Threat Intelligence Engineer na Anthropic

Remoto - Remote

Candidatar-se
Ver mais vagas na Anthropic

Anthropic seeks a Threat Intelligence Engineer to build and maintain the infrastructure powering our threat discovery capabilities. The role involves integrating external data sources, developing automated detection systems, creating internal tooling, and scaling investigator impact. Working closely with investigators, the engineer will take projects from proof‑of‑concept to production, leveraging tools such as Python, SQL, Airflow, DBT, and YARA rules to enhance threat intelligence and behavioral analytics.

Salary

USD 320,000 - 405,000

Requirements

Skills

  • Strong coding proficiency in Python and SQL
  • Experience with data pipeline orchestration tools such as Airflow, DBT, or similar
  • Familiarity with threat intelligence concepts including IOCs, YARA rules, and threat correlation techniques
  • Experience integrating external APIs and building data ingestion systems
  • Ability to translate investigator needs and workflows into technical requirements
  • Comfortable building v0 systems and iterating based on user feedback
  • Strong communication skills for working closely with non‑engineering stakeholders
  • Experience with threat intelligence sharing frameworks (e.g., MISP, STIX/TAXII)
  • Background in cyber threat intelligence, security operations, or abuse detection
  • Experience building MCP servers or similar tool integrations for AI systems
  • Familiarity with web scraping and data extraction at scale
  • Experience with behavioral analytics or anomaly detection systems
  • Understanding of LLM capabilities and how to leverage them for automation
  • Top Secret clearance

Responsibilities

  • Build automated detection systems that use disparate signals to identify abusive behavior
  • Take systems from idea to proof‑of‑concept to production‑grade with appropriate monitoring, documentation, and maintenance processes
  • Develop and maintain YARA rule infrastructure, including tools for writing, validating, and testing rules against real data
  • Create integrations with external threat intelligence platforms (e.g., VirusTotal, Censys, Urlscan) via MCP servers to enable multi‑source correlation during investigations
  • Build data pipelines that ingest intelligence from RSS feeds, CTI news sources, and partner sharing, using Claude to extract TTPs and generate targeted hunting queries
  • Develop behavioral analytics capabilities using DBT‑based frameworks and create searchable audit logging infrastructure
  • Establish feedback loops with investigators to tune detection systems and reduce false positives
  • Scrape and normalize data from external sources to feed threat detection and enrichment workflows

Technologies

PythonSQLAirflowDBTYARAVirusTotalCensysUrlscanMCP serversClaudeSTIX/TAXIIMISP

Compartilhar vaga

Descubra se seu currículo está pronto para esta vaga

Veja como nossa IA pode otimizar seu currículo e aumentar suas chances de conseguir esta posição.