Security Engineer - Threat Intel
Menlo Ventures, New York, NY, United States
About the Company
Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.
About the Role
Anthropic sits at the frontier of AI development, which makes us one of the most interesting targets in the world for nation‑state and advanced criminal actors. The Threat Intelligence function within our Detection & Response team exists to make sure we see them coming. As a Threat Intelligence Engineer, you’ll be a hands‑on practitioner responsible for producing the actionable intelligence that drives our detections, hunts, and defensive priorities. You’ll track the adversaries most likely to target a frontier AI lab, build the tooling and pipelines that turn raw indicators into operational defenses, and work shoulder‑to‑shoulder with detection engineers and incident responders to make sure intelligence actually changes outcomes. This is a builder’s role on a small, high‑leverage team — you’ll have broad latitude to shape how threat intelligence is collected, analyzed, and operationalized at Anthropic.
Responsibilities
Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector — producing timely, actionable intelligence for Security Engineering stakeholders
Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack
Develop and execute intelligence‑driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections
Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals
Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near‑real‑time
Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships — prioritizing what matters for Anthropic’s threat model
Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise
Build and maintain external intelligence‑sharing relationships with peer companies, ISACs, and government partners
Qualifications
Have 5+ years of hands‑on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries
Have deep, demonstrable knowledge of specific nation‑state or advanced criminal threat actors — their tooling, infrastructure patterns, tradecraft, and targeting
Are a strong engineer: you write production‑quality Python (or similar), have built automation and data pipelines, and you can deliver tooling independently
Are comfortable performing malware analysis, infrastructure analysis (passive DNS, certificate pivoting, netflow), and log analysis to develop and validate your own findings
Have experience authoring detection logic (YARA, Sigma, Snort/Suricata, or SIEM‑native queries) and understand what makes a detection durable versus brittle
Can write clearly and concisely — your intelligence products are read and acted on, not filed away
Have an existing network in the threat intelligence community and a track record of productive bidirectional sharing
Strong Candidates May Have
Experience defending cloud‑native and research‑heavy environments (AWS/GCP, Kubernetes, ML infrastructure, developer tooling, and supply chain)
Prior work operating in a threat intelligence role tracking sophisticated or state‑sponsored adversaries, where your analysis directly informed detection, threat hunting, and incident response
Experience applying LLMs or other AI tooling to accelerate intelligence collection, enrichment, and analysis
Public research, conference talks, or open‑source tooling contributions in the CTI space
Annual Salary
$320,000—$405,000 USD
Logistics
Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience
Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience
Minimum years of experience: Correlates with the internal job level requirements for the position
Location‑based hybrid policy: We expect all staff to be in one of our offices at least 25% of the time. Some roles may require more time in our offices.
Visa sponsorship: We do sponsor visas. If we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.
#J-18808-Ljbffr
Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.
About the Role
Anthropic sits at the frontier of AI development, which makes us one of the most interesting targets in the world for nation‑state and advanced criminal actors. The Threat Intelligence function within our Detection & Response team exists to make sure we see them coming. As a Threat Intelligence Engineer, you’ll be a hands‑on practitioner responsible for producing the actionable intelligence that drives our detections, hunts, and defensive priorities. You’ll track the adversaries most likely to target a frontier AI lab, build the tooling and pipelines that turn raw indicators into operational defenses, and work shoulder‑to‑shoulder with detection engineers and incident responders to make sure intelligence actually changes outcomes. This is a builder’s role on a small, high‑leverage team — you’ll have broad latitude to shape how threat intelligence is collected, analyzed, and operationalized at Anthropic.
Responsibilities
Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector — producing timely, actionable intelligence for Security Engineering stakeholders
Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack
Develop and execute intelligence‑driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections
Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals
Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near‑real‑time
Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships — prioritizing what matters for Anthropic’s threat model
Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise
Build and maintain external intelligence‑sharing relationships with peer companies, ISACs, and government partners
Qualifications
Have 5+ years of hands‑on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries
Have deep, demonstrable knowledge of specific nation‑state or advanced criminal threat actors — their tooling, infrastructure patterns, tradecraft, and targeting
Are a strong engineer: you write production‑quality Python (or similar), have built automation and data pipelines, and you can deliver tooling independently
Are comfortable performing malware analysis, infrastructure analysis (passive DNS, certificate pivoting, netflow), and log analysis to develop and validate your own findings
Have experience authoring detection logic (YARA, Sigma, Snort/Suricata, or SIEM‑native queries) and understand what makes a detection durable versus brittle
Can write clearly and concisely — your intelligence products are read and acted on, not filed away
Have an existing network in the threat intelligence community and a track record of productive bidirectional sharing
Strong Candidates May Have
Experience defending cloud‑native and research‑heavy environments (AWS/GCP, Kubernetes, ML infrastructure, developer tooling, and supply chain)
Prior work operating in a threat intelligence role tracking sophisticated or state‑sponsored adversaries, where your analysis directly informed detection, threat hunting, and incident response
Experience applying LLMs or other AI tooling to accelerate intelligence collection, enrichment, and analysis
Public research, conference talks, or open‑source tooling contributions in the CTI space
Annual Salary
$320,000—$405,000 USD
Logistics
Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience
Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience
Minimum years of experience: Correlates with the internal job level requirements for the position
Location‑based hybrid policy: We expect all staff to be in one of our offices at least 25% of the time. Some roles may require more time in our offices.
Visa sponsorship: We do sponsor visas. If we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.
#J-18808-Ljbffr