Staff+ Security Engineer, Risk Engineering

About the Role The Security Risk team is responsible for identifying, prioritizing, and driving treatment of Anthropic’s most important security risks. The team builds automation and AI‑native platforms to operate risk management as an engineering function. The role spans Anthropic’s full security landscape—from authorization primitives and cryptographic foundations to identity and secrets management, infrastructure security, and secure frameworks—and requires breadth across domains with deep expertise in any chosen area.

You will partner with Security Engineering to shape the security program and build the AI‑native platform that underpins risk decision making. Key Responsibilities Take ownership of Anthropic’s most complex security risk problems and drive them end‑to‑end with minimal oversight, turning ambiguous signals into a defensible view of severity and likelihood and seeing them through escalation, treatment decisions, and remediation. Build systems that make risk measurable and scale risk work, including quantification tooling, automated intake and triage, and observability that partner teams use to understand their own risk posture.

Work alongside Security Engineering as a technical peer who pressure‑tests architectures and treatment plans, translates findings into prioritized remediation roadmaps, and makes investment cases for where to focus resources. Mentor engineers and risk practitioners across Security and the broader engineering organization, fostering a risk engineering culture in which teams own their risks and the team provides the visibility and judgment that supports them. Work across the breadth of Anthropic’s security landscape, spanning identity and secrets management, developer security and supply chain, infrastructure security, and secure frameworks, building context to reason about risk credibly in each area.

Go deep where a risk demands it, assessing how systems are built and how they fail so that assessments and treatment plans reflect engineering reality. Identify systematic risks through threat modeling and structured assessment, and drive severity calibration and escalation conversations that bring leadership a defensible position. Contribute to quantitative risk work, applying calibrated estimation and Monte Carlo simulation where they influence resource or treatment decisions.

Design and build AI‑native risk tooling that uses Claude to classify incoming risks, augment triage, and continuously sense changes in the risk landscape as teams ship. Create dashboards and data pipelines that give engineering and product teams real‑time visibility into their risk posture and enable distributed ownership of risk. Partner with Security Engineering and risk owners to design remediation roadmaps that specify sequencing, ownership, and required investment.

Measure outcomes rather than activity, focusing on decisions made and risk reduced. Minimum Qualifications At least 8 years of software engineering or security engineering experience, including leading and remediating complex security risks independently. Bachelor’s degree in a related field or equivalent experience.

Strong programming skills in Python or a systems language such as Go, Rust, or C/C++. Broad knowledge across core security engineering domains, with depth in at least one (identity and secrets management, developer security and supply chain, infrastructure and cloud security, secure frameworks). Calibrated risk judgment, able to assign defensible severity and likelihood and adjust when new evidence arises.

Experience leading cross‑functional security initiatives and navigating complex organizational dynamics. Outstanding communication skills, translating technical concepts effectively across all levels of the organization. A track record of bringing clarity and ownership to ambiguous technical problems and driving them to resolution.

Low ego and high empathy, with a history of growing engineers around you and supporting diverse, inclusive teams. Passion for AI safety and the role that security and risk management play in building trustworthy AI systems. Preferred Qualifications Owned a named security risk and driven it from discovery through remediation across multiple teams.

Briefed executives on risk decisions and defended accept, remediate, or transfer recommendations under challenge. Built security automation, detection, or risk platforms adopted across an engineering organization. Shipped LLM or agent‑powered tooling and workflows that automate security or risk activities.

Background in security engineering, detection engineering, or offensive security with a risk‑based prioritization mindset. Built or operated a quantified security risk program (FAIR‑style decomposition, Monte Carlo simulation, loss exceedance analysis) whose outputs changed real resource decisions. Familiarity with SOC 2, ISO 27001, or FedRAMP and an understanding of what compliance does and does not buy you.

Compensation and Benefits Annual Salary: $405,000—$405,000 USD. Competitive compensation and benefits. Optional equity donation matching.

Generous vacation and parental leave. Flexible working hours. Office space located in San Francisco.

Location and Travel Location‑based hybrid policy: all staff are expected to work from an Anthropic office at least 25 % of the time. Some roles may require more time in office. Visa Sponsorship The company sponsors visas for qualified candidates, but sponsorship availability varies by role and candidate. #J-18808-Ljbffr