Staff+ Security Engineer, Risk Engineering

Details

About Anthropic

Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. The team is a growing group of researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About the role

The Security Risk team identifies, prioritizes, and drives treatment of Anthropic’s most important security risks. The team is rebuilding risk management to operate as an engineering function through automation and AI-native platforms to enable decision making. Systems assessed span the full security landscape, from authorization primitives to cryptographic foundations. The role involves defining replacements for conventional GRC playbooks, building the AI-native platform underneath, and shaping security program decisions with a direct line to CISO-level decisions.

Responsibilities

• Take ownership of Anthropic’s most complex security risk problems and drive them end to end with minimal oversight: assess severity and likelihood, escalate, make treatment decisions, and drive remediation.
• Build systems that make risk measurable and scalable, including quantification tooling, automated intake and triage, and observability for partner teams.
• Work alongside Security Engineering as a technical peer: pressure test architectures and treatment plans, translate findings into prioritized remediation roadmaps, and make the investment case for fixes.
• Mentor engineers and risk practitioners across Security and the broader engineering organization; help build a risk engineering culture with distributed ownership of risk.
• Security risk engineering across identity and secrets management, developer security and supply chain, infrastructure security, and secure frameworks; go deep where required to understand system failures and reflect engineering reality in assessments.
• Risk assessment and quantification: identify systematic risks via threat modeling and structured assessment; drive severity calibration and escalation; contribute quantitative work using calibrated estimation and Monte Carlo simulation where useful.
• Risk platform and automation: design and build AI-native risk tooling that uses Claude to classify incoming risks, augment triage, and continuously sense changes; create dashboards and data pipelines to provide real-time visibility into risk posture.
• Remediation strategy and investment: partner with Security Engineering and risk owners to design explicit remediation roadmaps and measure outcomes in terms of decisions made and risk reduced.

Minimum qualifications

• At least 8 years of software engineering or security engineering experience, including leading and remediating complex security risks independently.
• Bachelor’s degree in a related field or equivalent experience.
• Strong programming skills in Python or at least one systems language such as Go, Rust, or C/C++.
• Broad knowledge across core security engineering domains, with depth in at least one area (identity and secrets management, developer security and supply chain, infrastructure and cloud security, secure frameworks).
• Calibrated risk judgment: able to assign defensible severity and likelihood to ambiguous problems and update positions with new evidence.
• Experience leading cross-functional security initiatives and navigating complex organizational dynamics.
• Outstanding communication skills to translate technical concepts across all levels of the organization.
• Track record of bringing clarity and ownership to ambiguous technical problems and driving them to resolution.
• Low ego and high empathy, with experience growing engineers and supporting diverse teams.
• Passion for AI safety and the role of security and risk management in trustworthy AI systems.

Preferred qualifications

• Owned a named security risk from discovery through remediation across multiple teams.
• Briefed executives on risk decisions and defended accept/remediate/transfer recommendations.
• Built security automation, detection, or risk platforms adopted across an engineering organization.
• Shipped LLM or agent-powered tooling and workflows that automate security or risk activities.
• Background in security engineering, detection engineering, or offensive security with a risk-based prioritization mindset.
• Built or operated a quantified security risk program (FAIR-style decomposition, Monte Carlo simulation, loss exceedance analysis) that changed resource decisions.
• Familiarity with SOC 2, ISO 27001, or FedRAMP.

Compensation

Annual Salary: $405,000 - $405,000 USD

Logistics

• Minimum education: Bachelor’s degree or equivalent combination of education/training/experience.
• Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience.
• Location-based hybrid policy: expected to be in one of Anthropic’s offices at least 25% of the time (some roles may require more time in office).
• Visa sponsorship: Anthropic states they do sponsor visas and retain an immigration lawyer to help, though sponsorship is not guaranteed for every role/candidate.

How we're different

Anthropic emphasizes large-scale, collaborative AI research focused on steerable, trustworthy AI. The organization values communication and impact over smaller focused projects.

Come work with us

Anthropic is a public benefit corporation headquartered in San Francisco. They offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and office space for collaboration. Guidance on candidates' AI usage is provided via their candidate AI policy.