You will design and ship high-precision detections across cloud services and enterprise SaaS, develop automation that shortens response timelines, and mature the telemetry pipelines that make it all possible. Your ability to write production-quality code is just as important as your ability to triage an alert.

Responsibilities:

• Engineer, test, and deploy detection logic across cloud and enterprise environments, treating detections as software with version control, peer review, and measurable performance.

• Build and maintain incident response automation, runbooks, and tooling that reduce containment timelines without sacrificing developer velocity.

• Mature telemetry pipelines through improved schema design, normalization, enrichment, and quality checks that reduce false positives and increase signal fidelity.

• Perform digital incident investigations to identify and contain potential security breaches.

• Conduct digital forensics and malware analysis to understand attack vectors and adversary methodologies.

• Integrate alerting with messaging and ticketing systems to enable fast, traceable response workflows.

• Partner cross-functionally with IT, security, and engineering teams to harden identity and access patterns, close logging and forensics gaps, and implement maintainable guardrails that scale with the organisation.

• Utilize threat intelligence platforms to improve hunting, detection, and response workflows.

• Clearly explain the significance and impact of incidents, providing actionable recommendations to both technical and non-technical stakeholders.

Ideal Candidate:

• 5+ years of experience in Detection Engineering, Incident Response, or Security Operations, with a strong emphasis on building and shipping security tooling and automation.

• Proficiency in at least one programming language (e.g., Python, Go) and comfort writing production-grade code , not just scripts.

• Hands-on experience designing or improving detection pipelines, SIEM content, and alerting workflows in cloud-native environments.

• Practical experience with SIEM, EDR, and SOAR tools, with a preference for candidates who have built integrations or extended these platforms programmatically.

• Strong understanding of modern cyber threats, common attack techniques, and adversary TTPs.

• Familiarity with digital forensics tools and malware analysis techniques.

• Experience with cloud-native environments (e.g., AWS, GCP, Azure) and the security telemetry those environments generate.

• Exposure to threat intelligence platforms and integrating intel into detection and investigation workflows.

• Strong communication skills, with the ability to translate complex security findings into clear business impact.

• Relevant security certifications (e.g., GCIH, GCFA, GCIA, CISSP, GDSA) are a plus.

Compensation packages at Scale for eligible roles include base salary, equity, and benefits. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position, determined by work location and additional factors, including job-related skills, experience, interview performance, and relevant education or training. Scale employees in eligible roles are also granted equity based compensation, subject to Board of Director approval. Your recruiter can share more about the specific salary range for your preferred location during the hiring process, and confirm whether the hired role will be eligible for equity grant. You’ll also receive benefits including, but not limited to: Comprehensive health, dental and vision coverage, retirement benefits, a learning and development stipend, and generous PTO. Additionally, this role may be eligible for additional benefits such as a commuter stipend.

XML job scraping automation by YubHub

We are looking for a Technical Cyber Threat Investigator to join our Threat Intelligence team. In this role, you will be responsible for detecting, investigating, and disrupting the misuse of Anthropic's AI systems for malicious cyber operations.

You will work at the intersection of AI safety and cybersecurity, conducting thorough investigations into potential misuse cases, developing novel detection techniques, and building robust defenses against emerging cyber threats in the rapidly evolving landscape of AI-enabled risks. Your work will directly protect the broader ecosystem from sophisticated threat actors who seek to leverage AI technology for harm.

Responsibilities

• Detect and investigate attempts to misuse Anthropic's AI systems for cyber operations, including influence operations, malware development, social engineering, and other adversarial activities

• Develop abuse signals and tracking strategies to proactively detect sophisticated threat actors across our platform

• Create actionable intelligence reports on new attack vectors, vulnerabilities, and threat actor TTPs targeting LLM systems

• Conduct cross-platform threat analysis grounded in real threat actor behavior, using open-source research, dark web monitoring, and internal data

• Utilize investigation findings to implement systematic improvements to our safety approach and mitigate harm at scale

• Study trends internally and in the broader ecosystem to anticipate how AI systems could be misused, generating and publishing reports

• Build and maintain relationships with external threat intelligence partners, information sharing communities, and government stakeholders

• Work cross-functionally to build out our threat intelligence program, establishing processes, tools, and best practices

You may be a good fit if you

• Have demonstrated proficiency in SQL and Python for data analysis and threat detection

• Have experience with large language models and understanding of how AI technology could be misused for cyber threats

• Have subject matter expertise in abusive user behaviour detection, such as influence operations, coordinated inauthentic behaviour, or cyber threat intelligence

• Have experience tracking threat actors across surface, deep, and dark web environments

• Can derive insights from large datasets to make key decisions and recommendations

• Have experience with threat actor profiling and utilising threat intelligence frameworks (MITRE ATT&CK, etc.)

• Have strong project management skills and ability to build processes from the ground up

• Possess excellent communication skills to collaborate with cross-functional teams and present to leadership

Strong candidates may also have

• Experience working with government agencies or in regulated environments

• Background in AI safety, machine learning security, or technology abuse investigation

• Experience building and scaling threat detection systems or abuse monitoring programs

• Active Top Secret security clearance

Deadline to apply

None. Applications will be reviewed on a rolling basis.

Logistics

• Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience.

• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

We encourage you to apply even if you do not believe you meet every single qualification.

Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.

Your safety matters to us.

To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/career

XML job scraping automation by YubHub