Security Engineer - Threat Intel

About the Role:

Anthropic sits at the frontier of AI development, making us a prime target for nation-state and advanced criminal actors. As a Threat Intelligence Engineer, you'll produce actionable intelligence that drives our detections, hunts, and defensive priorities.

Responsibilities:

• Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector
• Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack
• Develop and execute intelligence-driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections
• Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals
• Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near-real-time
• Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships
• Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise
• Build and maintain external intelligence-sharing relationships with peer companies, ISACs, and government partners

You may be a good fit if you:

• Have 5+ years of hands-on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries
• Have deep, demonstrable knowledge of specific nation-state or advanced criminal threat actors
• Are a strong engineer with experience writing production-quality Python and building automation and data pipelines
• Are comfortable performing malware analysis, infrastructure analysis, and log analysis
• Have experience authoring detection logic and understanding what makes a detection durable vs. brittle
• Can write clearly and concisely
• Have an existing network in the threat intelligence community

Strong candidates may have:

• Experience defending cloud-native and research-heavy environments
• Prior work operating in a threat intelligence role tracking sophisticated or state-sponsored adversaries
• Experience applying LLMs or other AI tooling to accelerate intelligence collection, enrichment, and analysis
• Public research, conference talks, or open-source tooling contributions in the CTI space

Logistics

• Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience
• Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience
• Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position
• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time
• Visa sponsorship: We do sponsor visas!