Security Engineer - Threat Intel

at Anthropic

📍 United States
📍 Washington, United States
📍 New York City, United States
📍 San Francisco, United States

USD 320,000-405,000 per year

MIDDLE SENIOR

✅ Hybrid

✅ Visa Sponsorship

Used Tools & Technologies

Machine Learning LLM

Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value. About proficiency levels:

1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;

3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;

7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;

10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.

Security @ 3 Kubernetes @ 3 Python @ 6 GCP @ 3 AWS @ 3 AI @ 3 Data Pipelines @ 6

Details

Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

As a Threat Intelligence Engineer, you'll be a hands-on practitioner responsible for producing the actionable intelligence that drives our detections, hunts, and defensive priorities. You'll track the adversaries most likely to target a frontier AI lab, build the tooling and pipelines that turn raw indicators into operational defenses, and work shoulder-to-shoulder with detection engineers and incident responders to make sure intelligence actually changes outcomes. This is a builder's role on a small, high-leverage team — you'll have broad latitude to shape how threat intelligence is collected, analyzed, and operationalized at Anthropic.

Responsibilities

Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector — producing timely, actionable intelligence for Security Engineering stakeholders
Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack
Develop and execute intelligence-driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections
Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals
Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near-real-time
Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships — prioritizing what matters for Anthropic's threat model
Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise
Build and maintain external intelligence-sharing relationships with peer companies, ISACs, and government partners

Requirements

5+ years of hands-on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries
Deep, demonstrable knowledge of specific nation-state or advanced criminal threat actors — their tooling, infrastructure patterns, tradecraft, and targeting
Strong engineering skills: ability to write production-quality Python (or similar), build automation and data pipelines, and independently deliver tooling
Comfortable performing malware analysis, infrastructure analysis (passive DNS, certificate pivoting, netflow), and log analysis to develop and validate findings
Experience authoring detection logic (YARA, Sigma, Snort/Suricata, or SIEM-native queries) and understanding what makes a detection durable vs. brittle
Clear and concise technical writing skills; intelligence products are consumed and acted on
Existing network in the threat intelligence community and a track record of productive bidirectional sharing

Strong candidates may have

Experience defending cloud-native and research-heavy environments (AWS/GCP, Kubernetes, ML infrastructure, developer tooling and supply chain)
Prior work operating in a threat intelligence role tracking sophisticated or state-sponsored adversaries, where analysis directly informed detection, threat hunting, and incident response
Experience applying LLMs or other AI tooling to accelerate intelligence collection, enrichment, and analysis
Public research, conference talks, or open-source tooling contributions in the CTI space

Compensation

Annual Salary: $320,000 - $405,000 USD

Logistics

Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience
Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience
Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position
Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
Visa sponsorship: We do sponsor visas and retain an immigration lawyer to help with this, though we aren't able to successfully sponsor visas for every role and every candidate

Benefits

Competitive compensation and benefits
Optional equity donation matching
Generous vacation and parental leave
Flexible working hours
Office space for collaboration

Application details

Deadline to apply: None. Applications will be received on a rolling basis.
Guidance on Candidates' AI Usage: link provided in original posting for candidate AI guidance.