Incident Manager - Detection & Response at Anthropic — task breakdown

About Anthropic Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems. About the Role The Detection & Response (D&R) team plays a critical role in protecting our systems, users, and data from security threats. We’re looking for an experienced Technical Program Manager to own and evolve incident management within D&R. This is a senior-level specialization on the Technical Program Manager ladder, focused on how we detect, respond to, and learn from security and operational incidents. You’ll be the driving force behind maturing and scaling our incident response lifecycle—from detection and triage through containment, remediation, and post-incident review. Critically, some of the highest-impact work in this role happens after the immediate response: gathering data on incident trends, reporting on patterns and root causes, and working cross-functionally across engineering, security, infrastructure, and product teams to ensure that broad fixes and systemic improvements are actually implemented. You won’t just manage incidents—you’ll make sure we get meaningfully better after each one. Responsibilities Own the end-to-end D&R incident management program: detection workflows, response processes, escalation paths, communication standards, and remediation tracking. Serve as incident commander for security incidents, driving clear coordination across executive, engineering, security, legal, and other appropriate stakeholders. Establish and run incident commander rotations within D&R, ensuring clear ownership and effective coordination during incidents of varying severity. Drive post-incident accountability by defining how action items are captured, assigned, tracked, and completed across teams—ensuring follow-through on both tactical fixes and strategic improvements. Gather, analyze, and report on incident trends and patterns to surface systemic risks, recurring root causes, and areas where the organization is most vulnerable. Translate trend analysis into actionable cross-functional initiatives: partner with engineering, infrastructure, security, and product teams to prioritize and implement broad fixes and preventive improvements that address root causes rather than symptoms. Lead incident review forums (post-mortems, retrospectives) and ensure learnings are captured, socialized, and acted upon across the organization. Develop and maintain D&R incident response documentation, playbooks, runbooks, and training materials; keep them current as the threat landscape and our systems evolve. Partner with detection engineering to improve alert fidelity, reduce noise, and shorten time-to-detection for security events. Define, develop, and track incident management KPIs and report regularly to D&R and Security leadership. Support broad cross-functional training and initiatives to uplevel security awareness across the company (e.g. Tabletop exercises, training, talks). You may be a good fit if you: Have 7+ years of experience in technical program management, incident management, or security operations, with significant time spent in a detection & response or security incident response context. Have led or built incident response programs at a technology company, ideally in a high-growth or security-intensive environment. Have a demonstrated track record of turning incident data into organizational improvements—not just writing post-mortems, but driving the cross-functional work to implement system

Incident Manager - Detection & Response

Classified Tasks (17)

Augment (14)

Human-Only (3)

Job description