Compute & Infrastructure Counsel, Security & Compliance at Anthropic

On-site - San Francisco, CA; Seattle, WA; New York City, NY; Washington, DC

Apply
More jobs at Anthropic

Anthropic’s model weights and training infrastructure are among the highest‑value targets in the technology sector. As Commercial Counsel, Infrastructure Security for Compute and Infrastructure at Anthropic, the role involves day‑to‑day legal partnership with the Chief Security Officer’s infrastructure‑security and Governance, Risk and Compliance teams, owning the contractual and regulatory layer of physical and facility security, hardware and supply‑chain security, network security, vendor personnel and insider‑risk flow‑downs, and security regulatory and assurance.

Requirements

Skills

  • JD and active membership in at least one U.S. state bar
  • Fluency in security design‑basis specifications, guard‑force and access‑control contracting, and how security schedules interact with build‑to‑suit, colo, procurement, and carrier agreements
  • Experience with NDAA §889/§5949, CHIPS‑Act guardrails, CFIUS/outbound‑investment screening, and trusted‑supplier or country‑of‑origin programs
  • Comfort with NIST, ISO 27001, and SOC 2 physical‑control frameworks and the evidence and attestation process that supports customer and auditor assurance
  • Ability to coordinate effectively with multiple internal legal teams, and specialized outside counsel while maintaining strategic direction
  • Strong judgment about when contractual security terms create downstream risk for Anthropic’s security posture, audit position, or operational flexibility
  • Effective collaboration skills for working with the CSO’s organization, procurement, datacenter, and network teams
  • Communication skills that translate security and supply‑chain‑integrity concepts into clear risk assessments for business stakeholders
  • Genuine interest in infrastructure security and appreciation for why physical, hardware, and network security is mission‑critical for frontier AI
  • At least 10-12 years of relevant legal experience with meaningful exposure to physical and facility security contracting, hardware and supply‑chain security, network security schedules, or security regulatory and assurance work for critical infrastructure
  • In‑house experience at cloud service providers, hyperscalers, defense and aerospace primes, telecom carriers, utilities, semiconductor companies, or datacenter operators

Responsibilities

  • Draft and negotiate security design‑basis and site‑hardening specifications in build‑to‑suit, lease, and colo agreements (perimeter, access control, CCTV, intrusion detection); guard‑force statements of work, post orders, and KPI regimes; visitor, contractor, and badging policy; and security clauses in shared‑campus and multi‑tenant arrangements
  • Own provenance, anti‑tamper, and chain‑of‑custody warranties in silicon, ODM, and OEM paper; trusted‑supplier and country‑of‑origin restrictions; NDAA §889/§5949 and CHIPS‑Act guardrail flow‑downs; BIS/EAR advanced‑computing and semiconductor export‑control flow‑downs and end‑use/end‑user certifications; firmware integrity, secure‑boot, and golden‑image escrow terms; secure logistics; counterfeit‑part and grey‑market controls; and secure decommissioning and certified media‑destruction terms
  • Draft security schedules in carrier and fiber agreements (encryption‑in‑transit, route integrity, lawful‑intercept handling), and security obligations in peering agreements
  • Set background‑screening, training, and badge‑revocation requirements for vendor and contractor personnel with site or hardware access, and flow Anthropic personnel‑security standards into guard‑force, security‑integrator, and EPC vendor MSAs
  • Support CFIUS and outbound‑investment screening on infrastructure vendors and sites, provide NIST/ISO/SOC 2 physical‑control evidence for customer and auditor assurance in partnership with security teams; and support security representations in customer contracts that reference physical infrastructure with Commercial Legal
  • Work closely with specialized outside counsel, ensuring their work product aligns with Anthropic’s security and commercial objectives
  • Build the function: develop and maintain the security‑schedule library, design‑basis templates, advise on vendor security questionnaire templates, and negotiation playbooks; train Procurement, Datacenter, and Network teams to apply them at scale
  • Serve as direct counsel to the CSO’s infrastructure‑security organization, coordinating with Product Legal and Litigation on incident response, threat intelligence, law‑enforcement and intelligence‑community engagement, insider‑threat governance, and model‑weight security policy under Anthropic’s Responsible Scaling Policy
  • Escalate novel structures or terms that create downstream risk for Anthropic’s security posture or operational flexibility; ensure security requirements accommodate AI‑specific threats including hardware tamper, supply‑chain interdiction, and high‑value‑target facility risk
  • Monitor and assess the evolving regulatory landscape affecting security and data protection, identifying higher‑risk obligations for the business and partnering with security to operationalize them through policies, controls, and compliance programs
  • Advise on risk assessments, risk acceptance decisions, and reporting to leadership and the board; and review remediation commitments arising from assessments, customer audits and regulator inquiries

Technologies

NDAA §889/§5949CHIPS‑ActCFIUSNISTISO 27001SOC 2BIS/EAR

See if your resume is ready for this job

See how our AI can optimize your resume and improve your chances for this role.