{"version":"0.1","company":{"name":"YubHub","url":"https://yubhub.co","jobsUrl":"https://yubhub.co/jobs/skill/intrusion-analysis"},"x-facet":{"type":"skill","slug":"intrusion-analysis","display":"Intrusion Analysis","count":2},"x-feed-size-limit":100,"x-feed-sort":"enriched_at desc","x-feed-notice":"This feed contains at most 100 jobs (the most recently enriched). For the full corpus, use the paginated /stats/by-facet endpoint or /search.","x-generator":"yubhub-xml-generator","x-rights":"Free to redistribute with attribution: \"Data by YubHub (https://yubhub.co)\"","x-schema":"Each entry in `jobs` follows https://schema.org/JobPosting. YubHub-native raw fields carry `x-` prefix.","jobs":[{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_21e4422b-13c"},"title":"Security Engineer - Threat Intel","description":"<p>As a Threat Intelligence Engineer at Anthropic, you will be a hands-on practitioner responsible for producing actionable intelligence that drives our detections, hunts, and defensive priorities. You will track the adversaries most likely to target a frontier AI lab, build the tooling and pipelines that turn raw indicators into operational defenses, and work shoulder-to-shoulder with detection engineers and incident responders to make sure intelligence actually changes outcomes.</p>\n<p>Key responsibilities include:</p>\n<ul>\n<li>Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector , producing timely, actionable intelligence for Security Engineering stakeholders</li>\n<li>Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack</li>\n<li>Develop and execute intelligence-driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections</li>\n<li>Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals</li>\n<li>Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near-real-time</li>\n<li>Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships , prioritizing what matters for Anthropic&#39;s threat model</li>\n<li>Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise</li>\n<li>Build and maintain external intelligence-sharing relationships with peer companies, ISACs, and government partners</li>\n</ul>\n<p>You may be a good fit if you:</p>\n<ul>\n<li>Have 5+ years of hands-on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries</li>\n<li>Have deep, demonstrable knowledge of specific nation-state or advanced criminal threat actors , their tooling, infrastructure patterns, tradecraft, and targeting</li>\n<li>Are a strong engineer: you write production-quality Python (or similar), have built automation and data pipelines, and don&#39;t need to hand requirements to someone else to get tooling built</li>\n<li>Are comfortable performing malware analysis, infrastructure analysis (passive DNS, certificate pivoting, netflow), and log analysis to develop and validate your own findings</li>\n<li>Have experience authoring detection logic (YARA, Sigma, Snort/Suricata, or SIEM-native queries) and understand what makes a detection durable vs. brittle</li>\n<li>Can write clearly and concisely , your intelligence products are read and acted on, not filed away</li>\n<li>Have an existing network in the threat intelligence community and a track record of productive bidirectional sharing</li>\n</ul>\n<p>Strong candidates may have:</p>\n<ul>\n<li>Experience defending cloud-native and research-heavy environments (AWS/GCP, Kubernetes, ML infrastructure, developer tooling and supply chain)</li>\n<li>Prior work operating in a threat intelligence role tracking sophisticated or state-sponsored adversaries, where your analysis directly informed detection, threat hunting, and incident response</li>\n<li>Experience applying LLMs or other AI tooling to accelerate intelligence collection, enrichment, and analysis</li>\n<li>Public research, conference talks, or open-source tooling contributions in the CTI space</li>\n</ul>\n<p style=\"margin-top:24px;font-size:13px;color:#666;\">XML job scraping automation by <a href=\"https://yubhub.co\">YubHub</a></p>","url":"https://yubhub.co/jobs/job_21e4422b-13c","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Anthropic","sameAs":"https://www.anthropic.com/","logo":"https://logos.yubhub.co/anthropic.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/anthropic/jobs/5195705008","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$320,000-$405,000 USD","x-skills-required":["Python","Cyber threat intelligence","Threat hunting","Intrusion analysis","Malware analysis","Infrastructure analysis","Log analysis","Detection logic","YARA","Sigma","Snort/Suricata","SIEM-native queries"],"x-skills-preferred":["Cloud-native environments","Research-heavy environments","Kubernetes","ML infrastructure","Developer tooling and supply chain","LLMs or other AI tooling"],"datePosted":"2026-04-24T13:11:06.052Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"New York City, NY; Remote-Friendly (Travel-Required) | San Francisco, CA | Washington, DC; San Francisco, CA | New York City, NY"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Python, Cyber threat intelligence, Threat hunting, Intrusion analysis, Malware analysis, Infrastructure analysis, Log analysis, Detection logic, YARA, Sigma, Snort/Suricata, SIEM-native queries, Cloud-native environments, Research-heavy environments, Kubernetes, ML infrastructure, Developer tooling and supply chain, LLMs or other AI tooling","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":320000,"maxValue":405000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_7a6b54d5-0a5"},"title":"Security Engineer - Threat Intel","description":"<p><strong>About the Role:</strong></p>\n<p>Anthropic sits at the frontier of AI development, making us a prime target for nation-state and advanced criminal actors. As a Threat Intelligence Engineer, you&#39;ll produce actionable intelligence that drives our detections, hunts, and defensive priorities.</p>\n<p><strong>Responsibilities:</strong></p>\n<ul>\n<li>Research, track, and report on threat actors and campaigns targeting AI labs, cloud infrastructure, and the broader technology sector</li>\n<li>Build and maintain tooling and automated pipelines to collect, enrich, correlate, and operationalize indicators of compromise into our detection and alerting stack</li>\n<li>Develop and execute intelligence-driven threat hunts across endpoint, cloud, identity, and SaaS telemetry, and turn findings into durable detections</li>\n<li>Perform technical analysis of malware, phishing infrastructure, and attacker tooling to extract indicators, TTPs, and attribution signals</li>\n<li>Partner with Detection Engineering and Incident Response to translate intelligence into detection rules, hunting hypotheses, and incident context in near-real-time</li>\n<li>Curate and triage inbound intelligence from commercial feeds, open source, government, and trusted peer relationships</li>\n<li>Contribute to threat models and risk assessments that inform security architecture and defensive investment across the enterprise</li>\n<li>Build and maintain external intelligence-sharing relationships with peer companies, ISACs, and government partners</li>\n</ul>\n<p><strong>You may be a good fit if you:</strong></p>\n<ul>\n<li>Have 5+ years of hands-on experience in cyber threat intelligence, threat hunting, or intrusion analysis at an organization facing sophisticated adversaries</li>\n<li>Have deep, demonstrable knowledge of specific nation-state or advanced criminal threat actors</li>\n<li>Are a strong engineer with experience writing production-quality Python and building automation and data pipelines</li>\n<li>Are comfortable performing malware analysis, infrastructure analysis, and log analysis</li>\n<li>Have experience authoring detection logic and understanding what makes a detection durable vs. brittle</li>\n<li>Can write clearly and concisely</li>\n<li>Have an existing network in the threat intelligence community</li>\n</ul>\n<p><strong>Strong candidates may have:</strong></p>\n<ul>\n<li>Experience defending cloud-native and research-heavy environments</li>\n<li>Prior work operating in a threat intelligence role tracking sophisticated or state-sponsored adversaries</li>\n<li>Experience applying LLMs or other AI tooling to accelerate intelligence collection, enrichment, and analysis</li>\n<li>Public research, conference talks, or open-source tooling contributions in the CTI space</li>\n</ul>\n<p><strong>Logistics</strong></p>\n<ul>\n<li>Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience</li>\n<li>Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience</li>\n<li>Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position</li>\n<li>Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time</li>\n<li>Visa sponsorship: We do sponsor visas!</li>\n</ul>\n<p style=\"margin-top:24px;font-size:13px;color:#666;\">XML job scraping automation by <a href=\"https://yubhub.co\">YubHub</a></p>","url":"https://yubhub.co/jobs/job_7a6b54d5-0a5","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Anthropic","sameAs":"https://www.anthropic.com/","logo":"https://logos.yubhub.co/anthropic.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/anthropic/jobs/5195705008","x-work-arrangement":"hybrid","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":"$320,000-$405,000 USD","x-skills-required":["Python","Cyber threat intelligence","Threat hunting","Intrusion analysis","Malware analysis","Infrastructure analysis","Log analysis","Detection logic","LLMs","AI tooling"],"x-skills-preferred":[],"datePosted":"2026-04-24T12:14:24.312Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"New York City, NY; Remote-Friendly (Travel-Required) | San Francisco, CA | Washington, DC; San Francisco, CA | New York City, NY"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Python, Cyber threat intelligence, Threat hunting, Intrusion analysis, Malware analysis, Infrastructure analysis, Log analysis, Detection logic, LLMs, AI tooling","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":320000,"maxValue":405000,"unitText":"YEAR"}}}]}