Skip to content
AnthropicAnthropicSan Francisco, CA

Staff+ Application Security Engineer

Staff Application Security Engineer focused on M&A due diligence and secure integration of acquired codebases and systems at Anthropic. Lead security assessments, risk readouts, post-close remediation and automation using Claude, while contributing to core AppSec work. Requires 7+ years AppSec experience, rapid codebase assessment skills, and coding ability.

320k – 485k
Hybrid7+ YOESecurity Engineering

About the role

Key Responsibilities

  • Lead pre-close security due diligence on prospective acquisitions: coordinate external penetration testing, threat-model architecture, assess security controls, and deliver security risk readout for leadership.
  • Drive post-close security integration: implement static/dynamic analysis, track remediation of high/critical issues, integrate into bug bounty, and onboard to automated vulnerability systems.
  • Coordinate with adjacent security teams (supply chain, cloud, corporate, detection & response) on integration aspects.
  • Work with diverse stakeholders including corporate development, legal, security leadership, internal engineering teams, and external counterparts at target companies; translate and keep security workstreams legible.
  • Formalize and scale M&A security playbook (risk-scoring, runbooks, checklists) and automate with Claude-powered tooling.
  • Participate in on-run rotation for bug bounty, launch consults, and incident response (with adjustments during active deals).
  • Contribute to core AppSec projects between deals, including secure design reviews, threat modeling for agentic systems, and security automation.

Minimum Qualifications

  • Hands-on application and infrastructure security experience, including cloud and containerized environments.
  • Ability to rapidly assess unfamiliar codebases or architectures and produce clear, prioritized risk assessments for non-security audiences.
  • Production-quality coding in at least one of: Python, Go, Rust, or TypeScript.
  • Practical threat-modeling and vulnerability identification skills with experience finding and reasoning about real bugs.
  • Comfort with high autonomy, ambiguity, and confidential contexts.
  • Clear written and verbal communication across executives, legal, corporate development, and engineering audiences.

Preferred Qualifications

  • 7+ years in application security, security consulting, or security architecture.
  • Prior M&A security due diligence, third-party assessment, or technical due diligence experience.
  • Experience standing up/scaling SAST/DAST, bug bounty, or vulnerability management across codebases.
  • Track record building security automation/tooling.
  • Familiarity using LLMs as core part of security workflow.
  • Experience securing agentic, code-execution, or LLM-integrated systems.

Minimum Education

Bachelor’s degree or equivalent combination of education, training, and/or experience in a relevant field.

Skills

Application SecurityThreat ModelingPythonGoRustTypeScriptCloud SecurityContainer SecuritySASTDASTBug BountyVulnerability ManagementLLMsSecurity Automation
OpenAI

Staff Security Reliability Engineer

OpenAISan Francisco, CA

Senior technical owner designing, building, and operating secure, reliable infrastructure-as-code platforms for identity, access, and shared services. Requires 10+ years of hands-on SRE experience in high-reliability on-prem/hybrid environments.

293k – 385k
Hybrid10+ YOESecurity Engineering
Notion

Software Engineer, Security

NotionSan Francisco, CA

Security engineer owning cross-cutting auth, authorization, and AI guardrail programs across product and infrastructure. Requires 10+ years shipping security-critical infrastructure and experience with AI/LLM protections.

290k – 350k
Hybrid10+ YOESecurity Engineering
Envoy

Member of Technical Staff, SecOps & Threat Detection Engineer

EnvoySan Francisco, CA

Staff Security Engineer owning threat detection, SIEM architecture, and security operations for cloud, apps, and endpoints. Requires 6+ years in security/SRE/infra engineering with experience building detection-as-code, endpoint monitoring (SentinelOne), and driving MTTD/MTTR improvements in AWS environments.

265k – 310k
On-site7+ YOESecurity Engineering
Replit

Staff Software Engineer, Fraud

ReplitFoster City, CA

Build and operate AI-powered fraud/abuse detection systems defending Replit's platform from phishing, cryptomining, account takeover, and LLM abuse. Requires 8+ years in security/anti-abuse, Python/TypeScript, SQL at scale, and ML/LLM classifier experience.

250k – 315k
Hybrid8+ YOESecurity Engineering
Replit

Staff Software Engineer, Risk

ReplitFoster City, CA

Build and operate AI-powered abuse detection systems that defend Replit's platform from phishing, cryptomining, LLM token farming, and other attacks. Own end-to-end detection, investigation, and automated response across millions of daily actions.

250k – 315k
Hybrid8+ YOESecurity Engineering