Security Engineer - Threat Intel
About the role
The Threat Intelligence Engineer at Anthropic is responsible for producing actionable intelligence that drives detections, hunts, and defensive priorities. This role involves researching, tracking, and reporting on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector. The ideal candidate will also build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into the detection and alerting stack.
Responsibilities
- Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector — producing timely, actionable intelligence for Security Engineering stakeholders
- Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack
- Develop and execute intelligence-driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections
- Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals
- Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near-real-time
- Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships — prioritizing what matters for Anthropic's threat model
- Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise
- Build and maintain external intelligence-sharing relationships with peer companies, ISACs, and government partners
Requirements
- 5+ years of hands-on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries
- Deep, demonstrable knowledge of specific nation-state or advanced criminal threat actors — their tooling, infrastructure patterns, tradecraft, and targeting
- A strong engineer: you write production-quality Python (or similar), have built automation and data pipelines, and don't need to hand requirements to someone else to get tooling built
- Comfortable performing malware analysis, infrastructure analysis (passive DNS, certificate pivoting, netflow), and log analysis to develop and validate your own findings
- Experience authoring detection logic (YARA, Sigma, Snort/Suricata, or SIEM-native queries) and understand what makes a detection durable vs. brittle
- Write clearly and concisely — your intelligence products are read and acted on, not filed away
- An existing network in the threat intelligence community and a track record of productive bidirectional sharing
Qualifications
- Strong candidates may have experience defending cloud-native and research-heavy environments (AWS/GCP, Kubernetes, ML infrastructure, developer tooling and supply chain)
- Prior work operating in a threat intelligence role tracking sophisticated or state-sponsored adversaries, where your analysis directly informed detection, threat hunting, and incident response
- Experience applying LLMs or other AI tooling to accelerate intelligence collection, enrichment, and analysis
- Public research, conference talks, or open-source tooling contributions in the CTI space
Benefits
Annual compensation range for this role is listed below. For sales roles, the range provided is the role’s On Target Earnings ("OTE") range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role. Annual Salary $320,000—$405,000 USD
Schedule
Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
Location-based Hybrid Policy
We currently expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
Visa Sponsorship
We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this. We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed.
How We're Different
We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills. The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences.
Guidance on Candidates' AI Usage
We are committed to ensuring that our AI systems are used ethically and responsibly. We encourage all candidates to review our policy on AI usage during the application process.