Builds threat detection infrastructure, data pipelines, and tooling for threat intelligence team. Requires strong Python/SQL skills, experience with orchestration tools, YARA rules, and external API integrations.
300k – 320k/yr
HybridSecurity Engineering
About the role
Responsibilities
Build automated detection systems using disparate signals to identify abusive behavior.
Take systems from idea to proof-of-concept to production-grade with monitoring, documentation, and maintenance.
Develop and maintain YARA rule infrastructure, including tools for writing, validating, and testing rules.
Create integrations with external threat intelligence platforms (e.g. VirusTotal, Censys, Urlscan) via MCP servers.
Build data pipelines ingesting intelligence from RSS feeds, CTI news, and partners, using Claude for TTP extraction and hunting queries.
Develop behavioral analytics using DBT-based frameworks and searchable audit logging.
Establish feedback loops with investigators to tune detections and reduce false positives.
Scrape and normalize data from external sources for threat detection workflows.
You may be a good fit if you:
Strong coding proficiency in Python and SQL for detection logic, data pipelines, and automation.
Experience with data pipeline orchestration tools (Airflow, DBT, or similar).
Familiarity with threat intelligence concepts including IOCs, YARA rules, and threat correlation.
Experience integrating external APIs and building data ingestion systems.
Can translate investigator needs into technical requirements.
Comfortable building v0 systems and iterating on feedback.
Strong communication skills for non-engineering stakeholders.
Strong candidates may also have:
Experience with threat intelligence sharing frameworks (MISP, STIX/TAXII).
Background in cyber threat intelligence, security operations, or abuse detection.
Experience building MCP servers or similar AI tool integrations.
Familiarity with web scraping and data extraction at scale.
Experience with behavioral analytics or anomaly detection.
Lead detection and response engineering efforts, building tooling and processes to monitor threats, investigate incidents, and coordinate responses across Anthropic's technology stack. Requires 5+ years in detection engineering, incident response, or threat hunting.
300k – 405k/yr
Hybrid5+ YOESecurity Engineering
Research Engineer – Cybersecurity RL
AnthropicSan Francisco, CA +1
Research Engineer on Cybersecurity RL team advances AI models in secure coding, vulnerability remediation, and defensive cybersecurity using RL techniques. Requires cybersecurity expertise, ML experience, and strong engineering skills.
300k – 405k/yr
HybridSecurity Engineering
Application Security Engineer
AnthropicSan Francisco, CA +2
Partners with engineers to embed security in AI product development through threat modeling, secure reviews, tooling, and vulnerability management. Requires 5+ years experience, programming proficiency, and offensive security mindset.
300k – 405k/yr
Hybrid5+ YOESecurity Engineering
Researcher, Automated Red Teaming
OpenAISan Francisco, CA +1
Leads automated red teaming efforts to discover failure modes in frontier AI models, focusing on cyber, bio, and loss-of-control risks. Builds scalable systems and partners across teams to implement mitigations reducing catastrophic harm.
295k – 445k/yr
On-siteSecurity Engineering
Security Engineer, Host Assurance
OpenAISan Francisco, CA +1
Builds and operates Host Assurance platform to establish trust in bare-metal hosts for OpenAI's global infrastructure. Requires strong software engineering, deep expertise in PKI/HSM/cryptography/secure boot/host attestation, and ability to work across hardware-software boundaries at scale.