Staff+ Application Security Engineer - M&A na Anthropic

Remoto - Remote-Friendly (Travel-Required), San Francisco, CA, Seattle, WA, New York City, NY

Candidatar-se
Ver mais vagas na Anthropic

Anthropic’s Application Security team secures the systems that build, serve, and increasingly are Claude. This role establishes a dedicated function for managing security due diligence and integration of acquisitions, formalizing playbooks, risk models, and tooling to make each deal easier. The position focuses on M&A work, requiring rapid assessment of unfamiliar codebases, threat modeling, and coordination with internal and external stakeholders. It also supports core AppSec projects between deals, emphasizing secure design, threat modeling for agentic systems, and security automation.

Salary

R$ 320,000 - 485,000

Requirements

Skills

  • Hands‑on application and infrastructure security experience, including cloud and containerized environments
  • Demonstrated ability to rapidly assess an unfamiliar codebase or architecture and produce a clear, prioritized risk assessment for a non‑security audience
  • Production‑quality coding ability in at least one of Python, Go, Rust, or TypeScript
  • Practical threat‑modeling and vulnerability‑identification skills
  • Comfort operating with high autonomy, ambiguity, and tightly‑held confidential context
  • Clear written and verbal communication across varied audiences — executives, legal and corporate development partners, and engineering counterparts at an acquired company
  • Bachelor’s degree or an equivalent combination of education, training, and/or experience

Responsibilities

  • Lead pre‑close security due diligence on prospective acquisitions — coordinate external penetration testing, threat‑model the target’s architecture, assess security controls, and deliver the security risk readout for leadership ahead of close and integration planning
  • Drive post‑close security integration — stand up static and dynamic analysis coverage on acquired codebases, track high‑ and critical‑severity remediation to closure, fold acquired assets into bug bounty scope, and onboard repositories to Anthropic’s automated vulnerability remediation and reporting systems
  • Coordinate adjacent security engineering teams (supply chain, cloud, corporate security, detection & response) on their portions of each integration
  • Work across a wide set of stakeholders on every deal — corporate development, legal, security leadership, and the engineering teams inheriting acquired systems internally; engineering and security counterparts at the target company externally — translating between them and keeping the security workstream legible to all of them
  • Formalize and scale Anthropic’s M&A security playbook — risk‑scoring model, diligence runbook, integration checklist — and turn as much of it as possible into Claude‑powered tooling rather than manual process
  • Share the team’s operational on‑run rotation (bug bounty escalations, launch consults, incident response), swapping out during periods of active deal work
  • Contribute to core AppSec projects between deals — secure design reviews, threat modeling for agentic systems, and the team’s security automation roadmap

Technologies

PythonGoRustTypeScriptcloudcontainerized environmentsstatic analysis (SAST)dynamic analysis (DAST)bug bountyvulnerability managementLLMsClaudesecurity automation tooling

Compartilhar vaga

Descubra se seu currículo está pronto para esta vaga

Veja como nossa IA pode otimizar seu currículo e aumentar suas chances de conseguir esta posição.