Security Engineer (Threat Intelligence)

TL;DR

Security Engineer (Threat Intelligence): Producing actionable intelligence to drive detections, hunts, and defensive priorities for a frontier AI lab with an accent on tracking sophisticated adversaries and automating intelligence pipelines. Focus on building tooling to turn raw indicators into operational defenses and executing intelligence-driven threat hunts.

Location: Hybrid (Must be based in the US). Offices in New York City, San Francisco, and Washington, DC. Staff are expected to be in one of these offices at least 25% of the time.

Salary: $320,000 - $405,000 USD per year

Company

Anthropic is a public benefit corporation focused on creating reliable, interpretable, and steerable AI systems that are safe and beneficial for society.

What you will do

• Research and track threat actors targeting AI labs, cloud infrastructure, and the broader technology sector.
• Build and maintain automated pipelines to collect and operationalize indicators of compromise into the detection stack.
• Execute intelligence-driven threat hunts across endpoint, cloud, identity, and SaaS telemetry.
• Perform technical analysis of malware and phishing infrastructure to extract TTPs and attribution signals.
• Collaborate with Detection Engineering and Incident Response to translate intelligence into real-time detection rules.
• Manage external intelligence-sharing relationships with peer companies, ISACs, and government partners.

Requirements

• 5+ years of hands-on experience in cyber threat intelligence, threat hunting, or intrusion analysis.
• Deep, demonstrable knowledge of nation-state or advanced criminal threat actors, including their tooling and tradecraft.
• Proficiency in writing production-quality Python to build automation and data pipelines.
• Experience performing malware analysis and infrastructure analysis (passive DNS, certificate pivoting, netflow).
• Ability to author durable detection logic using YARA, Sigma, Snort/Suricata, or SIEM-native queries.
• Must be based in the US and able to visit offices in NY, SF, or DC at least 25% of the time.

Nice to have

• Experience defending cloud-native environments (AWS/GCP, Kubernetes, ML infrastructure).
• Prior work tracking state-sponsored adversaries where analysis directly informed response.
• Experience applying LLMs or AI tooling to accelerate intelligence collection and analysis.
• Public research, conference talks, or open-source tooling contributions in the CTI space.

Culture & Benefits

• Competitive compensation with optional equity donation matching.
• Generous vacation and parental leave.
• Flexible working hours and highly collaborative research-driven environment.
• Visa sponsorship is available for qualified candidates.