Anthropic’s Threat Intelligence function within the Detection & Response team is tasked with identifying, analyzing, and operationalizing threats to AI labs and infrastructure. The role blends deep technical engineering with threat hunting, requiring production‑grade Python skills, advanced malware and infrastructure analysis, and the ability to craft durable detection logic. The engineer works closely with detection engineers and incident responders, building automated pipelines and fostering external threat‑sharing relationships to keep Anthropic’s defenses ahead of sophisticated adversaries.
Security Engineer - Threat Intel at Anthropic
Hybrid - San Francisco, CA
More jobs at AnthropicSalary
USD 320,000 - 405,000
Requirements
Skills
- 5+ years of hands‑on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries
- Deep, demonstrable knowledge of specific nation‑state or advanced criminal threat actors — their tooling, infrastructure patterns, tradecraft, and targeting
- Strong engineering skills: write production‑quality Python (or similar), build automation and data pipelines, and develop tooling independently
- Comfortable performing malware analysis, infrastructure analysis (passive DNS, certificate pivoting, netflow), and log analysis to develop and validate findings
- Experience authoring detection logic (YARA, Sigma, Snort/Suricata, or SIEM‑native queries) and understanding what makes a detection durable vs. brittle
- Clear and concise communication of intelligence products that are read and acted on
- Existing network in the threat intelligence community and a track record of productive bidirectional sharing
Responsibilities
- Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector — producing timely, actionable intelligence for Security Engineering stakeholders
- Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack
- Develop and execute intelligence‑driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections
- Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals
- Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near‑real‑time
- Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships — prioritizing what matters for Anthropic's threat model
- Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise
- Build and maintain external intelligence‑sharing relationships with peer companies, ISACs, and government partners
Technologies
PythonYARASigmaSnortSuricataSIEM‑native queriesPassive DNSCertificate pivotingNetflowAWSGCPKubernetesML infrastructureDeveloper toolingSupply chain toolsLLM and AI tooling
See if your resume is ready for this job
See how our AI can optimize your resume and improve your chances for this role.