Senior Software Security Engineer

About the Team

The Security Engineering team protects Anthropic's AI systems and maintains the trust of our users and society. We define the authentication architecture for our training infrastructure, design the cryptographic foundations that protect model weights and training data, and drive the developer security program that shapes how engineers build and ship software.

The team works across several areas that collaborate closely: identity and secrets management, developer security and supply chain, infrastructure security, and secure frameworks. You will support one of these areas while contributing across others, with your focus shaped by your strengths and the team's priorities.

Responsibilities:

• Build and maintain identity and secrets management systems, including credential issuance, rotation, and workload authentication across our multi-cloud environments
• Contribute to cluster security controls including RBAC policies, namespace isolation, workload identity, and pod security
• Implement and maintain cloud security controls including IAM, network segmentation, VPC architecture, and encryption across our multi-cloud and on-prem environments
• Design and implement secure development frameworks and libraries that make secure coding the path of least resistance for our engineering teams, including service to service authentication, serialization libraries, and tool proxies.
• Harden CI/CD pipelines against supply chain attacks through isolated build environments, signed attestations, dependency verification, and automated policy enforcement
• Identify and remediate security gaps through code review, threat modeling, and hands-on debugging
• Contribute to continuous cloud security posture management using infrastructure-as-code scanning, misconfiguration detection, and automated remediation

You may be a good fit if you have:

• At least 5 years of software engineering experience implementing and maintaining security-relevant systems in production
• Bachelor's degree in Computer Science or equivalent industry experience
• Strong programming skills in Python or at least one systems language such as Go or Rust
• Experience contributing to cloud security controls
• A track record of taking ownership of problems end to end, from identifying the issue to shipping and monitoring the fix
• Clear communication skills and the ability to work collaboratively across engineering teams
• Low ego and high empathy, with a genuine interest in helping teammates succeed
• Passion for AI safety and the role security engineering plays in building trustworthy AI systems

Strong candidates may also have:

• Contributions to developer security tooling including SAST, dependency scanning, or secure build infrastructure
• Familiarity with Kubernetes security primitives including RBAC, namespaces, network policies, and admission controllers
• Experience with cloud security posture management tooling, infrastructure-as-code security scanning, or automated remediation
• Experience with network security and isolation techniques including east-west controls, traffic inspection, and cloud network policy
• Experience with eBPF for security monitoring and enforcement, or developing kernel security policies
• Experience building secrets management or workload authentication systems, including familiarity with protocols such as OAuth 2.0, OIDC, SAML, or SPIFFE/SPIRE
• Background building or operating security systems in environments that support research workflows and rapid iteration