Lead complex security risk initiatives end-to-end, building AI-native risk quantification and automation platforms. Requires 8+ years in software or security engineering with deep expertise across security domains and strong programming skills.
405k – 405k/yr
Hybrid8+ YOESecurity Engineering
About the role
Key responsibilities
Take ownership of Anthropic’s most complex security risk problems and drive them end to end with minimal oversight, turning ambiguous signals into a defensible view of severity and likelihood and seeing them through escalation, treatment decisions, and remediation
Build the systems that make risk measurable and let risk work scale, including quantification tooling, automated intake and triage, and the observability that partner teams use to understand their own risk posture
Work alongside Security Engineering as a calibrated technical peer who pressure tests architectures and treatment plans, translates findings into prioritized remediation roadmaps, and makes the investment case for what to fix now, what to accept and track, and what to defer
Mentor engineers and risk practitioners across Security and the broader engineering organization, and help build a risk engineering culture in which teams own their risks and our team provides the visibility and judgment that supports the Security risk engineering
Work across the breadth of Anthropic’s security landscape, spanning areas like identity and secrets management, developer security and supply chain, infrastructure security, and secure frameworks, and build the context needed to reason about risk credibly in each
Go deep where a risk demands it, understanding how these systems are built and how they fail so that assessments and treatment plans reflect engineering reality rather than abstraction
Risk assessment and quantification
Identify systematic risks through threat modeling and structured assessment, then drive the severity calibration and escalation conversations that follow, bringing leadership a defensible position and a clear recommendation that holds up under pointed questions
Contribute to the team’s quantitative risk work, applying methods such as calibrated estimation and Monte Carlo simulation where they meaningfully change a resource or treatment decision
Risk platform and automation
Design and build AI-native risk tooling that uses Claude to classify incoming risks, augment triage, and continuously sense changes in our risk landscape as teams ship
Create the dashboards and data pipelines that give engineering and product teams real-time visibility into their risk posture and make distributed ownership of risk practical
Remediation strategy and investment
Partner with Security Engineering and risk owners to design remediation roadmaps that are explicit about sequencing, ownership, and the investment required
Measure outcomes rather than activity, focusing on decisions made and risk reduced
Minimum qualifications
At least 8 years of software engineering or security engineering experience, including leading and remediating complex security risks independently
Bachelor’s degree in a related field or equivalent experience
Strong programming skills in Python or at least one systems language such as Go, Rust, or C/C++
Broad knowledge across the core security engineering domains, with depth in at least one, including identity and secrets management, developer security and supply chain, infrastructure and cloud security, and secure frameworks
Calibrated risk judgment, meaning you can put a defensible severity and likelihood on an ambiguous problem and change your position when the evidence changes
Experience leading cross-functional security initiatives and navigating complex organizational dynamics
Outstanding communication skills, translating technical concepts effectively across all levels of the organization
A track record of bringing clarity and ownership to ambiguous technical problems and driving them to resolution
Low ego and high empathy, with a history of growing the engineers around you and supporting diverse, inclusive teams
Passion for AI safety and the role security and risk management play in building trustworthy AI systems
Preferred qualifications
Owned a named security risk and driven it from discovery through remediation across multiple teams
Briefed executives on risk decisions and defended accept, remediate, or transfer recommendations under challenge
Built security automation, detection, or risk platforms adopted across an engineering organization
Shipped LLM or agent-powered tooling and workflows that automate security or risk activities
A security engineering, detection engineering, or offensive security background with a risk-based prioritization mindset
Built or operated a quantified security risk program (FAIR-style decomposition, Monte Carlo simulation, loss exceedance analysis) whose outputs changed real resource decisions
Enough familiarity with SOC 2, ISO 27001, or FedRAMP to know what compliance does and does not buy you
Skills
PythonGoRustCC++Threat ModelingMonte Carlo SimulationRisk QuantificationIdentity And Access ManagementInfrastructure SecurityCloud SecuritySecure FrameworksSecurity AutomationSOC 2ISO 27001
Build the GRC platform at Anthropic by designing data pipelines, integrations, and agentic LLM workflows that automate compliance evidence collection, policy-as-code, and real-time risk reporting across cloud, identity, HR, and CI/CD systems.
405k – 405k/yr
Hybrid8+ YOESecurity Engineering
Staff+ Software Engineer, Privacy
AnthropicSan Francisco, CA +2
Designs and implements privacy-preserving architectures for AI systems, builds privacy infrastructure, and leads threat modeling to protect user data at scale. Requires deep privacy engineering expertise, production systems experience in Python/Go, and familiarity with regulations like GDPR/CCPA.
405k – 625k/yr
Hybrid15+ YOESecurity Engineering
Staff+ Software Security Engineer
AnthropicSan Francisco, CA +2
Designs and builds complex security systems for AI infrastructure, focusing on identity management, developer security, cloud controls, and cryptographic frameworks. Requires 8+ years experience, strong Python/systems programming, and Kubernetes security expertise.
405k – 485k/yr
Hybrid8+ YOESecurity Engineering
Staff+ Application Security Engineer
AnthropicSan Francisco, CA +2
Staff Application Security Engineer focused on M&A due diligence and secure integration of acquired codebases and systems at Anthropic. Lead security assessments, risk readouts, post-close remediation and automation using Claude, while contributing to core AppSec work. Requires 7+ years AppSec experience, rapid codebase assessment skills, and coding ability.
320k – 485k/yr
Hybrid7+ YOESecurity Engineering
Staff Security Reliability Engineer
OpenAISan Francisco, CA
Senior technical owner designing, building, and operating secure, reliable infrastructure-as-code platforms for identity, access, and shared services. Requires 10+ years of hands-on SRE experience in high-reliability on-prem/hybrid environments.