Staff Application Security Engineer focused on M&A due diligence and secure integration of acquired codebases and systems at Anthropic. Lead security assessments, risk readouts, post-close remediation and automation using Claude, while contributing to core AppSec work. Requires 7+ years AppSec experience, rapid codebase assessment skills, and coding ability.
320k – 485k
Hybrid7+ YOESecurity Engineering
About the role
Key Responsibilities
Lead pre-close security due diligence on prospective acquisitions: coordinate external penetration testing, threat-model architecture, assess security controls, and deliver security risk readout for leadership.
Drive post-close security integration: implement static/dynamic analysis, track remediation of high/critical issues, integrate into bug bounty, and onboard to automated vulnerability systems.
Coordinate with adjacent security teams (supply chain, cloud, corporate, detection & response) on integration aspects.
Work with diverse stakeholders including corporate development, legal, security leadership, internal engineering teams, and external counterparts at target companies; translate and keep security workstreams legible.
Formalize and scale M&A security playbook (risk-scoring, runbooks, checklists) and automate with Claude-powered tooling.
Participate in on-run rotation for bug bounty, launch consults, and incident response (with adjustments during active deals).
Contribute to core AppSec projects between deals, including secure design reviews, threat modeling for agentic systems, and security automation.
Minimum Qualifications
Hands-on application and infrastructure security experience, including cloud and containerized environments.
Ability to rapidly assess unfamiliar codebases or architectures and produce clear, prioritized risk assessments for non-security audiences.
Production-quality coding in at least one of: Python, Go, Rust, or TypeScript.
Practical threat-modeling and vulnerability identification skills with experience finding and reasoning about real bugs.
Comfort with high autonomy, ambiguity, and confidential contexts.
Clear written and verbal communication across executives, legal, corporate development, and engineering audiences.
Preferred Qualifications
7+ years in application security, security consulting, or security architecture.
Prior M&A security due diligence, third-party assessment, or technical due diligence experience.
Experience standing up/scaling SAST/DAST, bug bounty, or vulnerability management across codebases.
Track record building security automation/tooling.
Familiarity using LLMs as core part of security workflow.
Experience securing agentic, code-execution, or LLM-integrated systems.
Minimum Education
Bachelor’s degree or equivalent combination of education, training, and/or experience in a relevant field.
Senior technical owner designing, building, and operating secure, reliable infrastructure-as-code platforms for identity, access, and shared services. Requires 10+ years of hands-on SRE experience in high-reliability on-prem/hybrid environments.
293k – 385k
Hybrid10+ YOESecurity Engineering
Software Engineer, Security
NotionSan Francisco, CA
Security engineer owning cross-cutting auth, authorization, and AI guardrail programs across product and infrastructure. Requires 10+ years shipping security-critical infrastructure and experience with AI/LLM protections.
290k – 350k
Hybrid10+ YOESecurity Engineering
Member of Technical Staff, SecOps & Threat Detection Engineer
EnvoySan Francisco, CA
Staff Security Engineer owning threat detection, SIEM architecture, and security operations for cloud, apps, and endpoints. Requires 6+ years in security/SRE/infra engineering with experience building detection-as-code, endpoint monitoring (SentinelOne), and driving MTTD/MTTR improvements in AWS environments.
265k – 310k
On-site7+ YOESecurity Engineering
Staff Software Engineer, Fraud
ReplitFoster City, CA
Build and operate AI-powered fraud/abuse detection systems defending Replit's platform from phishing, cryptomining, account takeover, and LLM abuse. Requires 8+ years in security/anti-abuse, Python/TypeScript, SQL at scale, and ML/LLM classifier experience.
250k – 315k
Hybrid8+ YOESecurity Engineering
Staff Software Engineer, Risk
ReplitFoster City, CA
Build and operate AI-powered abuse detection systems that defend Replit's platform from phishing, cryptomining, LLM token farming, and other attacks. Own end-to-end detection, investigation, and automated response across millions of daily actions.