Detection Content Lead

About the Role
Halcyon's goal is to deliver an anti-ransomware solution that breaks new ground in what a security product can achieve. We're hiring a Detection Content Lead to own and scale our security content operations, starting with kernel drivers, file analysis, and certificate management. This is a player-coach role where you'll do hands-on content work while building the team and systems needed for growth.

Responsibilities

Content Operations Development

• Drive security content decisions for kernel drivers, file classifications, and certificate validations with direct hands-on analysis
• Build and optimize content validation pipelines balancing automation with appropriate human oversight
• Establish quality assurance processes that maintain high accuracy while meeting rapid response requirements
• Design content workflows that can scale from individual contributor work to team-based operations
  
  Team Building Leadership
• Start as individual contributor and build team to 2-5 people within 12 months
• Collaborate with adjacent security teams to leverage existing expertise during ramp-up
• Establish training programs and operational playbooks for content specializations
• Evaluate and redesign existing processes where improvements can drive efficiency
  
  Technical Architecture Integration
• Design and implement content management workflows across multiple security content types
• Build monitoring and alerting systems for content performance and false positive detection
• Create escalation procedures for high-risk content decisions and incident response
• Establish metrics and SLAs for content delivery and quality standards
  
  Required Technical Skills
• 5-10 years in cybersecurity operations, threat analysis, or security product development
• Deep expertise in at least 2-3 of the following areas:
  -Kernel driver analysis and Windows system internals
  -File analysis, malware classification, and static/dynamic analysis techniques
  -Digital certificates and certificate validation workflows
  -Network intelligence, IP reputation, and DNS-based threat detection
  -Behavioral detection and signature development
  -Experience designing and implementing technical workflows and automation
  -Strong understanding of ransomware TTPs and defensive countermeasures
  -Proven ability to make rapid technical decisions while maintaining quality standards
  -Experience building or scaling technical teams from the ground up
  
  Bonus Technical Skills

• Previous experience in anti-malware, EDR, or endpoint security products
• Experience with threat intelligence platforms (MISP, ThreatConnect, etc.)
• Knowledge of SOAR platforms and security orchestration
• Published research or tools in file analysis or threat detection
• Relevant certifications (CISSP, GCIH, GCFA, SANS)

Why Join Us?

• Own the detection content strategy for cutting-edge ransomware protection technology
• Start hands-on and grow into team leadership with clear growth trajectory
• Collaborate with threat research, engineering, and product teams to shape product capabilities
• Freedom to redesign and optimize processes for maximum impact
• Build the foundation for detection content operations that will scale with the company

Benefits:

• Comprehensive healthcare (medical, dental, and vision) with premiums paid in full for employees and dependents.
• 401k plan with a generous employer contribution.
• Short and long-term disability coverage, basic life, and ADD insurance plans.
• Medical and dependent care FSA options.
• Flexible PTO policy.
• Parental leave.
• Generous equity offering.

The Company reserves the right to modify or change these benefits programs at any time, with or without notice.​

Base Salary Range: $220k-$250k + 10% bonus + equity