# Commercial Counsel, Infrastructure Security **Company:** [Anthropic](https://hotfix.jobs/companies/anthropic) **Location:** New York, NY, San Francisco, CA, Seattle, WA, Washington, DC **Salary:** $320K-$385K **Experience:** 10+ years **Skills:** Nist, ISO 27001, SOC 2, Cfius, Ndaa §889, Chips Act, Bis/Ear, Secure Supply Chain, Physical Security, Access Control **Posted:** 2026-05-07 > Provides legal counsel on infrastructure security contracts, including physical facility, hardware supply-chain, and network security for AI compute infrastructure. Partners with security, procurement, and other teams to ensure compliance with regulations like NDAA, CFIUS, and NIST frameworks. Requires JD and 10+ years experience in critical infrastructure security law. ## Job Description ## Responsibilities - Draft and negotiate security design-basis and site-hardening specifications in build-to-suit, lease, and colo agreements (perimeter, access control, CCTV, intrusion detection); guard-force statements of work, post orders, and KPI regimes; visitor, contractor, and badging policy; and security clauses in shared-campus and multi-tenant arrangements - Own provenance, anti-tamper, and chain-of-custody warranties in silicon, ODM, and OEM paper; trusted-supplier and country-of-origin restrictions; NDAA §889/§5949 and CHIPS-Act guardrail flow-downs; BIS/EAR advanced-computing and semiconductor export-control flow-downs and end-use/end-user certifications; firmware integrity, secure-boot, and golden-image escrow terms; secure logistics; counterfeit-part and grey-market controls; and secure decommissioning and certified media-destruction terms - Draft security schedules in carrier and fiber agreements (encryption-in-transit, route integrity, lawful-intercept handling), and security obligations in peering agreements - Set background-screening, training, and badge-revocation requirements for vendor and contractor personnel with site or hardware access, and flow Anthropic personnel-security standards into guard-force, security-integrator, and EPC vendor MSAs - Support CFIUS and outbound-investment screening on infrastructure vendors and sites, provide NIST/ISO/SOC 2 physical-control evidence for customer and auditor assurance in partnership with security teams; and support security representations in customer contracts that reference physical infrastructure with Commercial Legal - Work closely with specialized outside counsel, ensuring their work product aligns with Anthropic’s security and commercial objectives - Build the function: develop and maintain the security-schedule library, design-basis templates, advise on vendor security questionnaire templates, and negotiation playbooks; train Procurement, Datacenter, and Network teams to apply them at scale - Serve as direct counsel to the CSO’s infrastructure-security organization, coordinating with Product Legal and Litigation on incident response, threat intelligence, law-enforcement and intelligence-community engagement, insider-threat governance, and model-weight security policy under Anthropic’s Responsible Scaling Policy - Escalate novel structures or terms that create downstream risk for Anthropic’s security posture or operational flexibility; ensure security requirements accommodate AI-specific threats including hardware tamper, supply-chain interdiction, and high-value-target facility risk - Monitor and assess the evolving regulatory landscape affecting security and data protection, identifying higher-risk obligations for the business and partnering with security to operationalize them through policies, controls, and compliance programs - Advise on risk assessments, risk acceptance decisions, and reporting to leadership and the board; and review remediation commitments arising from assessments, customer audits and regulator inquiries ## Minimum Qualifications - JD and active membership in at least one U.S. state bar - Fluency in security design-basis specifications, guard-force and access-control contracting, and how security schedules interact with build-to-suit, colo, procurement, and carrier agreements - Experience with NDAA §889/§5949, CHIPS-Act guardrails, CFIUS/outbound-investment screening, and trusted-supplier or country-of-origin programs - Comfort with NIST, ISO 27001, and SOC 2 physical-control frameworks and the evidence and attestation process that supports customer and auditor assurance - Ability to coordinate effectively with multiple internal legal teams, and specialized outside counsel while maintaining strategic direction - Strong judgment about when contractual security terms create downstream risk for Anthropic’s security posture, audit position, or operational flexibility - Effective collaboration skills for working with the CSO’s organization, procurement, datacenter, and network teams - Communication skills that translate security and supply-chain-integrity concepts into clear risk assessments for business stakeholders - Genuine interest in infrastructure security and appreciation for why physical, hardware, and network security is mission-critical for frontier AI ## Preferred Qualifications - At least 10-12 years of relevant legal experience with meaningful exposure to physical and facility security contracting, hardware and supply-chain security, network security schedules, or security regulatory and assurance work for critical infrastructure - In-house experience at cloud service providers, hyperscalers, defense and aerospace primes, telecom carriers, utilities, semiconductor companies, or datacenter operators supporting physical-security, supply-chain-security, or security-assurance programs; or U.S. government experience at DoD, DHS/CISA, BIS, or CFIUS staff - Experience at large technology companies with first-party datacenter or hardware programs supporting security contracting from the buy side - Law firm experience at practices with national-security, supply-chain, or critical-infrastructure specialization, particularly those who have worked on NDAA §889, CFIUS, or trusted-supplier matters - Prior involvement in transactions requiring sophisticated understanding of secure logistics, chain-of-custody, firmware integrity, and certified media destruction - Familiarity with CCTV/biometrics privacy regimes, executive-protection contracting, and the contractual layer of insider-risk programs - Ability to obtain and maintain a U.S. security clearance **Apply:** https://hotfix.jobs/jobs/commercial-counsel-infrastructure-security-at-anthropic-ca75ae0b-c0a8-4d0b-9aa2-57d8aa5d361b **Canonical:** https://hotfix.jobs/jobs/commercial-counsel-infrastructure-security-at-anthropic-ca75ae0b-c0a8-4d0b-9aa2-57d8aa5d361b