Responsibilities:

• Help secure AI products and internal tools that are introducing industry-novel security risks and pushing established security boundaries
• Lead “shift left” security efforts to build security into the software development lifecycle.
• Conduct secure design reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities.
• Develop tooling to scale security code reviews and respond to developer questions, including advising developers on remediating vulnerabilities and following secure coding practices. 
• Manage Anthropic's vulnerability management program, including integrating data ingestion pipelines, coding logic to prioritize vulnerability fixes, supporting teams remediating vulnerabilities and developing automated systems at scale.
• Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with the ethical hacker community.
• Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development.
• Develop and document security policies, standards, and playbooks. Conduct security awareness training for engineers.

You may be a good fit if you:

• Have 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments.
• Lead with empathy, a collaborative spirit, and a learning mindset to work cross-functionally with engineers of all levels to build security into the software development life cycle.
• Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls.
• Possess broad security knowledge to connect the dots across domains and identify holistic ways to decrease the overall threat surface.
• Are keen to distill complex security concepts into clear actions and drive consensus without direct authority.
• Embody a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education.
• Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes.
• Bring experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses.
• Are practiced at collaborating cross-functionally and effectively balancing security requirements with business objectives.
• Advocate for security fundamentals like least privilege, defense-in-depth, and eliminating complexity that could sub-linearly scale security through smart design.

Strong candidates may also:

• Hands-on technical expertise securing complex cloud environments and microservices architectures leveraging technologies like Kubernetes, Docker, and AWS / GCP.
• Exposure to offensive security techniques like vulnerability testing, bug bounty, pen testing, and red team exercises. 
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, model extraction, etc. and mitigations.
• Experience building security tools, applications, and automated tools.
• Solid foundational knowledge of both software and security engineering principles and are keen to continue learning.
• Excellent communication skills, able to distill complex security topics for broad audiences.
• Worked and thrived in fast-paced environments, and comfortable navigating ambiguity.