Anthropic· Security· Remote-Friendly (Travel-Required) | San Francisco, CA | Seattle, WA | New York City, NY
Application Security Engineer
Classified Tasks (25)
Automate 0%Augment 88%Human-Only 12%
Augment (22)
AI assists, human decides
Partner with software engineers and researchers to integrate security from initial design through implementation.
leadership
Perform continuous risk assessments across products and internal tools.
analytical
Build tools and systems that support developers in shipping code securely and enforcing secure coding best practices.
technical
Develop tooling to scale security code reviews and respond to developer questions.
technical
Advise developers on remediating vulnerabilities and following secure coding practices.
communication
Identify and prioritize risks, attack surfaces, and vulnerabilities.
analytical
Manage the vulnerability management program.
operational
Integrate data ingestion pipelines into the vulnerability management program.
technical
Implement coding logic to prioritize vulnerability fixes.
technical
Support engineering teams in remediating vulnerabilities.
technical
Develop automated systems at scale for vulnerability management.
technical
Oversee the bug bounty program and set program scope.
operational
Validate bug bounty submissions.
analytical
Perform root cause analysis on reported vulnerabilities.
analytical
Coordinate remediation of bug bounty findings with engineering teams.
communication
Award bounties for validated reports.
administrative
Collaborate with product engineers and researchers to instill security best practices.
leadership
Advocate for secure architecture, design, and development decisions.
leadership
Develop and document security policies, standards, and playbooks.
administrative
Conduct security awareness and training sessions for engineers.
communication
Provide insights to shape tooling, detection capabilities, and defenses against emerging AI/ML threats.
analytical
Develop educational resources that enable engineers to act as security champions.
communication
Human-Only (3)
Requires human judgment
Lead threat modeling sessions and conduct secure design reviews to identify and mitigate risks early.
leadership
Secure AI products and internal tools that introduce novel security risks and push established security boundaries.
technical
Cultivate relationships with the ethical hacker community.
communication
Job description
About Anthropic Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems. About the role: The Application Security team is at the forefront of building security into every phase of the software development lifecycle at Anthropic. In this hands-on technical role, you will partner closely with our software engineers and researchers to ensure that security is a core consideration from initial design through implementation. You will lead threat modeling and secure design reviews to proactively identify and mitigate risks early, and help with continuous risk assessment. You will build tools and systems to support developers shipping code securely, adhering to secure coding best practices. Your insights will shape our tooling, detection capabilities, and defenses against emerging threats to AI/ML. You'll develop the standards, processes, and educational resources that enable all Anthropic engineers to be security champions. This high-impact role demands a security practitioner who can think like an attacker, has a developer mindset, and can build strong relationships. Responsibilities: Help secure AI products and internal tools that are introducing industry-novel security risks and pushing established security boundaries Lead “shift left” security efforts to build security into the software development lifecycle. Conduct secure design reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities. Develop tooling to scale security code reviews and respond to developer questions, including advising developers on remediating vulnerabilities and following secure coding practices. Manage Anthropic's vulnerability management program, including integrating data ingestion pipelines, coding logic to prioritize vulnerability fixes, supporting teams remediating vulnerabilities and developing automated systems at scale. Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with the ethical hacker community. Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development. Develop and document security policies, standards, and playbooks. Conduct security awareness training for engineers. You may be a good fit if you: Have 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments. Strong proficiency in at least one programming language (e.g., Python, Rust, Go, Java) Lead with empathy, a collaborative spirit, and a learning mindset to work cross-functionally with engineers of all levels to build security into the software development life cycle. Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls. Possess broad security knowledge to connect the dots across domains and identify holistic ways to decrease the overall threat surface. Are keen to distill complex security concepts into clear actions and drive consensus without direct authority. Embody a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education. Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes