Skip to content
AnthropicAnthropicSan Francisco, CA

Security Controls Assurance Lead

Lead security controls assurance for AI systems, defining control frameworks and requirements for autonomous AI operators while collaborating with engineering to validate implementations against compliance standards.

345k – 345k/yr
Hybrid7+ YOESecurity Engineering

About the role

Key Responsibilities

  • Define the control framework and requirements for autonomous AI operators in collaboration with Security, Internal Audit, and Engineering, including change review and approvals, human-in-the-loop, and evidence collection. Assess implementations against those requirements.
  • Pressure-test major infrastructure, system, and agent framework changes for control impact during design, before decisions become expensive rework.
  • Set the compliance bar for home-built systems. Collaborate with teams to define what the internal system must provide from day one, such as auditability, segregation of duties, and change control over the tool itself.
  • Define the criteria for where and when AI can operate, supplement, or replace a manual process or control, including the human-in-the-loop thresholds and evidence documentation.
  • Establish the validation, evidence, and governance standards that allow AI-performed and AI-assisted processes and controls to withstand external audit and regulatory scrutiny.
  • Assess the introduction of new compliance frameworks and changes in scope (new regulations, certifications, products, or entities), providing a sufficient technical and compliance lens on their impact to control design, evidence requirements, and engineering effort before commitments are made.
  • Stand up or advise on audit workflows for the assurance team, including Claude-driven control testing, automated evidence collection, walkthrough preparation, and framework mapping against our common controls framework, materially raising automated evidence coverage and cutting audit prep time.

Minimum Qualifications

  • Thrive at the pace of a hypergrowth company. Comfortable making calls with incomplete information and reprioritizing as scope shifts.
  • Have supported technology control programs through SOX readiness or as a public company or with equivalent rigor (FedRAMP, large multi-framework SOC 2/ISO portfolios).
  • Have genuine engineering fluency: can read code and Terraform, follow a CI/CD pipeline end to end, and challenge a design on its technical merits.
  • Have programming skills in Python or at least one systems language such as Go, Rust, or C/C++.
  • Have deep familiarity with developer platform, release engineering, or infrastructure control domains.
  • Are a strong collaborator and communicator.
  • Use Claude and other LLMs as daily working tools, and have grounded, specific views on which audit and assurance workflows AI can run today and which it can't yet.
  • Translate framework and regulatory language into acceptance criteria engineers can build against, and translate engineering reality back into assurance language auditors and leadership can rely on.
  • Default to getting the requirement designed into the system rather than papering over the gap with procedure.

Preferred Qualifications

  • Have a combination of audit or advisory experience (Big 4 or equivalent) with in-house experience at an AI-forward tech company — in either order.
  • Have defined or assessed controls for AI/ML systems or agents acting in production environments.
  • Have stood up continuous controls monitoring or automated evidence programs.

Education

  • Bachelor’s degree or an equivalent combination of education, training, and/or experience in a field relevant to the role.

Skills

PythonGoRustC++TerraformCI/CDSOC 2ISO 27001FedRAMPSoxHIPAASecurity ControlsCompliance FrameworksAuditRisk Management
OpenAI

Global Detection and Response Lead

OpenAISan Francisco, CA

Leads global cybersecurity detection and response operations at OpenAI, overseeing monitoring, incident response, and team building. Requires 10+ years in cybersecurity, deep expertise in detection engineering and observability stacks, and US security clearance eligibility.

347k – 490k/yr
On-site10+ YOESecurity Engineering
OpenAI

Threat Modeler, Preparedness

OpenAISan Francisco, CA

Own OpenAI’s holistic approach to identifying, modeling, and forecasting frontier risks from frontier AI systems. Develop threat models across misuse and alignment domains and translate them into actionable mitigation priorities.

325k – 325k/yr
On-site7+ YOESecurity Engineering
Anthropic

Platform Security Engineering, Auditor

AnthropicSan Francisco, CA +2

Audit and secure low-level platform components including firmware, secure boot chains, attestation systems, and hardware roots of trust for Anthropic's AI infrastructure. Requires deep expertise in systems security, vulnerability assessment, and ownership of fixes through production.

320k – 405k/yr
Hybrid8+ YOESecurity Engineering
Anthropic

Senior Software Security Engineer

AnthropicSan Francisco, CA +2

Senior security engineer building and maintaining identity, secrets, and cloud security systems for AI infrastructure. Requires 5+ years experience, strong Python/Go/Rust skills, and cloud security expertise.

320k – 405k/yr
Hybrid5+ YOESecurity Engineering
Anthropic

Security Labs Engineer

AnthropicSan Francisco, CA

Own end-to-end security R&D projects building novel infrastructure like isolated clusters and cryptographic verification for AI safety. Requires 7+ years engineering experience, Python/systems languages, cloud/Kubernetes, and cross-functional execution in ambiguous environments.

320k – 405k/yr
Hybrid7+ YOESecurity Engineering