Reverse Engineer

The Role:
 Halcyon is redefining what modern security products can achieve, focusing on disrupting the ransomware economy through innovative, prevention-first technology. We’re seeking an experienced Reverse Engineer with a strong background in malware analysis, security research, and anti-virus technologies to help us stay ahead of emerging threats. This individual will play a key role in refining detection accuracy, expanding coverage, and contributing to the next generation of anti-ransomware defense.

Responsibilities:

• Reverse engineer malware and suspicious binaries using both static and dynamic techniques to extract indicators of compromise (IOCs), identify evasion techniques, and map behavior to the ransomware attack chain.
• Monitor and triage security events, identifying malicious activity through data correlation, pattern analysis, and contextual threat enrichment.
• Develop and maintain internal tools and scripts to support threat hunting, triage, and automated analysis workflows (Python, C, C++, shell scripting).
• Analyze and assess PE file structures, obfuscation methods, and payload delivery mechanisms to detect new or evolving threats.
• Collaborate with engineering teams to translate research into detections and product enhancements, and work closely with Customer Success during incident response.
• Contribute to threat intelligence efforts and share actionable findings internally to improve detection and prevention strategies.

Minimum Qualifications:

• Strong experience in reverse engineering malware using tools such as IDA Pro, Ghidra, x64dbg, WinDbg, or similar.
• Deep understanding of Windows internals, PE file format, and ransomware attack chains.
• Prior experience at an anti-virus (AV) or endpoint security company, or certification in reverse engineering (e.g., GREM, CREA, CRT, OSCE).
• Proficient in one or more development/scripting languages: Python, C, C++.
• Experience developing Yara rules and malware detection signatures.
• Excellent communication skills and ability to clearly convey complex technical findings.
• A passion for staying ahead of adversaries in an ever-evolving threat landscape.

Bonus Points:

• Experience with kernel-level analysis or rootkit detection.
• Prior research publications or community contributions in malware analysis.
• Experience automating malware analysis pipelines or integrating sandbox results into detection infrastructure.