# Threat Collections Engineer

**Company:** [Anthropic](https://hotfix.jobs/companies/anthropic)
**Location:** San Francisco, CA, Washington, DC
**Role:** Security Engineering
**Salary:** $300k – $320k/yr
**Skills:** Python, SQL, Yara, dbt, Airflow, Virustotal, Censys, Urlscan, Misp, Stix/Taxii
**Posted:** 2026-02-12

> Builds threat detection infrastructure, data pipelines, and tooling for threat intelligence team. Requires strong Python/SQL skills, experience with orchestration tools, YARA rules, and external API integrations.

## Job Description

## Responsibilities

- Build automated detection systems using disparate signals to identify abusive behavior.
- Take systems from idea to proof-of-concept to production-grade with monitoring, documentation, and maintenance.
- Develop and maintain YARA rule infrastructure, including tools for writing, validating, and testing rules.
- Create integrations with external threat intelligence platforms (e.g. VirusTotal, Censys, Urlscan) via MCP servers.
- Build data pipelines ingesting intelligence from RSS feeds, CTI news, and partners, using Claude for TTP extraction and hunting queries.
- Develop behavioral analytics using DBT-based frameworks and searchable audit logging.
- Establish feedback loops with investigators to tune detections and reduce false positives.
- Scrape and normalize data from external sources for threat detection workflows.

## You may be a good fit if you:

- Strong coding proficiency in **Python** and **SQL** for detection logic, data pipelines, and automation.
- Experience with data pipeline orchestration tools (**Airflow**, **DBT**, or similar).
- Familiarity with threat intelligence concepts including IOCs, **YARA** rules, and threat correlation.
- Experience integrating external APIs and building data ingestion systems.
- Can translate investigator needs into technical requirements.
- Comfortable building v0 systems and iterating on feedback.
- Strong communication skills for non-engineering stakeholders.

## Strong candidates may also have:

- Experience with threat intelligence sharing frameworks (**MISP**, **STIX/TAXII**).
- Background in cyber threat intelligence, security operations, or abuse detection.
- Experience building MCP servers or similar AI tool integrations.
- Familiarity with web scraping and data extraction at scale.
- Experience with behavioral analytics or anomaly detection.
- Understanding of LLM capabilities for automation.
- Top Secret Clearance.

**Annual Salary:** $300,000—$320,000 USD

## Similar roles

- [Security Engineer, Detection & Response](https://hotfix.jobs/jobs/8fbbaee5-e02c-4617-8eba-262d886cda43) - Anthropic - San Francisco, CA - $300k – $405k/yr
- [Research Engineer – Cybersecurity RL](https://hotfix.jobs/jobs/75c8b1b1-6058-41b5-9cb0-b89086964f6f) - Anthropic - San Francisco, CA - $300k – $405k/yr
- [Application Security Engineer](https://hotfix.jobs/jobs/201cf91f-ce1c-4b0e-9865-4cb8d9294c00) - Anthropic - San Francisco, CA - $300k – $405k/yr
- [Researcher, Automated Red Teaming](https://hotfix.jobs/jobs/c8bad9d3-b859-4225-a74f-118514d784b4) - OpenAI - San Francisco, CA - $295k – $445k/yr
- [Security Engineer, Host Assurance](https://hotfix.jobs/jobs/b25f415d-5149-4104-a91a-384cc6f42e57) - OpenAI - San Francisco, CA - $293k – $385k/yr

**Apply:** https://hotfix.jobs/jobs/c0c31e7e-6d1b-48ef-a06a-69c21286e94b
**Canonical:** https://hotfix.jobs/jobs/c0c31e7e-6d1b-48ef-a06a-69c21286e94b