Senior Threat Intelligence Solutions Engineer

Company Description

Anomali is headquartered in Silicon Valley and is the Leading AI‑Powered Security Operations Platform that is modernizing security operations. At the center of it is an omnipresent, intelligent, and multilingual Anomali Copilot that automates key workflows and empowers your team to deliver critical threat insights to leadership in seconds.

Anomali unifies ETL, SIEM, XDR, SOAR, and the world’s largest repository of global intelligence into a single, cloud‑native platform that improves detection, speeds investigations, and reduces costs at scale.

Do more with less. Be Different.
Be the Anomali.

Learn more at

The Senior Threat Intelligence Solutions Engineer is a hybrid technical role responsible for conducting novel threat research, transforming intelligence into actionable detections and engineering outcomes, and serving as a trusted asset to customers. This individual operates at the intersection of intelligence analysis, detection engineering, and professional services—bridging research findings with real‑world security operations and customer environments. The role requires deep expertise in adversary tradecraft, strong engineering skills, and the ability to clearly communicate complex threats to both technical and executive audiences.

• Conduct original, in‑depth threat research on advanced adversaries, emerging malware, attack techniques, and evolving TTPs.
• Analyze attacker behavior across the kill chain, including infrastructure, tooling, operational security, and monetization models.
• Contribute to strategic and tactical understanding of threat actor campaigns and trends.

• Author and publish high‑quality intelligence products for the customer community.
• Translate research into clear, consumable outputs for defenders, SOC teams, and executive stakeholders.
• Participate in public‑facing thought leadership as appropriate (blogs, briefings, webinars, or conference content).

• Design, develop, and maintain high‑fidelity detections aligned to adversary behaviors and techniques.
• Validate detections against real‑world attack data and ensure operational effectiveness with minimal false positives.
• Collaborate with engineering and product teams to operationalize intelligence into platform capabilities.

• Serve as a customer‑facing technical expert, providing intelligence products, detection engineering and otherwise augmenting their capabilities.
• Advise customers on threat modeling, detection strategy, and intelligence‑driven security improvements.
• Build trusted relationships with customers by delivering credible, actionable, and timely products and services.

• Partner closely with product managers, engineers, customer support, and customer success teams to improve customer outcomes and product quality.
• Mentor junior analysts and engineers, providing guidance on research methods, detection development, and analytical rigor.
• Help shape threat intelligence strategy, research priorities, and best practices across the organization.

• Bachelor’s degree in Computer Science or an additional 3 years of relevant experience in lieu of degree.
• Minimum of 5 years of experience and expertise in broad cyber threat intelligence, detection engineering and identifying emerging threats or trends, along with query design and automation.
• Strong understanding of attacker tactics, techniques, and procedures (TTPs) across multiple threat domains.
• Hands‑on expertise developing threat detections using query languages, rules engines, or behavioral analytics and collaborating internally to automate/operationalize them.
• Proven ability to conduct and communicate original threat research and experience publishing high quality intelligence products.
• Excellent written and verbal communication skills, including customer‑facing presentations.
• Experience engaging directly with enterprise security teams and executive stakeholders as an advisor on threat modeling, detection strategy, and…