Security Engineer - Threat Intel
New York City, NY; Remote-Friendly (Travel-Required) | San Francisco, CA | Washington, DC; San Francisco, CA | New York City, NY
Cove Score breakdown
What last night's scan found for this job. The Cove Score formula isn't final yet, so this is the facts, not a number.
About the role
<div class="content-intro"><h2><strong>About Anthropic</strong></h2> <p>Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.</p></div><h2><strong>About the Role: </strong></h2> <p>Anthropic sits at the frontier of AI development, which makes us one of the most interesting targets in the world for nation-state and advanced criminal actors. The Threat Intelligence function within our Detection & Response team exists to make sure we see them coming. As a Threat Intelligence Engineer, you'll be a hands-on practitioner responsible for producing the actionable intelligence that drives our detections, hunts, and defensive priorities. You'll track the adversaries most likely to target a frontier AI lab, build the tooling and pipelines that turn raw indicators into operational defenses, and work shoulder-to-shoulder with detection engineers and incident responders to make sure intelligence actually changes outcomes. This is a builder's role on a small, high-leverage team — you'll have broad latitude to shape how threat intelligence is collected, analyzed, and operationalized at Anthropic. </p> <h2><strong>Responsibilities:</strong> </h2> <ul> <li>Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector — producing timely, actionable intelligence for Security Engineering stakeholders</li> <li>Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack</li> <li>Develop and execute intelligence-driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections</li> <li>Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals</li> <li>Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near-real-time</li> <li>Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships — prioritizing what matters for Anthropic's threat model</li> <li>Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise</li> <li>Build and maintain external intelligence-sharing relationships with peer companies, ISACs, and government partners</li> </ul> <h2><strong>You may be a good fit if you:</strong></h2> <ul> <li>Have 5+ years of hands-on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries</li> <li>Have deep, demonstrable knowledge of specific nation-state or advanced criminal threat actors — their tooling, infrastructure patterns, tradecraft, and targeting</li> <li>Are a strong engineer: you write production-quality Python (or similar), have built automation and data pipelines, and don't need to hand requirements to someone else to get tooling built</li> <li>Are comfortable performing malware analysis, infrastructure analysis (passive DNS, certificate pivoting, netflow), and log analysis to develop and validate your own findings</li> <li>Have experience authoring detection logic (YARA, Sigma, Snort/Suricata, or SIEM-native queries) and understand what makes a detection durable vs. brittle</li> <li>Can write clearly and concisely — your intelligence products are read and acted on, not filed away</li> <li>Have an existing network in the threat intelligence community and a track record of productive bidirectional sharing</li> </ul> <h2><strong>Strong candidates may have:</strong></h2> <ul> <li>Experience defending cloud-native and research-heavy environments (AWS/GCP, Kubernetes, ML infrastructure, developer tooling and supply chain)</li> <li>Prior work operating in a threat intelligence role tracking sophisticated or state-sponsored adversaries, where your analysis directly informed detection, threat hunting, and incident response</li> <li>Experience applying LLMs or other AI tooling to accelerate intelligence collection, enrichment, and analysis</li> <li>Public research, conference talks, or open-source tooling contributions in the CTI space</li> </ul> <p>Deadline to apply: None. Applications will be received on a rolling basis.</p><div class="content-pay-transparency"><div class="pay-input"><div class="description"><p>The annual compensation range for this role is listed below. </p> <p>For sales roles, the range provided is the role’s On Target Earnings ("OTE") range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role.</p></div><div class="title">Annual Salary:</div><div class="pay-range"><span>$320,000</span><span class="divider">—</span><span>$405,000 USD</span></div></div></div><div class="content-conclusion"><h2><strong>Logistics</strong></h2> <p><strong>Minimum education: </strong>Bachelor’s degree or an equivalent combination of education, training, and/or experience</p> <p><strong>Required field of study: </strong>A field relevant to the role as demonstrated through coursework, training, or professional experience</p> <p><strong>Minimum years of experience: </strong>Years of experience required will correlate with the internal job level requirements for the position</p> <p><strong>Location-based hybrid policy:</strong> Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.</p> <p><strong data-stringify-type="bold">Visa sponsorship:</strong> We do sponsor visas! However, we aren't able to successfully
Covesight rechecks every listing nightly. Last confirmed live: 2026-07-16.
Similar jobs
Free
One free daily alert, straight to your inbox
Full access to the eligibility-verified board, every listing, every day, no paywall on the facts. One free daily alert lands in your inbox each morning.
Get your free daily alert →Want it ranked and personalized every morning? See Covesight Plus →