Anthropic
Anthropic

Threat Collections Engineer

engineeringfull-timeRemote-Friendly (Travel-Required) | San Francisco, CA | Washington, DC
SALARY
Not specified
WORK TYPE
remote
JOB TYPE
full-time
INDUSTRY
ai
Apply for this position →
✦ AutoApply — Let us apply to roles like this on your behalf.
Learn more →

About the role

About Anthropic

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About the Role

We are looking for a Threat Collections Engineer to join our Threat Intelligence team. In this role, you will build the infrastructure that powers our threat discovery capabilities—integrating external data sources, developing detection systems for automated lead generation, and creating internal tooling that scales our investigators' impact.

This is a foundational engineering role on a small, high-impact team. You will take projects from proof-of-concept to production, work closely with investigators to understand their needs, and help scale what may become a multi-person collections function.

Responsibilities

  • Build automated detection systems that use disparate signals to identify abusive behavior
  • Take systems from idea to proof-of-concept to production-grade with appropriate monitoring, documentation, and maintenance processes
  • Develop and maintain YARA rule infrastructure, including tools for writing, validating, and testing rules against real data
  • Create integrations with external threat intelligence platforms (e.g. VirusTotal, Censys, Urlscan) via MCP servers to enable multi-source correlation during investigations
  • Build data pipelines that ingest intelligence from RSS feeds, CTI news sources, and partner sharing, using Claude to extract TTPs and generate targeted hunting queries
  • Develop behavioral analytics capabilities using DBT-based frameworks and create searchable audit logging infrastructure
  • Establish feedback loops with investigators to tune detection systems and reduce false positives
  • Scrape and normalize data from external sources to feed threat detection and enrichment workflows

You May Be a Good Fit If You

  • Have strong coding proficiency in Python and SQL for building detection logic, data pipelines, and automation
  • Have experience with data pipeline orchestration tools (Airflow, DBT, or similar)
  • Have familiarity with threat intelligence concepts including IOCs, YARA rules, and threat correlation techniques
  • Have experience integrating external APIs and building data ingestion systems
  • Can translate investigator needs and workflows into technical requirements
  • Are comfortable building v0 systems and iterating based on user feedback
  • Have strong communication skills for working closely with non-engineering stakeholders
✦ Let us apply for you
We find roles like this and apply on your behalf. Cover letter written for each one. $14.44/mo.
Start AutoApply →
Apply now →