Jobs · Engineering · Washington

Staff+ Application Security Engineer - M&A

Anthropic · Seattle, WA · 3 days ago
HybridEngineering$320k–$485k/yrFull-time

About the role

Lead pre-close security due diligence on prospective acquisitions — coordinate external penetration testing, threat-model the target's architecture, assess security controls, and deliver the security risk readout for leadership ahead of close and integration planning.
Drive post-close security integration — stand up static and dynamic analysis coverage on acquired codebases, track high- and critical-severity remediation to closure, fold acquired assets into bug bounty scope, and onboard repositories to Anthropic's automated vulnerability remediation and reporting systems.
Coverage of adjacent security engineering teams (supply chain, cloud, corporate security, detection & response) on their portions of each integration.
Across a wide set of stakeholders on every deal — corporate development, legal, security leadership, and the engineering teams inheriting acquired systems internally; engineering and security counterparts at the target company externally — translating between them and keeping the security workstream legible to all of them.
Formalize and scale Anthropic's M&A security playbook — risk-scoring model, diligence runbook, integration checklist — and turn as much of it as possible into Claude-powered tooling rather than manual process.
Contribute to core AppSec projects between deals — secure design reviews, threat modeling for agentic systems, and the team's security automation roadmap.

Responsibilities

  • Lead pre-close security due diligence on prospective acquisitions — coordinate external penetration testing, threat-model the target's architecture, assess security controls, and deliver the security risk readout for leadership ahead of close and integration planning
  • Drive post-close security integration — stand up static and dynamic analysis coverage on acquired codebases, track high- and critical-severity remediation to closure, fold acquired assets into bug bounty scope, and onboard repositories to Anthropic's automated vulnerability remediation and reporting systems
  • Coverage of adjacent security engineering teams (supply chain, cloud, corporate security, detection & response) on their portions of each integration
  • Across a wide set of stakeholders on every deal — corporate development, legal, security leadership, and the engineering teams inheriting acquired systems internally; engineering and security counterparts at the target company externally — translating between them and keeping the security workstream legible to all of them
  • Formalize and scale Anthropic's M&A security playbook — risk-scoring model, diligence runbook, integration checklist — and turn as much of it as possible into Claude-powered tooling rather than manual process
  • Contribute to core AppSec projects between deals — secure design reviews, threat modeling for agentic systems, and the team's security automation roadmap

Requirements

  • Hands-on application and infrastructure security experience, including cloud and containerized environments
  • Demonstrated ability to rapidly assess an unfamiliar codebase or architecture and produce a clear, prioritized risk assessment for a non-security audience
  • Production-quality coding ability in at least one of Python, Go, Rust, or TypeScript
  • PRACTICAL threat-modeling and vulnerability-identification skills — you've found and reasoned about real bugs in real systems
  • Comfort operating with high autonomy, ambiguity, and tightly-held confidential context
  • Clear written and verbal communication across varied audiences — executives, legal and corporate development partners, and engineering counterparts at an acquired company

Qualifications

  • 7+ years in application security, security consulting, or security architecture
  • Prior M&A security due diligence, third-party security assessment, or technical due diligence experience
  • Experience standing up or scaling SAST/DAST, bug bounty, or vulnerability management coverage across multiple codebases
  • Track record of building security automation or tooling rather than relying solely on manual review
  • Familiarity with using LLMs as a core part of your security workflow
  • Experience securing agentic, code-execution, or LLM-integrated systems

Skills

  • Hands-on application and infrastructure security experience, including cloud and containerized environments
  • Threat-modeling and vulnerability-identification skills
  • Production-quality coding ability in at least one of Python, Go, Rust, or TypeScript
  • Comfort operating with high autonomy, ambiguity, and tightly-held confidential context
  • Clear written and verbal communication across varied audiences
  • Experience securing agentic, code-execution, or LLM-integrated systems

Benefits

Annual Compensation Range: $320,000—$485,000 USD

Pay

Annual Salary: $320,000—$485,000 USD

Schedule

Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

Visa Sponsorship

We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this. We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed.

Research Shows

People who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.

How We're Different

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills. The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences. Come work with us!

Guidance on Candidates' AI Usage

Learn about our policy for using AI in our application process.

Similar jobs