleted unless a different retention period is required or permitted by law.
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with applicable data protection laws, you have the right to access, correct, or request deletion of your personal data at any time before that period ends. To exercise any of these rights, contact us at privacy@trmlabs.com.
To notify TRM Labs that you believe this job posting is non-compliant, please submit a report through this form. No response will be provided to inquiries unrelated to job posting compliance.
The use of AI tools of any kind (including but not limited to notetakers, interview assistants, and real-time coaching tools such as Otter.ai, Fireflies, Fathom, Cluey, or similar) during TRM interviews is not permitted without prior approval from TRM. TRM uses its own internal tools for note-taking to ensure a consistent and confidential experience for all candidates.
We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made via this form.
TRM Labs does not accept unsolicited agency resumes. Please do not forward resumes to TRM employees. TRM Labs is not responsible for any fees related to unsolicited resumes and will not pay fees to any third-party agency or company without a signed agreement.
CodersBrain
CodersBrain
CodersBrain
CodersBrain
Dwolla
TRM Labs
TRM Labs
TRM Labs
