A

Threat Collections Engineer

Anthropic
1 month ago
Full-time
Remote
Worldwide
Remote Cybersecurity

About Anthropic

Anthropicโ€™s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About the Role

We are looking for a Threat Collections Engineer to join our Threat Intelligence team. In this role, you will build the infrastructure that powers our threat discovery capabilitiesโ€”integrating external data sources, developing detection systems for automated lead generation, and creating internal tooling that scales our investigators' impact.

This is a foundational engineering role on a small, high-impact team. You will take projects from proof-of-concept to production, work closely with investigators to understand their needs, and help scale what may become a multi-person collections function.

Responsibilities:

  • Build automated detection systems that use disparate signals to identify abusive behavior.ย 
  • Take systems from idea to proof-of-concept to production-grade with appropriate monitoring, documentation, and maintenance processes
  • Develop and maintain YARA rule infrastructure, including tools for writing, validating, and testing rules against real data
  • Create integrations with external threat intelligence platforms (e.g. VirusTotal, Censys, Urlscan) via MCP servers to enable multi-source correlation during investigations
  • Build data pipelines that ingest intelligence from RSS feeds, CTI news sources, and partner sharing, using Claude to extract TTPs and generate targeted hunting queries
  • Develop behavioral analytics capabilities using DBT-based frameworks and create searchable audit logging infrastructure
  • Establish feedback loops with investigators to tune detection systems and reduce false positives
  • Scrape and normalize data from external sources to feed threat detection and enrichment workflows

You may be a good fit if you:

  • Have strong coding proficiency in Python and SQL for building detection logic, data pipelines, and automation
  • Have experience with data pipeline orchestration tools (Airflow, DBT, or similar)
  • Have familiarity with threat intelligence concepts including IOCs, YARA rules, and threat correlation techniques
  • Have experience integrating external APIs and building data ingestion systems