Jobs · Information Technology · California

Staff+ Application Security Engineer

Anthropic · San Francisco, CA · 2 wk ago
HybridInformation Technology$320k–$485k/yrFull-time

About the role

The Application Security team at Anthropic secures the systems that build, serve, and increasingly are Claude. The team uses Claude as its primary tool across every part of the job, including LLM-driven code analysis, automated vulnerability remediation, and AI-assisted threat modeling.

Responsibilities

  • Design, build, and operate Claude-powered security systems — LLM-driven code analysis, automated vulnerability remediation, AI-assisted threat modeling — and own one or more of them end-to-end, including the cross-functional relationships that come with it.

  • Lead secure design reviews and threat modeling for novel AI systems, identifying risks that don't map to existing frameworks.

  • Evolve a public bug bounty program where automation handles routine triage and root-cause work, and engineers handle escalations and corner cases.

  • Partner with Product, Infrastructure, and Research teams as an embedded security owner — consulting on launches, shaping architecture, and influencing decisions where security is the constraint.

  • Share an operational on-run rotation with the rest of the team — bounty escalations, incident response, and launch consults on systems serving Claude in production.

Requirements

  • Hands-on application and infrastructure security experience, including cloud and containerized environments.

  • Production-quality coding ability in at least one of Python, Go, Rust, or TypeScript, with a track record of building durable systems rather than one-off scripts.

  • Practical threat-modeling and vulnerability-identification skills — you've found and reasoned about real bugs in real systems, even if breaking isn't your primary mode.

  • Demonstrated ability to operate with high autonomy and ambiguity — comfortable being handed a problem and a lot of latitude rather than a spec.

  • Clear technical communication with both engineers and leadership.

Qualifications

  • 7+ years in application security, security engineering, or security-focused software engineering.

  • Already use LLMs as a core part of how you work, with opinions about where they help and where they don't.

  • Experience securing agentic, code-execution, or LLM-integrated systems specifically.

  • Prior ownership of a bug bounty program, vulnerability disclosure program, or vulnerability-management infrastructure at scale.

  • Background building security automation or developer-facing security tooling.

  • Offensive security or penetration testing experience.

Preferred Qualifications

  • Experience securing agentic, code-execution, or LLM-integrated systems specifically.

  • Prior ownership of a bug bounty program, vulnerability disclosure program, or vulnerability-management infrastructure at scale.

  • Background building security automation or developer-facing security tooling.

  • Offensive security or penetration testing experience.

Pay

The annual compensation range for this role is $320,000—$485,000 USD.

Schedule

We currently expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

Benefits

We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues.

Guidance on Candidates' AI Usage

We have a policy for using AI in our application process. Learn more about it here.

Similar jobs