About the role

Application Security Engineer ensuring security is integral to AI product development. Collaborating with engineers on securing code and overseeing vulnerability management.

Responsibilities

Help secure AI products and internal tools that are introducing industry-novel security risks and pushing established security boundaries
Lead “shift left” security efforts to build security into the software development lifecycle.
Conduct secure design reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities.
Develop tooling to scale security code reviews and respond to developer questions, including advising developers on remediating vulnerabilities and following secure coding practices.
Manage Anthropic's vulnerability management program, including integrating data ingestion pipelines, coding logic to prioritize vulnerability fixes, supporting teams remediating vulnerabilities and developing automated systems at scale.
Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with the ethical hacker community.
Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development.
Develop and document security policies, standards, and playbooks. Conduct security awareness training for engineers.

5+ years of hands-on experience in application and infrastructure security
Strong proficiency in at least one programming language (e.g., Python, Rust, Go, Java)
Lead with empathy, a collaborative spirit, and a learning mindset to work cross-functionally with engineers of all levels to build security into the software development life cycle
Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls
Possess broad security knowledge to connect the dots across domains and identify holistic ways to decrease the overall threat surface
Are keen to distill complex security concepts into clear actions and drive consensus without direct authority
Embody a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education
Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes
Bring experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses
Are practiced at collaborating cross-functionally and effectively balancing security requirements with business objectives
Advocate for security fundamentals like least privilege, defense-in-depth, and eliminating complexity that could sub-linearly scale security through smart design.