Note: The job is a remote job and is open to candidates in USA. Anthropic is a public benefit corporation dedicated to creating reliable and beneficial AI systems. They are seeking a Staff Application Security Engineer to lead security due diligence and integration for acquisitions, formalizing the security playbook and automating processes to ensure the security of acquired systems. This role combines M&A security focus with core application security responsibilities, requiring collaboration across multiple teams and stakeholders.
Responsibilities
- Lead pre-close security due diligence on prospective acquisitions — coordinate external penetration testing, threat-model the target's architecture, assess security controls, and deliver the security risk readout for leadership ahead of close and integration planning
- Drive post-close security integration — stand up static and dynamic analysis coverage on acquired codebases, track high- and critical-severity remediation to closure, fold acquired assets into bug bounty scope, and onboard repositories to Anthropic's automated vulnerability remediation and reporting systems
- Coordinate adjacent security engineering teams (supply chain, cloud, corporate security, detection & response) on their portions of each integration
- Work across a wide set of stakeholders on every deal — corporate development, legal, security leadership, and the engineering teams inheriting acquired systems internally; engineering and security counterparts at the target company externally — translating between them and keeping the security workstream legible to all of them
- Formalize and scale Anthropic's M&A security playbook — risk-scoring model, diligence runbook, integration checklist — and turn as much of it as possible into Claude-powered tooling rather than manual process
- Share the team's operational on-run rotation (bug bounty escalations, launch consults, incident response), swapping out during periods of active deal work
- Contribute to core AppSec projects between deals — secure design reviews, threat modeling for agentic systems, and the team's security automation roadmap
Skills
- Hands-on application and infrastructure security experience, including cloud and containerized environments
- Demonstrated ability to rapidly assess an unfamiliar codebase or architecture and produce a clear, prioritized risk assessment for a non-security audience
- Production-quality coding ability in at least one of Python, Go, Rust, or TypeScript
- Practical threat-modeling and vulnerability-identification skills — you've found and reasoned about real bugs in real systems
- Comfort operating with high autonomy, ambiguity, and tightly-held confidential context
- Clear written and verbal communication across varied audiences — executives, legal and corporate development partners, and engineering counterparts at an acquired company
- Minimum education: Bachelor's degree or an equivalent combination of education, training, and/or experience
- Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience
- Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position
- 7+ years in application security, security consulting, or security architecture
- Prior M&A security due diligence, third-party security assessment, or technical due diligence experience
- Experience standing up or scaling SAST/DAST, bug bounty, or vulnerability management coverage across multiple codebases
- Track record of building security automation or tooling rather than relying solely on manual review
- Familiarity with using LLMs as a core part of your security workflow
- Experience securing agentic, code-execution, or LLM-integrated systems
Benefits
- Optional equity donation matching
- Generous vacation and parental leave
- Flexible working hours
- A lovely office space in which to collaborate with colleagues
- Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.
Company Overview
Company H1B Sponsorship