Application Security Engineer

About Anthropic Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. About the Role The Application Security team is at the forefront of building security into every phase of the software development lifecycle at Anthropic. In this hands-on technical role, you will partner closely with our software engineers and researchers to ensure that security is a core consideration from initial design through implementation. You will lead threat modeling and secure design reviews to proactively identify and mitigate risks early, and help with continuous risk assessment. You will build tools and systems to support developers shipping code securely, adhering to secure coding best practices. Your insights will shape our tooling, detection capabilities, and defenses against emerging threats to AI/ML. You'll develop the standards, processes, and educational resources that enable all Anthropic engineers to be security champions. Responsibilities: • Help secure AI products and internal tools that are introducing industry-novel security risks • Lead shift-left security efforts to build security into the SDLC • Conduct secure design reviews and threat modeling • Develop tooling to scale security code reviews and respond to developer questions • Manage Anthropic's vulnerability management program • Oversee Anthropic's bug bounty program • Collaborate closely with product engineers and researchers to instill security best practices • Develop and document security policies, standards, and playbooks

• 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments. • Strong proficiency in at least one programming language (e.g., Python, Rust, Go, Java) • Broad security knowledge connecting the dots across domains • Experience with threat modeling, secure code review, and vulnerability management • Ability to distill complex security concepts into clear actions • Strong grasp of offensive security techniques and attacker mindset • Experience with bug bounty programs a plus