Technical Threat Investigator in Threat Intel Engineering

About the TeamAt OpenAI, security is integral to our mission of ensuring that artificial general intelligence serves the best interests of humanity.Our Threat Intelligence team is dedicated to safeguarding OpenAI’s technology, personnel, research, and infrastructure. We proactively identify and mitigate threats from adversaries aiming to exploit our systems …

Join SoFi as a Senior Cyber Threat Intelligence Engineer, where you will play a crucial role in safeguarding our digital assets. You will analyze threat data, develop actionable intelligence, and collaborate with cross-functional teams to enhance our security posture. Your expertise will be pivotal in identifying and mitigating potential risks while leveraging advanced analytical tools.

Join Cloudflare as a Senior Threat Intelligence Engineer, where you will play a pivotal role in enhancing our security posture by analyzing and mitigating cyber threats. You will collaborate closely with cross-functional teams to develop strategies that protect our global network and safeguard our customers' data. Your expertise will be essential in driving threat intelligence initiatives, ensuring that we remain ahead of emerging threats.

Join Cloudflare’s Solutions Engineering team as a Threat Advisory Engineer, where you will play a pivotal role in providing expert insights and strategies to help our clients navigate the complexities of cybersecurity threats. You will engage directly with clients to understand their unique challenges and deliver tailored solutions that enhance their security posture.Your contributions will be vital in building trust and confidence among our clients as we work together to combat evolving threats in the digital landscape.

Join Cloudflare as a Senior Threat Researcher, specializing in the East Asia region. In this role, you will leverage your expertise to identify and analyze emerging threats, contribute to the development of threat intelligence, and collaborate with cross-functional teams to enhance our security posture. Your insights will directly influence product development and the strategic direction of our security initiatives.

Founded in 2007, Airbnb has transformed the way people travel, connecting over 5 million hosts with more than 2 billion guest arrivals worldwide. Our platform offers unique stays and experiences that allow guests to engage with communities in an authentic way.Join Our Community:The Threat Detection and Response (TDR) team at Airbnb is dedicated to automating security detection, managing security incidents, and collaborating with partner teams to enhance incident response capabilities. As a front-line unit, we detect, investigate, and respond to security threats and malicious activities from both internal and external sources.In this pivotal role, you will contribute to our vision for robust threat detection and incident response capabilities. As a key engineer on the team, you will directly influence the development, optimization, and expansion of our security measures, delivering exceptional threat detection and incident response solutions.Your Impact:As an integral member of the TDR team, you will play a vital role in executing innovative strategies for threat detection, containment, and mitigation.You will collaborate with cross-functional partners across the organization to enhance Airbnb's overall security posture by applying insights from investigations and root cause analyses, effectively eliminating entire classes of issues.A Day in Your Role:Conduct thorough investigations of security incidents leveraging your expertise in digital forensics and data analytics.Utilize your coding, data analytics, and investigative skills to proactively hunt for, detect, and respond to threats.Develop automation and detection models to facilitate the identification of anomalous activities and streamline response efforts on a large scale.Engage in threat hunting within our corporate and production environments to proactively spot irregular activities.Collaborate closely with engineering teams to create advanced detection solutions that ensure the safety of systems and information, while working alongside partner teams for complex investigations.Identify infrastructure vulnerabilities and collaborate with business partners to improve visibility through enhanced logging and detection methods.

About Our TeamAt OpenAI, we believe that the development of artificial general intelligence must be conducted in a way that is safe and beneficial for all of humanity. Security is paramount to our mission and underpins every aspect of our work.Our Security team is dedicated to safeguarding OpenAI’s technology, personnel, and products. We adopt a highly technical approach to our creations while maintaining operational excellence in execution. Our core tenets include prioritizing impactful initiatives, empowering our researchers, anticipating future technological advancements, and fostering a robust security culture.About the PositionAs a Security Engineer specializing in insider threat detection and response, you will collaborate with our talented engineers and researchers to build and secure groundbreaking AI technologies. This role emphasizes the identification and mitigation of insider threats, ensuring the protection of OpenAI's most sensitive assets. Key responsibilities will include:Key Responsibilities:Innovate and enhance our detection and response infrastructure to automate comprehensive workflows for detection and investigation.Develop, assess, and refine detection rules to guarantee effective and sustainable operations.Lead projects across OpenAI’s technology landscape focusing on insider threats, including access abuse and intellectual property theft, as well as emerging risks associated with AI infrastructure.Collaborate with cross-functional teams such as HR, Legal, and investigative units, providing technical insights and evidence to support thorough investigations.Engage in pioneering AI research initiatives, leveraging AI to bolster OpenAI’s security framework.Ideal Candidate Profile:A minimum of 5 years of experience in a detection/response or insider risk role; we welcome both mid-level and senior applicants.Proficient in operating systems and platforms, including macOS, Windows, Linux, and Kubernetes, with hands-on experience in cloud infrastructure.Strong knowledge of modern adversarial tactics, data exfiltration methods, and experience in managing and leading incident responses.Demonstrated proficiency in scripting languages such as Python, Bash, or PowerShell.Possess excellent analytical and problem-solving skills, with a keen attention to detail.

The Senior Cyber Threat Intelligence Analyst is integral to the daily functions of our client's cyber threat intelligence team. Collaborating closely with the Team Lead, this role emphasizes the triage of cyber events, proactive threat hunting, and the enhancement of the Security Operations Center (SOC) technology stack. This is a hands-on opportunity for a cybersecurity enthusiast eager to develop leadership skills while directly aiding in the identification and mitigation of cyber threats.Respond to and manage security alerts and incidents in real-time.Conduct thorough analyses of logs, network traffic, and endpoint data to uncover malicious behavior.Provide clear recommendations and escalate critical incidents to the Team Lead and relevant stakeholders.Engage in proactive threat hunting to uncover anomalies, suspicious activities, and sophisticated threats.Contribute to the development of playbooks and use cases addressing emerging attack methodologies.Assist in optimizing and fine-tuning tools such as SIEM, SOAR, and EDR platforms.Create detection rules, automation scripts, and dashboards to boost team productivity.Collaborate on evaluating new technologies and potential integrations.

Join Sofi as a Lead Cyber Threat Intelligence Engineer and play a pivotal role in safeguarding our digital landscape. In this position, you will lead initiatives aimed at identifying, analyzing, and mitigating potential cyber threats, ensuring the safety and integrity of our systems and data.

About the TeamThe Preparedness team plays a crucial role within the Safety Systems organization at OpenAI, adhering to our Preparedness Framework.While frontier AI models promise to bring significant benefits to humanity, they also introduce substantial risks. The Preparedness team is dedicated to ensuring that the development of advanced AI models fosters positive outcomes. Our mission includes identifying, monitoring, and preparing for catastrophic risks associated with these technologies.Key Mission Objectives:Monitor and predict the evolving capabilities of frontier AI systems to identify misuse risks that could significantly impact society.Establish concrete procedures, infrastructure, and partnerships to mitigate these risks and ensure the safe development of powerful AI systems.This fast-paced and impactful role connects capability assessment, evaluations, internal red teaming, and mitigations for frontier models, facilitating coordination on AGI preparedness.About the RoleAs a Threat Modeler, you will spearhead OpenAI's comprehensive approach to identifying, modeling, and forecasting risks from frontier AI systems. Your work will ensure that our evaluation frameworks, safeguards, and classifications are robust, comprehensive, and future-focused. You will help articulate the rationale behind our most stringent risk-prevention strategies, influencing prioritization and mitigation across various domains. This position acts as a central hub, integrating technical, governance, and policy considerations regarding our approach to frontier AI risks.Key ResponsibilitiesDevelop and maintain comprehensive threat models across various misuse areas (biological, cyber, attack planning, etc.).Create plausible threat models addressing loss of control, self-improvement, and other potential risks associated with alignment from frontier AI systems.Forecast risks by merging technical foresight, adversarial simulation, and current trends.Collaborate closely with technical partners on capability evaluations and risk assessments.

About Us:At Ambience Healthcare, we are not just another documentation service; we are pioneering an AI-driven platform that reintroduces humanity into healthcare, creating substantial returns on investment for health systems nationwide.Our innovative technology empowers healthcare providers to concentrate on exceptional patient care by alleviating the administrative burdens that detract from their crucial responsibilities. We provide real-time, coding-aware documentation and clinical workflow assistance across various healthcare settings, including ambulatory, emergency, and inpatient environments, collaborating with the leading health systems in North America.We are committed to delivering the best solutions for our partners, operating with a strong sense of ownership and a culture that values transparency, positivity, and thoughtful discussion. Our team holds each other to high standards because we understand the significance of the challenges we tackle.Recognized as a leader in enhancing clinician experiences by KLAS Research, featured by Fast Company as one of the Next Big Things in Tech, acknowledged by Inc. as one of the best AI companies in healthcare, and listed as a LinkedIn Top Startup for 2024 and 2025, Ambience is backed by prestigious investors including Oak HC/FT, Andreessen Horowitz (a16z), OpenAI Startup Fund, and Kleiner Perkins. Our journey is just beginning.The Role:As a key member of our team, you will spearhead the detection engineering and incident response program within a HIPAA-compliant, AI-driven environment, where the threat landscape includes LLM-powered agents operating across diverse infrastructures. Your responsibilities will include writing production code, architecting security data pipelines, and establishing high standards for detection and response within a rapidly evolving attack surface.This position requires a hybrid work model based in our San Francisco office (3 days per week).What You’ll Own:Detection Engineering: Establish a detection pipeline covering our highest-risk surfaces, including AWS, Kubernetes, Okta, endpoints, and SaaS tools. Create environment-specific detections that ensure reliable alerting for the on-call team.Incident Response: Develop a comprehensive incident response program, including playbooks, escalation processes, evidence collection, and post-mortems. Ensure all procedures are well-documented, practiced, and meet regulatory requirements.

About AbridgeAbridge, established in 2018, is dedicated to enhancing understanding in healthcare. Our innovative AI platform is specifically designed for medical conversations, streamlining clinical documentation processes and allowing clinicians to prioritize patient care.Our advanced technology converts patient-clinician discussions into structured clinical notes in real-time, featuring robust EMR integrations. With our unique Linked Evidence and auditable AI, we stand out as the only company that aligns AI-generated summaries with verified ground truth, enabling healthcare providers to trust and validate our outputs swiftly. As leaders in generative AI for healthcare, we are setting benchmarks for the ethical application of AI within health systems.Our diverse team comprises practicing MDs, AI scientists, PhDs, creatives, technologists, and engineers, all collaborating to empower individuals and enhance healthcare delivery. Our offices are located in San Francisco's Mission District, New York's SoHo neighborhood, and Pittsburgh's East Liberty.The RoleAre you ready to build robust security measures at the forefront of AI in healthcare? We are seeking a highly skilled and motivated Senior or Staff Threat Detection and Response Engineer to join our pioneering Abridge Security Operations team. As one of our initial engineers, you will play a crucial role in elevating the costs for any adversary targeting our organization or our clients.This role demands profound technical knowledge, a builder’s mindset, and exceptional communication abilities to foster a security-centric culture across the organization. This is a greenfield opportunity to shape the future of Threat Detection and Response at Abridge. You will excel here if you are passionate about creating solutions from scratch and recognize that modern security fundamentally revolves around large-scale data and automation challenges.What You’ll DoLead investigations into complex, organization-wide security incidents, establishing best practices across various security domains including log analysis, digital forensics, and malware analysis.Design and implement a strategic roadmap for threat detection capabilities, developing high-fidelity detection systems informed by a deep understanding of advanced threat actor tactics, techniques, and procedures (TTPs).Architect scalable incident response processes while driving automation throughout the entire incident response lifecycle, establishing effective patterns for the organization.Act as a key technical leader and influence security practices organization-wide.

The Cyber Threat Intelligence Team Lead is crucial in establishing and guiding a premier Cyber Intelligence program for a key client at Control Risks. This role entails crafting strategies, enhancing capabilities, and leading a dedicated team of security professionals to proactively identify, assess, and respond to cyber threats.This position encompasses providing technical guidance and administrative oversight on all cybersecurity initiatives, ensuring the safeguarding of the client's systems, networks, and sensitive data. The Team Lead collaborates closely with technology and business stakeholders to integrate security considerations into all planning, development, and operational processes.Collaborate with client stakeholders to build, manage, and expand a Cyber Threat Intelligence Team from inception.Take charge of developing Standard Operating Procedures for threat intelligence operations, tailored to specific client activities and stakeholder needs, including tooling, reporting structures, and incident management outside regular hours.Oversee the management of the most severe and critical cybersecurity incidents, providing support to incident responders with timely reporting, updates, and investigations to facilitate effective incident response and crisis management.Mentor and train threat intelligence analysts, engineers, and threat hunters to enhance their skills and capabilities.Establish operational workflows, escalation protocols, and comprehensive playbooks.Supervise the triage of cybersecurity events, ensuring swift identification, investigation, and remediation.Coordinate incident response activities across IT, Legal, Risk, and other relevant stakeholders.Develop metrics, KPIs, and reporting frameworks to evaluate the effectiveness of the Security Operations Center (SOC).Lead proactive threat hunting initiatives to uncover potential compromises and undetected malicious activities.Integrate threat intelligence into SOC workflows and leverage insights to shape response and prevention strategies.Assess and optimize the client's technology stack, including SIEM, SOAR, EDR, and threat intelligence platforms.Drive ongoing enhancements in detection rules, automation, and response capabilities.Propose emerging tools and processes to elevate operational maturity.Conduct regular check-ins, offer coaching and feedback, manage performance reviews and improvement plans, and support career development for team members.Act as the primary liaison between team members and the ECS program management team, ensuring timely updates on programs and personnel, and maintaining quality control on client deliverables.Collaborate with the Talent Acquisition team in the hiring process to ensure team resources align with client expectations and program requirements.Lead onboarding efforts, manage logistics for offboarding, and ensure operational continuity during transitions.

Join Cloudflare as a Threat Detection and Incident Response Intern for the Summer of 2026! This exciting opportunity is designed for students who are passionate about cybersecurity and eager to learn about detecting and responding to threats in a dynamic environment. You will work alongside experienced professionals, gaining hands-on experience that will enhance your skills and prepare you for a successful career in the field.

Embark on an exciting journey as a Threat Detection and Incident Response Intern at Cloudflare for the summer of 2026. This internship will provide you with the hands-on experience needed to thrive in the field of cybersecurity. You will work closely with our expert team to monitor, analyze, and respond to security incidents while contributing to innovative projects that protect our global network.

SoFi is seeking an experienced and strategic Director of Cyber Threat Intelligence to lead our efforts in identifying and mitigating cyber threats. In this pivotal role, you will head our threat intelligence team, collaborating closely with cross-functional teams to enhance our security posture. You will be responsible for analyzing threat data, providing actionable insights, and developing intelligence reports that inform our security strategies.

Join Anthropic's dynamic Threat Intelligence team as a Technical Cyber Threat Investigator. In this pivotal role, you will focus on identifying, analyzing, and mitigating the misuse of our AI systems in cyber operations. Your expertise will bridge the gap between AI safety and cybersecurity, allowing you to conduct in-depth investigations into potential abuse cases, establish innovative detection methodologies, and develop robust defenses against emerging cyber threats in an ever-evolving landscape. This role plays a vital part in safeguarding our ecosystem from sophisticated threat actors who aim to exploit AI technology for malicious purposes. Please note that this position may involve exposure to sensitive content and requires the ability to respond to escalations during weekends and holidays.

Join SoFi as a Security Product Lead specializing in Threat Intelligence and Insider Risk. In this pivotal role, you will spearhead initiatives that enhance our security posture and protect our assets from internal and external threats. You will collaborate with cross-functional teams to develop and implement innovative security solutions, ensuring the safety and integrity of our operations.

Join our dynamic Threat Intelligence team at Anthropic as a Technical CBRN-E Threat Investigator, where you will play a pivotal role in safeguarding our AI systems from Chemical, Biological, Radiological, Nuclear, and Explosives (CBRN-E) threats. Your expertise in either chemical defense or biodefense will be crucial as you investigate, detect, and disrupt potential misuse of our technology. This position requires a balance of technical skill and analytical prowess to develop innovative detection methods and robust defenses against threat actors. Engage in thorough investigations, analyze complex datasets, and collaborate with various stakeholders to ensure the safety and integrity of our AI systems. Please note that this role may expose you to sensitive content and may require availability during weekends and holidays.

Join Our TeamAt OpenAI, our mission is to ensure that general-purpose artificial intelligence serves the greater good for all humanity. We are committed to the real-world deployment of our technologies and their continuous improvement based on practical usage and potential misuse.The Intelligence and Investigations team plays a critical role in this mission by identifying, examining, and mitigating the misuse of our products, focusing on significant and innovative harms. Our efforts empower partner teams to create data-driven model policies and develop robust safety measures. By gaining a deep understanding of abuse patterns, we help guarantee that OpenAI's products are utilized safely in the creation of impactful and rewarding applications.About the PositionAs a Technical Abuse Investigator within the Intelligence and Investigations team, your primary responsibility will be to detect, investigate, and thwart malicious activities on OpenAI’s platform. You will enhance portions of the investigative process to enable our team to effectively counteract harm on a larger scale. This position uniquely blends traditional investigative acumen with strong technical skills, as much of the work involves navigating intricate datasets to uncover actionable abuse signals, rather than merely reviewing isolated reports.Beyond performing direct investigations, this role is designed to amplify the capabilities of the broader investigations team. You will work on scaling or automating essential yet intricate processes, crafting and implementing lightweight technical solutions—like notebook templates, data pipelines, or internal utilities—that empower specialized investigators to detect, track, and address abuse more effectively than what a single investigator could achieve. Success will not only be measured by the number of investigations completed but also by how efficiently your contributions allow you and your teammates to operate.You will collaborate closely with engineering, legal, investigations, security, and policy partners to address urgent escalations, examine activities that surpass existing safeguards, and translate investigative findings into scalable detection and enforcement strategies.This role will require participation in an on-call rotation to manage urgent escalations beyond standard work hours. Some investigations may involve sensitive content, including sexual, violent, or otherwise disturbing material. This position operates in the PST time zone and is open to remote candidates within the United States, although we have a strong preference for applicants based in San Francisco or New York.