You will design and ship high-precision detections across cloud services and enterprise SaaS, develop automation that shortens response timelines, and mature the telemetry pipelines that make it all possible. Your ability to write production-quality code is just as important as your ability to triage an alert.

Responsibilities:

• Engineer, test, and deploy detection logic across cloud and enterprise environments, treating detections as software with version control, peer review, and measurable performance.

• Build and maintain incident response automation, runbooks, and tooling that reduce containment timelines without sacrificing developer velocity.

• Mature telemetry pipelines through improved schema design, normalization, enrichment, and quality checks that reduce false positives and increase signal fidelity.

• Perform digital incident investigations to identify and contain potential security breaches.

• Conduct digital forensics and malware analysis to understand attack vectors and adversary methodologies.

• Integrate alerting with messaging and ticketing systems to enable fast, traceable response workflows.

• Partner cross-functionally with IT, security, and engineering teams to harden identity and access patterns, close logging and forensics gaps, and implement maintainable guardrails that scale with the organisation.

• Utilize threat intelligence platforms to improve hunting, detection, and response workflows.

• Clearly explain the significance and impact of incidents, providing actionable recommendations to both technical and non-technical stakeholders.

Ideal Candidate:

• 5+ years of experience in Detection Engineering, Incident Response, or Security Operations, with a strong emphasis on building and shipping security tooling and automation.

• Proficiency in at least one programming language (e.g., Python, Go) and comfort writing production-grade code , not just scripts.

• Hands-on experience designing or improving detection pipelines, SIEM content, and alerting workflows in cloud-native environments.

• Practical experience with SIEM, EDR, and SOAR tools, with a preference for candidates who have built integrations or extended these platforms programmatically.

• Strong understanding of modern cyber threats, common attack techniques, and adversary TTPs.

• Familiarity with digital forensics tools and malware analysis techniques.

• Experience with cloud-native environments (e.g., AWS, GCP, Azure) and the security telemetry those environments generate.

• Exposure to threat intelligence platforms and integrating intel into detection and investigation workflows.

• Strong communication skills, with the ability to translate complex security findings into clear business impact.

• Relevant security certifications (e.g., GCIH, GCFA, GCIA, CISSP, GDSA) are a plus.

Compensation packages at Scale for eligible roles include base salary, equity, and benefits. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position, determined by work location and additional factors, including job-related skills, experience, interview performance, and relevant education or training. Scale employees in eligible roles are also granted equity based compensation, subject to Board of Director approval. Your recruiter can share more about the specific salary range for your preferred location during the hiring process, and confirm whether the hired role will be eligible for equity grant. You’ll also receive benefits including, but not limited to: Comprehensive health, dental and vision coverage, retirement benefits, a learning and development stipend, and generous PTO. Additionally, this role may be eligible for additional benefits such as a commuter stipend.

XML job scraping automation by YubHub

As a Detection and Response Engineering Manager, you will collaborate closely with teams and leaders across Anthropic, focusing on the observability, detection, investigation, incident response, and intelligence portions of the security lifecycle. You will also navigate prioritization in a fast-paced frontier environment, balancing operational demands with building innovative, scalable solutions for the future.

Key responsibilities include:

• Managing and growing a high-performing D&R team, planning strategy and hiring to support Anthropic's rapid growth and unique AI safety requirements

• Collaborating across security engineering teams to build comprehensive prevention, observability, detection, and response capabilities throughout the security lifecycle

• Facilitating development of scalable, AI-leveraged D&R solutions that enable self-service observability and detection capabilities across Anthropic

• Building partnerships with product, infrastructure, and research teams to instill security monitoring best practices

• Owning and continuously improving Security Incident Response, Data Management, and Detection Engineering policies and playbooks

• Operating our threat intelligence program and maintaining relationships with external security partners and information sharing communities

• Continuously driving capability maturity across the detection lifecycle, establishing metrics and KPIs to measure effectiveness

Requirements include:

• 10+ years building detection and response capabilities in a cloud-native organization

• 5+ years of engineering management experience with a proven track record of building and scaling security teams

• Deep understanding of security monitoring, threat detection, incident response, and forensics best practices

• Experienced in securing complex cloud environments (Kubernetes, AWS/GCP) with modern detection technologies

• Knowledgeable in AI/ML security risks, detection patterns, and response strategies

• Strong verbal and written communication skills with the ability to distill complex security topics

• Skilled at collaborating cross-functionally and effectively balancing security requirements with business objectives

• Able to drive high-impact work while incorporating feedback and adapting to changing priorities

• Passionate about building diverse, high-performing teams and growing engineers in a fast-paced environment

• Low ego, high empathy, and have a track record as a talent magnet who attracts and retains top security talent

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed.

XML job scraping automation by YubHub

At Cloudflare, we are on a mission to help build a better Internet. We run one of the world's largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies.

Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks.

About the Team

Cloudforce One is Cloudflare's threat operations and research team, responsible for identifying and disrupting cyber threats ranging from sophisticated cyber criminal activity to nation-state advanced persistent threats (APTs).

About the Role

We are seeking a talented Senior Manager, Incident Response to join us in growing our Cloudforce One organization, where you will be instrumental in building a proactive and threat intelligence-driven approach to protecting Cloudflare and its customers from sophisticated and evolving threat actors.

Responsibilities

As a REACT Consultant, you will respond to customer security incidents in on-premises and cloud environments. You will detect and disrupt cyber threat activity across customer networks and cloud environments. You will engage with customers at all levels including Executive, VP, Director, and managerial levels. You will serve an integral role in the discovery and analysis of cyber threat intrusions, working alongside forensic analysts, threat researchers, detection engineers, and malware analysts to detect and mitigate malicious activity.

The findings you uncover will help identify Tactics, Techniques, and Procedures (TTPs) of ongoing threat activity to protect your customer and the greater Cloudflare customer base.

Requirements

Our ideal candidate will have 1-2 years of previous experience in cybersecurity with at least 1+ years in Digital Forensics or Incident Response. Candidates will have experience with hands-on forensic analysis in a Windows, Mac, and Linux environment. Ideally, this candidate will have experience triaging malware using static or dynamic analysis on Windows, macOS, or UNIX-based platforms.

You will be responsible correlating threat actor activity across the customers environment. Outstanding candidates will possess excellent verbal and written communication skills. You will also have experience with incident response reports and reliably be able to write simple scripts in Python or Golang.

Examples of desirable skills, knowledge and experience include:

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, related technical field, or equivalent training/practical experience
• 3+ years of previous experience in cyber security
• 2+ years of Incident Response experience
• 1+ years of customer-facing role
• Incident Response: experience conducting or managing incident response investigations for organizations, investigating targeted threats such as the Advanced Persistent Threat, Organized Crime, and Hacktivists
• Computer Forensic Analysis: a background using a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise
• Network Forensic Analysis: strong knowledge of network protocols, network analysis tools like Bro/Zeek or Suricata, and ability to perform analysis of associated network logs
• Reverse Engineering: ability to understand the capabilities of static and dynamic malware analysis
• Incident Remediation: strong understanding of targeted attacks and able to create customized tactical and strategic remediation plans for compromised organizations
• Network Operations and Architecture/Engineering: strong understanding of secure network architecture and strong background in performing network operations
• Cloud Incident Response: knowledge in any of the following areas: AWS, Azure, GCP incident response methodologies
• Communications: strong ability to communicate executive and/or detailed level findings to clients; ability to effectively communicate tasks, guidance, and methodology with internal teams
• Strong written and verbal communication skills, with the ability to establish and maintain strong working relationships with business groups
• Technical knowledge of common network protocols and design patterns including TCP/IP, HTTPS, FTP, SFTP, SSH, RDP, CIFS/SMB, NFS
• Familiarity with various cloud environments (AWS, Azure, O365, Google, Cloudflare)
• Understanding of MITRE ATT&CK and NIST Cyber Security Frameworks standards and requirements
• In-depth understanding of Windows operating systems and general knowledge of Unix, Linux, and Mac operating systems

Bonus Points:

• Proficient in Python or Golang, capable of writing modular code that can be installed on a remote system
• Proficient with Yara and writing rules to detect similar malware samples
• Understanding of source code, hex, binary, regular expression, data correlation, and analysis such as network flow and system logs
• Practical malware analysis experience with static, dynamic, and automated malware analysis techniques
• Possess mid-level experience as a Malware Analyst able to reverse engineer various file formats and analyze complex malware samples
• Reverse engineering experience with APT malware with an understanding of common infection vectors
• Knowledgeable of current malware techniques to evade detection and obstruct analysis
• Experience writing malware reports on unique and interesting aspects of malware
• Experience with malware attribution
• Experience with tracking and identifying threats through Indicator of Compromise (IOCs) pivoting and infrastructure enumeration
• Familiarity with bash command line executables to conduct static analysis and investigate IOCs

Travel requirements

Ability to travel up to 20% of the time

Position may require foreign and domestic travel, passport will be required

XML job scraping automation by YubHub

Responsibilities:

• Certifications like CISA, CRISC, CGEIT, Security+, CASP+, or similar are preferred.
• Drive continual improvement in processes, procedures, and automations to improve the quality and effectiveness of the team.
• Participate in a 24/7 on-call rotation performing security incident response.
• Commandeering security incidents and updating stakeholders.
• Identify and develop new detection use cases and optimize existing detections.
• Collaborate on technical directions and solutions with other teams.
• Research and analyze patterns in security events across X's global infrastructure.
• Identify, design, and lead threat hunting missions to quantify and reduce threats.
• Manage and support the log collection, security scanning, intrusion detection, and other security-related systems.
• Design and assist in the development of automation to reduce false positives and handle events automatically.
• Analyze the security posture of systems via testing and vulnerability impact analysis.

Basic Qualifications:

• 2+ years of relevant information security experience.
• Self-starter, can receive a task and execute with minimal supervision.
• Strong Python scripting skills for implementing security automation.
• Knowledge of networking and macOS, Windows, or Linux operating systems.
• Knowledge of cloud security fundamentals and practices (vendor agnostic).
• Experience managing and/or deploying security technology.
• Experience with building queries and dashboards for security monitoring.
• Knowledge of current threats and techniques and a desire to research and learn more.
• Experience with malware analysis, forensics, or penetration testing.
• Problem-solving skills or experience with troubleshooting.

ITAR Requirements:

To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.

Preferred Skills and Experience:

• Elastic / OpenSearch or similar platforms.
• Open Source security automation tooling.

Compensation and Benefits:

$180,000 - $440,000 USD. Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

XML job scraping automation by YubHub

Design and develop cybersecurity tools for real-time embedded, embedded Linux, and Android systems. Implement an endpoint detection and response agent for use on Anduril products. Develop thorough testing and qualification procedures for security-critical components. Collaborate with cross-functional teams to identify specific security needs and implement solutions. Conduct code reviews and ensure adherence to security best practices. Stay updated on the latest security threats and technologies.

Required qualifications:

• 2+ years of software development experience in some combination of Golang, Rust, or C/C++.
• Experience with Linux observability and eBPF.
• Strong understanding of Linux security internals.
• Experience debugging and optimising performance of Linux software.
• Experience with CI/CD and test automation, including for mobile and embedded devices.
• Solid understanding of cybersecurity principles and practices.
• Ability to obtain and hold a U.S. Secret security clearance.

Preferred qualifications:

• Knowledge of security frameworks and compliance standards.
• Experience in mobile development, specifically on Android platforms.
• Experience implementing EDR tooling.
• Experience with SOC operations, forensics, and incident response practices.
• Strong problem-solving and analytical skills.
• Excellent communication and teamwork abilities.

US Salary Range $126,000-$191,000 USD

XML job scraping automation by YubHub

Design and develop cybersecurity tools for real-time embedded, embedded Linux, and Android systems. Implement an endpoint detection and response agent for use on Anduril products. Develop thorough testing and qualification procedures for security-critical components. Collaborate with cross-functional teams to identify specific security needs and implement solutions. Conduct code reviews and ensure adherence to security best practices. Stay updated on the latest security threats and technologies.

Required qualifications include 2+ years of software development experience in Golang, Rust, or C/C++, experience with Linux observability and eBPF, strong understanding of Linux security internals, and experience debugging and optimizing performance of Linux software.

Preferred qualifications include knowledge of security frameworks and compliance standards, experience in mobile development, specifically on Android platforms, experience implementing EDR tooling, and experience with SOC operations, forensics, and incident response practices.

US Salary Range $166,000-$253,000 USD

XML job scraping automation by YubHub

Design and develop cybersecurity tools for real-time embedded, embedded Linux, and Android systems. Implement an endpoint detection and response agent for use on Anduril products. Develop thorough testing and qualification procedures for security-critical components. Collaborate with cross-functional teams to identify specific security needs and implement solutions. Conduct code reviews and ensure adherence to security best practices. Stay updated on the latest security threats and technologies.

Required qualifications:

• 2+ years of software development experience in some combination of Golang, Rust, or C/C++.
• Experience with Linux observability and eBPF.
• Strong understanding of Linux security internals.
• Experience debugging and optimizing performance of Linux software.
• Experience with CI/CD and test automation, including for mobile and embedded devices.
• Solid understanding of cybersecurity principles and practices.
• Ability to obtain and hold a U.S. Secret security clearance.

Preferred qualifications:

• Knowledge of security frameworks and compliance standards.
• Experience in mobile development, specifically on Android platforms.
• Experience implementing EDR tooling.
• Experience with SOC operations, forensics, and incident response practices.
• Strong problem-solving and analytical skills.
• Excellent communication and teamwork abilities.

US Salary Range $166,000-$253,000 USD

XML job scraping automation by YubHub

Design and develop cybersecurity tools for real-time embedded, embedded Linux, and Android systems. Implement an endpoint detection and response agent for use on Anduril products. Develop thorough testing and qualification procedures for security-critical components. Collaborate with cross-functional teams to identify specific security needs and implement solutions. Conduct code reviews and ensure adherence to security best practices. Stay updated on the latest security threats and technologies.

Required qualifications include 2+ years of software development experience in some combination of Golang, Rust, or C/C++, experience with Linux observability and eBPF, strong understanding of Linux security internals, experience debugging and optimizing performance of Linux software, experience with CI/CD and test automation, including for mobile and embedded devices, solid understanding of cybersecurity principles and practices, and ability to obtain and hold a U.S. Secret security clearance validate required qualifications.

Preferred qualifications include knowledge of security frameworks and compliance standards, experience in mobile development, specifically on Android platforms, experience implementing EDR tooling, experience with SOC operations, forensics, and incident response practices, strong problem-solving and analytical skills, and excellent communication and teamwork abilities.

US Salary Range $113,000-$171,000 USD

XML job scraping automation by YubHub

Responsibilities

• Monitor and analyse security alerts and logs to identify potential threats and anomalies
• Develop, implement, and maintain detection rules and correlation logic in our SIEM platform
• Conduct thorough investigations of security incidents, performing root cause analysis and impact assessments
• Lead incident response efforts, coordinating with relevant teams to contain and mitigate threats
• Create and maintain incident response playbooks and runbooks
• Perform regular threat hunting activities to proactively identify potential security risks
• Develop and refine metrics and reporting to track the effectiveness of detection and response capabilities
• Collaborate with other security teams to improve overall security posture and incident handling processes
• Stay current with emerging threats, attack techniques, and defensive strategies in the cloud-native and AI domains

Basic Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, or a related field
• 3-5 years of experience in security operations, incident response, or a similar role
• Strong understanding of cybersecurity principles, attack techniques, and defensive strategies
• Proficiency in at least one scripting language (e.g., Python, Rust) for automation and tool development
• Experience with SIEM platforms and log analysis tools
• Familiarity with cloud environments (e.g., AWS, GCP, Azure) and their security features
• Knowledge of network protocols, system administration, and common attack vectors
• Strong analytical and problem-solving skills with attention to detail
• Excellent communication skills and ability to work effectively under pressure

Preferred Skills and Experience

• Relevant security certifications (e.g., GCIH, GCIA, SANS)
• Experience with threat intelligence platforms and their integration into detection processes
• Familiarity with AI/ML security implications, particularly those outlined in the OWASP LLM Top 10
• Knowledge of software supply chain security and SBOM analysis
• Experience with containerized environments and Kubernetes security
• Experience in building custom security tools or integrations to enhance detection and response capabilities
• Interest in leveraging AI to improve threat detection and automate response processes
• Contributions to open-source security projects or threat research
• Experience with digital forensics and malware analysis

Compensation and Benefits

$200,000 - $340,000 USD

Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

XML job scraping automation by YubHub

At Anthropic, we are pioneering new frontiers in AI that have the potential to greatly benefit society. However, developing advanced AI also comes with risks if not properly safeguarded. That's why we are seeking an exceptional Detection and Response engineer that will be on the frontlines to build solutions to monitor for threats, rapidly investigate incidents, and coordinate response efforts with other teams. In this role, you will have the opportunity to shape our security capabilities from the ground up alongside our world-class research and security teams.

Responsibilities:

• Lead cybersecurity Incident Response efforts covering diverse domains from external attacks to insider threats involving all layers of Anthropic’s technology stack
• Develop and deploy novel tooling that may leverage Large Language Models to enhance detection, investigation, and response capabilities
• Create and optimise detections, playbooks, and workflows to quickly identify and respond to potential incidents
• Review Incident Response metrics and procedures and drive continuous improvement
• Work cross functionally with other security and engineering teams

You may be a good fit if you:

• 3+ years of software engineering experience, with security experience a plus and/or
• 5+ years of detection engineering, incident response, or threat hunting experience
• A solid understanding of cloud environments and operations
• Experience working with engineering teams in a SaaS environment
• Exceptional communication and collaboration skills
• An ability to lead projects with little guidance
• The ability to pick up new languages and technologies quickly
• Experience handling security incidents and investigating anomalies as part of a team
• Knowledge of EDR, SIEM, SOAR, or related security tools

Strong candidates may also have experience with:

• Experience performing security operations or investigations involving large-scale Kubernetes environments
• A high level of proficiency in Python and query languages such as SQL
• Experience analysing attack behaviour and prototyping high-quality detections
• Experience with threat intelligence, malware analysis, infrastructure as code, detection engineering, or forensics
• Experience contributing to a high growth startup environment

Deadline to apply:

None. Applications will be reviewed on a rolling basis.

Logistics

• Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience.
• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.

How we're different

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills.

XML job scraping automation by YubHub