Cyber Threat Intelligence Analyst in London

Build a Safer World. TRM Labs provides AI-powered intelligence solutions that help public and private sector agencies investigate and disrupt crime. TRM's platforms enable investigators to trace illicit activity, build cases, and construct operating pictures of threat networks. Leading agencies and businesses worldwide rely on TRM to make the world safer and more secure.

About the role: As a Cyber Threat Intelligence Analyst, you will conduct ad hoc investigations, time-sensitive blockchain analysis for our partners, and contribute to investigative methods and workflows that help TRM scale rapidly and effectively. You will collaborate closely with blockchain intelligence experts, engineers, and data scientists to deliver high-confidence analytical support to TRM’s partners and internal teams.

The impact you will have:

• Produce finished cyber threat intelligence, including actor profiles, campaign reports, IOC packages, infrastructure attributions, and evidence-ready analytical outputs.
• Act as an analyst across multiple active actors and campaigns at once, helping improve quality, share tradecraft, and informally support other analysts through strong analytical execution.
• Assist in complex investigations from seed indicators such as domains, IPs, hashes, aliases, or wallets through to attributed actors, clusters, or campaign pictures.
• Correlate technical indicators with OSINT, identity signals, infrastructure patterns, and financial-rail activity to build a fuller understanding of adversary behaviour.
• Triage large indicator sets, cluster infrastructure, and turn fragmented signals into clear, defensible findings that stakeholders can act on immediately.
• Support incident responders, threat hunters, investigators, and partner-facing teams with timely, high-confidence intelligence products and briefings.
• Help evaluate new analytical tooling by pressure-testing it on real workflows and identifying where it meaningfully reduces analyst effort or improves output quality.
• Contribute to stronger investigation workflows, analytic standards, and repeatable methods that improve analyst throughput without sacrificing rigor.

What we're looking for:

• 3+ years of experience in cyber threat intelligence, intelligence analysis, incident-driven investigations, or a closely related analytical field.
• Demonstrated experience producing finished intelligence products such as actor profiles, campaign reports, attribution assessments, or infrastructure mapping.
• Deep familiarity with cyber investigations, infrastructure attribution, campaign analysis, and actor profiling.
• Strong OSINT instincts and the ability to resolve identities, aliases, and behaviour across fragmented sources.
• The ability to connect technical findings to financial infrastructure, including wallets, laundering paths, sanctions exposure, or identity-linked leads when relevant to the investigation.
• Excellent judgment about analytical confidence, evidentiary strength, and what can or cannot be defended in a report, referral, or operational setting.
• A track record of independently driving complex investigations, improving workflows, and elevating the quality of analytical work around you.
• Excellent written and verbal communication skills, with the ability to package findings for technical and non-technical audiences alike.
• Comfort operating in a fast-paced environment where priorities can change quickly and ambiguity is normal.
• AI fluency is required. AI tools should be a meaningful part of your research, synthesis, and workflow acceleration toolkit, with strong human quality control over the resulting output.

About the Team: TRM's intelligence and investigations work combines national-security-grade tradecraft with deep analytical workflows across cyber, OSINT, and blockchain-enabled threat activity. This role sits at the intersection of intelligence production, investigations, and product-informed tradecraft, helping ensure TRM’s analytical capabilities remain operationally relevant, scalable, and high-quality across multiple use cases and stakeholders. The team is best suited for someone who can independently drive complex analytical work, collaborate effectively across functions, and take a long-term, intentional approach to improving how investigations are done across the broader organization.

Distributed team with an async-first approach via Slack and Notion, plus structured syncs for alignment. High autonomy, high standards, low bureaucracy — work directly with analysts, engineers, and customers who depend on your output.

Team Operating Rhythms:

• Weekly team syncs to align targeting priorities and review disruption opportunities.
• Daily async standups via Slack on active work, returns, and target packages in flight.
• Primary time zone overlap: US Eastern / Central.
• All output documented in Notion and TRM’s investigative tools.
• Surge availability expected during time-sensitive disruption windows.

Life at TRM: We are building a safer world. That promise shows up in how we work every day. TRM moves quickly. We are a high velocity, high ownership team that expects clarity, follow-through, and impact. People who thrive here are energized by hard problems, experimentation, and continuous feedback. If something takes months elsewhere, it will ship here in days.

Our work sits at the intersection of AI, national security, and fighting crime. The problems are complex, the stakes are real, and the environment evolves quickly. The pace and intensity of the work reflect the importance of the mission. As a result, the way we operate requires a high level of ownership, adaptability, collaboration, and creative problem-solving.

At TRM, you should expect:

• Priorities and targets to change quickly as we experiment and iterate.
• Work that often requires operating with a high degree of ambiguity.
• A high level of personal ownership and accountability.
• Close collaboration across teams and functions.
• Frequent, high-touch communication.
• Creative problem solving and out-of-the-box thinking.
• A pace that rewards urgency, adaptability, and outcomes.

This environment is energising for people who enjoy building, solving hard problems, and making progress in situations that are not always fully defined. It also requires comfort navigating ambiguity, adjusting course as new information emerges, and maintaining focus and positivity in a fast-moving and intense environment.

We also recognise that this style of operating is not for everyone. If you are primarily optimising for predictability or a consistently balanced workload, we encourage you to use the interview process to pressure test whether this environment is truly the right fit. We want teammates who thrive here, not just survive here.

At the same time, many people find this work deeply rewarding. If you are excited by meaningful problems, motivated by ambitious goals, and energised by working alongside mission-driven colleagues, there is a good chance you will find TRM to be an exceptional place to grow and contribute.

AI Fluency at TRM: AI fluency is a baseline expectation at TRM. We believe AI meaningfully changes how top performers operate. We expect every team member to use AI to accelerate and reimagine their craft, not just automate surface tasks.

At TRM, AI fluency means you are among the top 10 percent of operators in your function in how you apply AI to:

• Accelerate repeatable workflows.
• Structure and solve problems.
• Improve output quality.
• Increase speed and leverage.

You will be evaluated on applied AI fluency during the interview process.