# Security Engineer - Threat Intel **Company**: Anthropic **Location**: New York City, NY; Remote-Friendly (Travel-Required) | San Francisco, CA | Washington, DC; San Francisco, CA | New York City, NY **Work arrangement**: hybrid **Experience**: senior **Job type**: full-time **Salary**: $320,000-$405,000 USD **Category**: Engineering **Industry**: Technology **Wikidata**: https://www.wikidata.org/wiki/Q116758847 **Apply**: https://job-boards.greenhouse.io/anthropic/jobs/5195705008 **Canonical**: https://yubhub.co/jobs/job_21e4422b-13c ## Description As a Threat Intelligence Engineer at Anthropic, you will be a hands-on practitioner responsible for producing actionable intelligence that drives our detections, hunts, and defensive priorities. You will track the adversaries most likely to target a frontier AI lab, build the tooling and pipelines that turn raw indicators into operational defenses, and work shoulder-to-shoulder with detection engineers and incident responders to make sure intelligence actually changes outcomes. Key responsibilities include: - Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector , producing timely, actionable intelligence for Security Engineering stakeholders - Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack - Develop and execute intelligence-driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections - Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals - Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near-real-time - Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships , prioritizing what matters for Anthropic's threat model - Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise - Build and maintain external intelligence-sharing relationships with peer companies, ISACs, and government partners You may be a good fit if you: - Have 5+ years of hands-on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries - Have deep, demonstrable knowledge of specific nation-state or advanced criminal threat actors , their tooling, infrastructure patterns, tradecraft, and targeting - Are a strong engineer: you write production-quality Python (or similar), have built automation and data pipelines, and don't need to hand requirements to someone else to get tooling built - Are comfortable performing malware analysis, infrastructure analysis (passive DNS, certificate pivoting, netflow), and log analysis to develop and validate your own findings - Have experience authoring detection logic (YARA, Sigma, Snort/Suricata, or SIEM-native queries) and understand what makes a detection durable vs. brittle - Can write clearly and concisely , your intelligence products are read and acted on, not filed away - Have an existing network in the threat intelligence community and a track record of productive bidirectional sharing Strong candidates may have: - Experience defending cloud-native and research-heavy environments (AWS/GCP, Kubernetes, ML infrastructure, developer tooling and supply chain) - Prior work operating in a threat intelligence role tracking sophisticated or state-sponsored adversaries, where your analysis directly informed detection, threat hunting, and incident response - Experience applying LLMs or other AI tooling to accelerate intelligence collection, enrichment, and analysis - Public research, conference talks, or open-source tooling contributions in the CTI space ## Skills ### Required - Python - Cyber threat intelligence - Threat hunting - Intrusion analysis - Malware analysis - Infrastructure analysis - Log analysis - Detection logic - YARA - Sigma - Snort/Suricata - SIEM-native queries ### Nice to have - Cloud-native environments - Research-heavy environments - Kubernetes - ML infrastructure - Developer tooling and supply chain - LLMs or other AI tooling