Senior/Staff Security Engineer, Threat Intelligence en Anthropic

Híbrido - Zürich, CH

Postularse
Más vacantes en Anthropic

This role is for a Senior/Staff Security Engineer focused on Threat Intelligence at Anthropic, based in Zürich, Switzerland. The position is hybrid and full‑time. Responsibilities include researching threat actors and campaigns targeting AI labs, building and maintaining tooling and automated pipelines for intelligence collection and operationalization, executing intelligence‑driven threat hunts across multiple telemetry sources, performing technical analysis of malware and infrastructure, partnering with detection engineering and incident response, curating inbound intelligence, contributing to threat models and risk assessments, and building external intelligence‑sharing relationships. Candidates should have hands‑on experience in cyber threat intelligence, threat hunting, or intrusion analysis, deep knowledge of nation‑state or advanced criminal threat actors, strong engineering skills with production‑quality Python, experience with malware analysis and infrastructure analysis, and experience authoring detection logic. The role offers competitive compensation and benefits, including optional equity donation matching, generous vacation and parental leave, flexible working hours, and a supportive office environment.

Requirements

Skills

  • Hands‑on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries
  • Deep, demonstrable knowledge of specific nation‑state or advanced criminal threat actors — their tooling, infrastructure patterns, tradecraft, and targeting
  • Strong engineering skills: production‑quality Python (or similar), built automation and data pipelines, able to build tooling end‑to‑end
  • Comfortable performing malware analysis, infrastructure analysis (passive DNS, certificate pivoting, netflow), and log analysis
  • Experience authoring detection logic (YARA, Sigma, Snort/Suricata, or SIEM‑native queries) and understanding what makes a detection durable
  • Clear and concise writing skills
  • Existing network in the threat intelligence community and experience sharing intelligence productively
  • Experience defending cloud‑native and research‑heavy environments (AWS/GCP, Kubernetes, ML infrastructure, developer tooling and supply chain)
  • Prior work in a threat intelligence role tracking sophisticated or state‑sponsored adversaries, with analysis informing detection, threat hunting, and incident response
  • Experience applying LLMs or other AI tooling to accelerate intelligence collection, enrichment, and analysis
  • Public research, conference talks, or open‑source tooling contributions in the CTI space

Responsibilities

  • Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector — producing timely, actionable intelligence for Security Engineering stakeholders
  • Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack
  • Develop and execute intelligence‑driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections
  • Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals
  • Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near‑real‑time
  • Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships — prioritizing what matters for Anthropic's threat model
  • Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise
  • Build and maintain external intelligence‑sharing relationships with peer companies, ISACs, and government partners

Technologies

Pythonautomationdata pipelinesmalware analysispassive DNScertificate pivotingnetflowlog analysisYARASigmaSnortSuricataSIEM-native queriesAWSGCPKubernetesML infrastructuredeveloper toolingsupply chainLLMsAI tooling

Compartir vacante

Descubre si tu currículum está listo para esta vacante

Mira cómo nuestra IA puede optimizar tu currículum y aumentar tus chances en este puesto.