Key responsibilities include:

• Leveraging multiple data sources to identify modern evolving threats and developing new detection and response approaches
• Creating and operating high-fidelity detections mechanisms that drive efficient, effective, and repeatable response
• Owning, operating, and automating detection and response workflows to enable the team to focus on strategic objectives
• Leading information security response activities for the firm
• Working across business and technology teams to deliver positive outcomes across the firm

Requirements include:

• A bachelor's or master's degree in computer science or cyber security with a strong IT background or equivalent demonstrable experience
• 3 years' experience working in a security engineering role, with financial industry experience preferred
• Experience in creating detections in modern query languages (KQL, SQL, SPL)
• Possession of security certifications (Security+, OSCP, CISSP, CEH, GCIA, GCIH)
• Experience with modern security tooling across security domains; network, endpoint, data, identity, and cloud
• Experience in standard enterprise technology stack, including Active Directory, Entra, Group Policy, Intune, DNS, TCP/IP, PKI, Microsoft 365, Windows, Linux, MacOS, etc.
• Ability to handle sensitive and/or confidential materials with appropriate discretion
• Required scripting, development, and automation skills using PowerShell or Python and proficient development tools
• Experience in OSINT, threat hunting, and analysing malicious emails
• Ability to prioritise in a fast-moving, high-pressure, constantly changing environment

XML job scraping automation by YubHub

You will design, build, and maintain detections that identify malicious activity across Stripe's infrastructure, applications, and cloud environments.

Responsibilities

• Design, build, and tune high-fidelity detections across modern SIEM platforms, covering adversary TTPs across the full attack lifecycle
• Develop detection hypotheses by researching TTPs, identifying evidence sources, and determining detection opportunities across available telemetry
• Conduct hypothesis-driven threat hunts to identify malicious activity, uncover detection gaps, and validate security controls
• Perform malware analysis and reverse engineering to extract indicators and inform detection strategies
• Build network-based detections (flow, pcap, protocol analysis) and endpoint-based detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux, and macOS
• Partner with Threat Intelligence to operationalize intel reports into detections, hunting leads, and enrichment logic
• Collaborate with IR, SOC, and offensive security teams to validate and refine detections based on real-world incidents and red team exercises
• Build data pipelines, automation, and tooling that enable detection-as-code practices and scalable deployment
• Map detection coverage to MITRE ATT&CK, identifying and prioritizing gaps across key attack surfaces
• Lead projects, mentor teammates, and champion quality standards within the team

Requirements

• 5+ years of experience in detection engineering, threat hunting, or security operations
• Demonstrated experience writing detection logic in modern SIEM platforms (e.g., Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Microsoft Sentinel)
• Strong understanding of adversary tradecraft across the attack lifecycle: initial access, privilege escalation, lateral movement, defense evasion, persistence, and exfiltration
• Ability to extract TTPs from threat intelligence reports and translate them into detection opportunities
• Experience developing network-based and endpoint-based detections across multiple OS platforms (Windows, Linux, macOS)
• Experience analyzing telemetry across endpoint, network, cloud (AWS/GCP/Azure), identity, and application log sources
• Proficiency in detection/query languages (SPL, KQL, EQL, YARA-L, SQL) and programming (Python or similar)
• Strong communication skills with the ability to document detection logic and explain findings to technical and non-technical audiences
• Adversarial mindset , understanding how attackers operate to build detections that catch real-world threats

Preferred Qualifications

• Experience in detection engineering or threat hunting within fintech, financial services, or highly regulated environments
• Background in malware analysis, reverse engineering, or threat research
• Experience with purple team operations , collaborating with offensive security to validate detections
• Familiarity with big data platforms (Databricks, Trino, PySpark) for large-scale log analysis
• Proficiency with AI/LLM-assisted development tools (Claude Code, Cursor, GitHub Copilot) applied to detection workflows
• Interest in agentic automation , using LLMs to augment hunting, tuning, or triage
• Experience with detection validation tools (Atomic Red Team, ATT&CK Evaluations)
• Contributions to open-source detection content, research, or conference presentations
• Relevant certifications such as HTB CDSA, GCIH, GCFA, GNFA, OSCP, TCM PMAT, or GREM

XML job scraping automation by YubHub

You'll perform penetration testing, conduct threat modeling, and provide guidance to engineering teams on secure design and best practices. This role also involves developing security tooling, researching emerging threats, and contributing to the continuous improvement of CoreWeave's overall security posture.

Some of what you'll work on:

• Perform penetration testing as well as purple and red team exercises.
• Conduct threat modeling, code reviews, and design reviews for development teams.
• Research new attack techniques and develop strategies to counter them.
• Develop and enforce security best practices and standards, maintaining internal compliance.
• Provide solutions to complex security issues, manage multiple tasks, and prioritize effectively in a fast-paced environment.
• Present technical security information to both technical and non-technical audiences.
• Maintain technical documentation, reports, and security tooling with attention to detail.
• Participate in other security-related initiatives as assigned.

Who You Are:

• 5+ years of experience in offensive information security roles.
• Proficiency in at least one programming or scripting language (e.g., Go, Python, C/C++) for automation, code reviews, and tooling.
• Hands-on penetration testing experience and familiarity with offensive security tools.
• Strong technical knowledge of Linux operating systems and containerized environments.
• Experience securing Kubernetes and understanding related security practices.
• Able to navigate ambiguity, identify root causes, and solve complex security problems.
• Excellent written and verbal communication skills with strong technical documentation abilities.
• Capable of working independently while managing multiple priorities in a fast-paced environment.
• Strong desire to continuously learn and adopt new technologies and security techniques.

Preferred:

• Experience with firmware reverse engineering, analyzing binaries, bootloaders, and embedded systems for vulnerabilities.
• Relevant certifications such as Sec+, Net+, OSCP, or equivalent.
• Experience with EDR tuning, detections-as-code, or threat hunting as part of a Blue Team.
• Deep understanding of business-wide security best practices and implementation strategies.

Wondering if you're a good fit?

We believe in investing in our people, and value candidates who can bring their own diversified experiences to our teams – even if you aren't a 100% skill or experience match.

Here are a few qualities we've found compatible with our team.

If some of this describes you, we'd love to talk.

• You love hunting vulnerabilities and proactively improving security.
• You're curious about evolving attack vectors and defense strategies.
• You're an expert in offensive security techniques and tooling, with a passion for safeguarding systems.

Why CoreWeave?

At CoreWeave, we work hard, have fun, and move fast!

We're in an exciting stage of hyper-growth that you will not want to miss out on.

We're not afraid of a little chaos, and we're constantly learning.

Our team cares deeply about how we build our product and how we work together, which is represented through our core values:

• Be Curious at Your Core
• Act Like an Owner
• Empower Employees
• Deliver Best-in-Class Client Experiences
• Achieve More Together

We support and encourage an entrepreneurial outlook and independent thinking.

We foster an environment that encourages collaboration and enables the development of innovative solutions to complex problems.

As we get set for takeoff, the organization's growth opportunities are constantly expanding.

You will be surrounded by some of the best talent in the industry, who will want to learn from you, too.

Come join us!

The base salary range for this role is $165,000 to $242,000.

The starting salary will be determined based on job-related knowledge, skills, experience, and market location.

We strive for both market alignment and internal equity when determining compensation.

In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).

What We Offer

The range we've posted represents the typical compensation range for this role.

To determine actual compensation, we review the market rate for each candidate which can include a variety of factors.

These include qualifications, experience, interview performance, and location.

In addition to a competitive salary, we offer a variety of benefits to support your needs, including:

• Medical, dental, and vision insurance
• 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Ability to Participate in Employee Stock Purchase Program (ESPP)
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption

Our Workplace

While we prioritize a hybrid work environment, remote work may be considered for candidates located more than 30 miles from an office, based on role requirements for specialized skill sets.

New hires will be invited to attend onboarding at one of our hubs within their first month.

Teams also gather quarterly to support collaboration.

California Consumer Privacy Act - California applicants only

CoreWeave is an equal opportunity employer, committed to fostering an inclusive and supportive workplace.

All qualified applicants and candidates will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.

As part of this commitment and consistent with the Americans with Disabilities Act (ADA), CoreWeave will ensure that qualified applicants and candidates with disabilities are provided reasonable accommodations for the hiring process, unless such accommodation would cause an undue hardship.

If reasonable accommodation is needed, please contact: careers@coreweave.com.

Export Control Compliance

This position requires access to export controlled information.

To conform to U.S. Government export regulations applicable to that information, applicant must either be (A) a U.S. person, defined as a (i) U.S. citizen or national, (ii) U.S. lawful permanent resident (green card holder), (iii) refugee under 8 U.S.C. § 1157, or (iv) asylee under 8 U.S.C. § 1158, (B) eligible to access the information under an appropriate export license, or (C) otherwise exempt from the regulations.

Applicant must also comply with all applicable laws and regulations related to the handling and transfer of export-controlled information.

By applying for this position, applicant acknowledges that they have read, understand, and will comply with these requirements.

Failure to comply with these requirements may result in termination of employment, revocation of any security clearances, or other disciplinary action.

Applicant must also agree to undergo a background investigation and obtain any necessary security clearances prior to commencing employment.

Please note that this position is subject to U.S. Government export regulations and may require applicant to sign a non-disclosure agreement (NDA) prior to commencing employment.

Applicant must also agree to comply with all applicable laws and regulations related to the handling and transfer of export-controlled information.

By applying for this position, applicant acknowledges that they have read, understand, and will comply with these requirements.

Failure to comply with these requirements may result in termination of employment, revocation of any security clearances, or other disciplinary action.

Applicant must also agree to undergo a background investigation and obtain any necessary security clearances prior to commencing employment.

Please note that this position is subject to U.S. Government export regulations and may require applicant to sign a non-disclosure agreement (NDA) prior to commencing employment.

XML job scraping automation by YubHub

dbt Labs is the pioneer of analytics engineering, helping data teams transform raw data into reliable, actionable insights. As of February 2025, we’ve grown from an open source project into the leading analytics engineering platform, now used by over 90,000 teams every week, driving data transformations and AI use cases.

We’re backed by top-tier investors including Andreessen Horowitz, Sequoia Capital, and Altimeter. At our core, we believe in empowering data practitioners:

• Reliable, high-quality data is the fuel that propels AI-powered data engineering.
• AI is changing data work, fast. dbt’s data control plane keeps data engineers ahead of that curve.
• We empower engineers to deliver reliable, governed data faster, cheaper, and at scale.

About the Security Team

The mission of the Security Engineering team at dbt Labs is to provide clear, opinionated security guidance and scalable, secure-by-default offerings to engineers for the purpose of securing software development and enabling pragmatic risk decisions at dbt.

Responsibilities

As a Senior Security Operations Engineer on the Detection & Response team, you will strengthen and maintain the company's security posture throughout the threat detection lifecycle from telemetry collection and continuous monitoring through threat detection, incident response, and security event management. You will serve as a subject matter expert for security operations across the dbt Labs' teams and technology infrastructure, including multi-cloud production environments, identity, endpoints, and SaaS technologies.

Key Responsibilities

• Participate in a 24/7 on-call rotation providing coverage for active security incidents, investigations, and security events across our global infrastructure.
• Lead investigation and remediation of security incidents, coordinating cross-functional response efforts to minimize impact and recovery time.
• Play a major role in bootstrapping an end to end D&R alert and investigation pipeline.
• Triage and investigate security alerts from detection tools including Wiz Defend, Crowdstrike, and cloud security platforms to identify genuine threats and reduce false positives.
• Develop and maintain detection rules, runbooks, and response procedures mapped to the company's threat model.
• Automate alert triage workflows and improve mean time to detection and response through tooling and process enhancements, including leveraging AI enrichment and processing.
• Collaborate with Infrastructure and Application Security teams to implement secure-by-design principles and remediate identified security issues.
• Conduct security event analysis to identify policy violations, misconfigurations, and potential attack vectors before they become incidents.
• Partner with our Enterprise Security & Technology team to enhance endpoint security controls and monitoring across endpoints (MacOS laptops & some Windows and Linux-based development environments).
• Design and facilitate tabletop exercises and game days to test detection, response, recovery, and remediation capabilities.
• Contribute to the maturation of the security incident response program through documentation, training, and process improvements.
• Mentor junior security engineers and cross-functional team members on incident handling best practices.

Requirements

• Demonstrated ability to excel in high-pressure situations; we need someone who can make sound decisions during active security incidents and can calmly serve as incident commander with confidence.

Qualifications

• Have 8+ years of professional experience in security-related domains, including at least 4 years in security operations, incident response, threat hunting, or threat detection roles.
• Have demonstrable experience leading security incident investigations and coordinating cross-team response efforts.

What We Offer

• Competitive compensation packages commensurate with experience, including salary, equity, and where applicable, performance-based pay.
• Opportunity to work with a leading analytics engineering platform and contribute to the growth and success of the company.
• Collaborative and dynamic work environment with a team of experienced professionals.
• Opportunities for professional growth and development.

How to Apply

If you are a motivated and experienced security professional looking for a new challenge, please submit your resume and cover letter to [insert contact information]. We look forward to hearing from you!

XML job scraping automation by YubHub

Our team is responsible for functions across corporate security, detection & response, and infrastructure security domains. We perform systems engineering and automation to support those functions. Security Operations is part of our wider Trust & IT organization, which means you will have the opportunity to work closely with Application Security, Corporate Engineering, GRC, and IT.

You will also help build and maintain our team's open-source project Substation and have the opportunity to contribute to the Brex Tech Blog. You'll be part of a team that actively contributes to the wider security community and has a commitment to mentorship and engineering excellence.

We're looking for individuals with a strong background and interest in detecting, responding to, and resolving security incidents and security challenges. You should be comfortable dealing with lots of moving pieces, changing priorities, and new technologies, while having a keen eye for detail.

Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and people across Brex. Building a world-class financial service requires world-class security.

As a Senior Security Operations Engineer, you will:

• Work on a highly cross-functional team to prevent, detect, and respond to security threats across Brex's corporate and cloud environments
• Perform security incident response, investigation, remediation, and documentation, participate in periodic threat hunting and security exercises
• Leading, scoping, and building features, participate in designing, and maintaining tools and systems which support the team's domains – corporate security, detection & response, and infrastructure security
• Collaborating and partnering with engineering and operations teams to drive remediation of security issues, while balancing prioritization of those security issues within SLA and teams' respective backlogs
• Caring about secure system design, valuing building things correctly, an understanding of a MVP approach, and an empathetic mindset when working with others

Requirements:

• Bachelor's degree in Computer Science, Engineering, or related field OR equivalent training/fellowship OR 5+ years work experience
• Experience working in a corporate security, detection & response, or infrastructure security role with responsibilities for security alert triage and security incident response
• Familiarity with CI/CD systems and DevOps workflows (e.g., Buildkite, Flux, Git, Terraform) in cloud environments (e.g., AWS, Azure, GCP)
• Experience with deploying and maintaining some of the security services and tools owned by the team (e.g., SIEM, data pipelines, SOAR, domain monitoring, endpoint tooling, email protection tooling, cloud security tools)
• While not primarily a development role, the team develops and maintains tools written in Go and Python, so experience with coding is required
• You thrive in a collaborative environment filled with a diverse group of people with different expertise and backgrounds

Bonus points:

• Proficiency with Go and other programming languages
• Experience with securing distributed systems in AWS, cloud, and Kubernetes environments
• Contributions to the wider technical community (open source, public research, mentorship, community organizing, blogging, presentations, etc.)

Compensation:

The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate's location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

XML job scraping automation by YubHub

You'll conduct hands-on penetration testing, lead red team engagements, and collaborate with blue team counterparts to validate and improve detection and response capabilities. Your work will directly influence how Stripe builds, ships, and secures financial infrastructure used by millions of businesses worldwide.

Responsibilities:

Conduct comprehensive penetration tests across web applications, APIs, cloud environments (AWS/GCP/Azure), mobile applications, and internal infrastructure.

Plan and execute red team engagements that emulate the TTPs of cyber and criminal threat actors targeting financial services, including initial access, lateral movement, persistence, and data exfiltration scenarios.

Perform assumed-breach and objective-based assessments to test detection and response capabilities in coordination with defensive teams.

Partner with detection engineering, threat intelligence, and incident response teams to validate security controls, identify coverage gaps, and improve detection fidelity.

Contribute adversary tradecraft insights to inform detection rule development, threat hunting hypotheses, and incident response playbooks.

Support incident investigations by providing offensive expertise, log analysis, and root cause analysis when required.

Design, develop, and maintain custom offensive tools, scripts, and automation frameworks to enhance assessment efficiency and coverage.

Build internal platforms and workflows that enable scalable, repeatable offensive operations.

Contribute to internal security tooling repositories and champion engineering best practices within the team.

Automate repetitive testing tasks, payload generation, and reporting workflows using modern development practices.

Produce clear, actionable reports that communicate technical findings, business risk, and remediation guidance to both technical and non-technical stakeholders.

Act as a subject-matter expert and primary point of contact for stakeholder teams engaged in offensive security programs and Stripe-wide security initiatives.

Lead offensive security projects end-to-end, mentor junior team members, and foster a culture of continuous learning and knowledge sharing.

Stay current with emerging threats, vulnerabilities, and attack techniques; share research internally and contribute to the broader security community.

XML job scraping automation by YubHub

In this role, you will have the opportunity to shape our security capabilities from the ground up alongside our world-class research and security teams. You will lead cybersecurity Incident Response efforts covering diverse domains from external attacks to insider threats involving all layers of Anthropic's technology stack.

Key responsibilities include:

• Developing and deploying novel tooling that may leverage Large Language Models to enhance detection, investigation, and response capabilities
• Creating and optimizing detections, playbooks, and workflows to quickly identify and respond to potential incidents
• Reviewing Incident Response metrics and procedures and driving continuous improvement
• Working cross-functionally with other security and engineering teams

Note: This position will require participation in an on-call rotation.

To be successful in this role, you will need:

• 3+ years of software engineering experience, with security experience a plus
• 5+ years of detection engineering, incident response, or threat hunting experience
• A solid understanding of cloud environments and operations
• Experience working with engineering teams in a SaaS environment
• Exceptional communication and collaboration skills
• An ability to lead projects with little guidance
• The ability to pick up new languages and technologies quickly
• Experience handling security incidents and investigating anomalies as part of a team
• Knowledge of EDR, SIEM, SOAR, or related security tools

Strong candidates may also have experience with:

• Performing security operations or investigations involving large-scale Kubernetes environments
• A high level of proficiency in Python and query languages such as SQL
• Analyzing attack behavior and prototyping high-quality detections
• Threat intelligence, malware analysis, infrastructure as code, detection engineering, or forensics
• Contributing to a high-growth startup environment

If you're interested in this role, please submit an application, even if you don't believe you meet every single qualification. We encourage diversity and inclusion in our hiring process.

XML job scraping automation by YubHub

This role is heavily weighted toward detection engineering. You should think in terms of adversary behaviour and telemetry coverage, not just alert triage. You'll own detections end-to-end: from identifying gaps in coverage, through designing and testing detection logic, to tuning and validating in production.

Key Responsibilities:

• Design, build, test, and tune high-fidelity detection rules and analytic queries across endpoint, cloud, network, identity, and DLP telemetry sources

• Develop and maintain detection content using detection-as-code practices including version-controlled logic, automated testing, and CI/CD deployment

• Map detection coverage to MITRE ATT&CK, identify gaps, and prioritise new detection development based on threat intelligence and business risk

• Engineer correlation rules, behavioural analytics, and anomaly-based detections that minimise false positives while surfacing real adversary tradecraft

• Own the detection lifecycle from initial development through production tuning, performance monitoring, and retirement

• Build and operate pipelines to ingest, normalise, enrich, and manage security telemetry at scale across diverse data sources, using Terraform and infrastructure-as-code practices to deploy and maintain logging and detection infrastructure

• Design and maintain log collection, parsing, and enrichment configurations that ensure the right telemetry is available at the right fidelity for detection and investigation

• Evaluate and onboard new telemetry sources as Saronic's infrastructure and threat landscape evolve

• Monitor pipeline health, data quality, and ingestion reliability to ensure detections operate on complete and accurate data

• Develop and manage automated response playbooks in SOAR platforms to accelerate containment and reduce analyst toil

• Build automation that enriches alerts with contextual data, reducing investigation time and improving analyst decision-making

• Support incident response efforts and translate lessons learned into improved detections and playbooks

• Partner with SOC analysts, Cloud Security, Product Security, and IT teams to close visibility and detection gaps across environments

• Collaborate with threat intelligence to ensure detection engineering is informed by current adversary TTPs relevant to defence, maritime, and autonomous systems

Required Qualifications:

• 3+ years of hands-on experience in detection engineering, security operations, security automation, or a closely related security engineering role

• Demonstrated experience designing, testing, and tuning detection rules and analytic queries across production security telemetry (endpoint, cloud, network, identity, or DLP)

• Hands-on experience with SIEM platforms and proficiency with query languages such as SPL, KQL, or equivalent

• Experience building and operating security data pipelines, including log ingestion, normalisation, enrichment, and data quality management

• Understanding of data engineering concepts including ETL pipelines, data modelling, schema design, and indexing as applied to security telemetry

• Hands-on coding experience in Python, PowerShell, Go, or Rust for security automation, detection tooling, or pipeline development, and familiarity with Terraform for managing detection and logging infrastructure as code

• Understanding of MITRE ATT&CK framework and its application to detection coverage and gap analysis

• Ability to obtain and maintain a security clearance

Preferred Qualifications:

• Experience in defence, aerospace, robotics, autonomy, or other high-assurance environments

• Experience with EDR platforms including custom detection rule creation and telemetry analysis

• Experience with cloud-native detection in AWS and Microsoft 365/Azure

• Experience using Terraform to deploy and manage security monitoring infrastructure, log pipeline components, or cloud-native security service configurations

• Hands-on experience with incident response, threat hunting, or adversary emulation

• Exposure to embedded Linux, operational technology, or ICS telemetry and detection

• Familiarity with NIST SP 800-171, NIST SP 800-53, or CMMC and their logging and monitoring requirements

• Relevant certifications such as GCIH, GCIA, GCDA, GSOM, OSDA, or OSCP

Additional Information:

• Benefits: Medical Insurance, Dental and Vision Insurance, Time Off, Parental Leave, Competitive Salary, Retirement Plan, Stock Options, Life and Disability Insurance, Pet Insurance

• This role requires access to export-controlled information or items that require 'U.S. Person' status.

XML job scraping automation by YubHub

Role Summary Mistral AI is looking for a Security Operations Center (SOC) Analyst to monitor, defend and respond to threats across our rapidly evolving AI ecosystem. You will treat security telemetry as the core of our active defense. Your objective is to ensure the continuous security of our diverse environment, spanning IT, Engineering, Science, Compute and Infrastructure by building robust detection mechanisms and moving swiftly from alert to automated response.

Responsibilities • Partner with engineering and platform teams to ensure the comprehensive centralization of security logs across all Mistral environments. • Design, test, and continuously tune high-fidelity alert scenarios and correlation rules to detect anomalous behavior while minimizing alert fatigue. • Operationalize Cyber Threat Intelligence (CTI), monitoring the landscape for threats specific to AI and cloud infrastructure, and integrating actionable intel directly into our detection pipelines. • Conduct rigorous, deep-dive investigations into security alerts, tracking root causes, identifying potential lateral movement, and determining impact. • Drive the lifecycle of security incidents from containment to remediation, and coordinate cross-functional crisis management during high-severity events.

About You • 3+ years of experience in a Security Operations Center (SOC), Incident Response, or Threat Hunting role, ideally within a cloud-native or fast-paced tech environment. • Deep understanding of the threat landscape, the MITRE ATT&CK framework, and the methodologies required to protect high-value infrastructure and intellectual property. • Strong experience writing complex queries (e.g., KQL, Splunk SPL, or similar) and leveraging SIEM platforms to build out correlation rules and detection logic. • Ability to write practical automation scripts in Python or Go to interact with security APIs, enrich alert context, and streamline response workflows. • Proven experience participating in or leading incident response efforts, demonstrating a calm, methodical approach to high-pressure crisis management.

Hiring Process • Introduction call - 30 min • Hiring Manager interview - 30 min • Technical Rounds - Dee-Dive interview - 55 min - Panel interview - 1h15 • Culture-fit discussion - 30 min • References

XML job scraping automation by YubHub

At Anthropic, we are pioneering new frontiers in AI that have the potential to greatly benefit society. However, developing advanced AI also comes with risks if not properly safeguarded. That's why we are seeking an exceptional Detection and Response engineer that will be on the frontlines to build solutions to monitor for threats, rapidly investigate incidents, and coordinate response efforts with other teams. In this role, you will have the opportunity to shape our security capabilities from the ground up alongside our world-class research and security teams.

Responsibilities:

• Lead cybersecurity Incident Response efforts covering diverse domains from external attacks to insider threats involving all layers of Anthropic’s technology stack
• Develop and deploy novel tooling that may leverage Large Language Models to enhance detection, investigation, and response capabilities
• Create and optimise detections, playbooks, and workflows to quickly identify and respond to potential incidents
• Review Incident Response metrics and procedures and drive continuous improvement
• Work cross functionally with other security and engineering teams

You may be a good fit if you:

• 3+ years of software engineering experience, with security experience a plus and/or
• 5+ years of detection engineering, incident response, or threat hunting experience
• A solid understanding of cloud environments and operations
• Experience working with engineering teams in a SaaS environment
• Exceptional communication and collaboration skills
• An ability to lead projects with little guidance
• The ability to pick up new languages and technologies quickly
• Experience handling security incidents and investigating anomalies as part of a team
• Knowledge of EDR, SIEM, SOAR, or related security tools

Strong candidates may also have experience with:

• Experience performing security operations or investigations involving large-scale Kubernetes environments
• A high level of proficiency in Python and query languages such as SQL
• Experience analysing attack behaviour and prototyping high-quality detections
• Experience with threat intelligence, malware analysis, infrastructure as code, detection engineering, or forensics
• Experience contributing to a high growth startup environment

Deadline to apply:

None. Applications will be reviewed on a rolling basis.

Logistics

• Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience.
• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.

How we're different

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills.

XML job scraping automation by YubHub