This is a unique opportunity to shape how frontier AI models handle dual-use cybersecurity knowledge,balancing the tremendous potential of AI to advance legitimate security research and defensive capabilities while preventing misuse by malicious actors.

In this role, you will lead and grow a team of technical specialists focused on cyber threat modeling and evaluation frameworks. You will serve as the primary domain expert on cyber harms, advising cross-functional teams on threat landscapes and mitigation strategies.

You will collaborate closely with internal and external threat modeling experts to develop training data for safety systems, and with ML engineers to train these systems, optimizing for both robustness against adversarial attacks and low false-positive rates for legitimate security researchers.

You will also analyze safety system performance in traffic, identifying gaps and proposing improvements. You will conduct regular reviews of existing policies and enforcement systems to identify and address gaps and ambiguities related to cybersecurity risks.

You will develop rigorous stress-testing of safeguards against evolving cyber threats and product surfaces. You will partner with Research, Product, Policy, Security Team, and Frontier Red Team to ensure cybersecurity safety is embedded throughout the model development lifecycle.

You will translate cybersecurity domain knowledge into actionable safety requirements and clearly articulated policies. You will contribute to external communications, including model cards, blog posts, and policy documents related to cybersecurity safety.

You will monitor emerging technologies and threat landscapes for their potential to contribute to new risks and mitigation strategies, and strategically address these.

You will mentor and develop team members, fostering a culture of technical excellence and responsible AI development.

To be successful in this role, you will need to have:

• An M.S. or PhD in Computer Science, Cybersecurity, or a related technical field, OR equivalent professional experience in offensive or defensive cybersecurity
• 5+ years of hands-on experience in cybersecurity, with deep expertise in areas such as vulnerability research, exploit development, network security, malware analysis, or penetration testing
• 2+ years of experience managing technical teams or leading complex technical projects with multiple stakeholders
• Experience in scientific computing and data analysis, with proficiency in programming (Python preferred)
• Deep expertise in modern cybersecurity, including both offensive techniques (vulnerability research, exploit development, penetration testing, malware analysis) and defensive measures (detection, monitoring, incident response)
• Demonstrated ability to create threat models and translate technical cyber risks into policy frameworks
• Familiarity with responsible disclosure practices, vulnerability coordination, and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, CWE/CVE systems)
• Strong analytical and writing skills, with the ability to navigate ambiguity and explain complex technical concepts to non-technical stakeholders
• Experience developing policies or guidelines at scale, balancing safety concerns with enabling legitimate use cases
• A passion for learning new skills and an ability to rapidly adapt to changing techniques and technologies
• Comfort working in a fast-paced environment where priorities may shift as AI capabilities evolve
• Track record of translating specialized technical knowledge into actionable safety policies or enforcement guidelines

Preferred qualifications include:

• Background in AI/ML systems, particularly experience with large language models
• Experience developing ML-based security systems or adversarial ML research
• Experience working with defense, intelligence, or security organizations (e.g., NSA, CISA, national labs, security contractors)
• Published security research, disclosed vulnerabilities, or participated in bug bounty programs
• Understanding of Trust & Safety operations and content moderation at scale
• Certifications such as OSCP, OSCE, GXPN, or equivalent demonstrating technical depth
• Understanding of dual-use security research concerns and ethical considerations in AI safety

The annual compensation range for this role is $320,000-$405,000 USD.

XML job scraping automation by YubHub

About the Role: The Application Security team at Anthropic is at the forefront of building security into every phase of the software development lifecycle. As an Application Security Engineer, you will partner closely with software engineers and researchers to ensure that security is a core consideration from initial design through implementation. You will lead threat modeling and secure design reviews to proactively identify and mitigate risks early, and help with continuous risk assessment. You will build tools and systems to support developers shipping code securely, adhering to secure coding best practices.

Responsibilities:

• Help secure AI products and internal tools that are introducing industry-novel security risks and pushing established security boundaries
• Lead “shift left” security efforts to build security into the software development lifecycle
• Conduct secure design reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities
• Develop tooling to scale security code reviews and respond to developer questions, including advising developers on remediating vulnerabilities and following secure coding practices
• Manage Anthropic's vulnerability management program, including integrating data ingestion pipelines, coding logic to prioritize vulnerability fixes, supporting teams remediating vulnerabilities and developing automated systems at scale
• Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with the ethical hacker community
• Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development
• Develop and document security policies, standards, and playbooks. Conduct security awareness training for engineers

Requirements:

• 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments
• Strong proficiency in at least one programming language (e.g., Python, Rust, Go, Java)
• Lead with empathy, a collaborative spirit, and a learning mindset to work cross-functionally with engineers of all levels to build security into the software development life cycle
• Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls
• Possess broad security knowledge to connect the dots across domains and identify holistic ways to decrease the overall threat surface
• Are keen to distill complex security concepts into clear actions and drive consensus without direct authority
• Embody a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education
• Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes
• Bring experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses
• Are practiced at collaborating cross-functionally and effectively balancing security requirements with business objectives
• Advocate for security fundamentals like least privilege, defense-in-depth, and eliminating complexity that could sub-linearly scale security through smart design

Preferred Qualifications:

• Hands-on technical expertise securing complex cloud environments and microservices architectures leveraging technologies like Kubernetes, Docker, and AWS / GCP
• Exposure to offensive security techniques like vulnerability testing, bug bounty, pen testing, and red team exercises
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, model extraction, etc. and mitigations
• Experience building security tools, applications, and automated tools
• Solid foundational knowledge of both software and security engineering principles and are keen to continue learning
• Excellent communication skills, able to distill complex security topics for broad audiences
• Worked and thrived in fast-paced environments, and comfortable navigating ambiguity

Annual Compensation Range:

$300,000-$405,000 USD

Logistics:

• Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience
• Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience
• Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position
• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

How to Apply:

If you're interested in this role, please submit your application through our website. We look forward to reviewing your application!

Note:

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links,visit anthropic.com/careers directly for confirmed position openings.

XML job scraping automation by YubHub

In this role, you will establish and test security guardrails for code, cloud resources, and infrastructure components throughout the Anchorage platform. You will monitor and respond to security events and configuration anomalies across the organization, leading investigation and containment efforts. You will manage the full vulnerability lifecycle from discovery through remediation, tracking progress and ensuring timely closure of findings.

You will lead or substantially contribute to Security Operations initiatives with minimal oversight, coordinating across team boundaries to drive projects to completion. You will break complex security problems into manageable workstreams with accurate scope and time estimates. Present options clearly and provide well-reasoned priority recommendations.

Deliver assurance artifacts and evidence for regulated entity requirements, supporting audit and compliance efforts. Balance speed of response with thoroughness of investigation, adapting approach based on risk and business impact.

You will understand and help implement the company's security strategy by participating in planning and defining Security Operations goals in alignment with Anchorage Digital's overall objectives. Stay alert to emerging threats, vulnerabilities, and industry trends that could affect organizational security posture.

Consider security holistically across the product ecosystem,applications, infrastructure, and third-party integrations,while fostering a security-first culture. Collaborate cross-functionally with Engineering, Infrastructure, and Compliance teams to embed security into development and operational processes.

Share knowledge broadly across the team through documentation, runbooks, and post-incident reviews, preventing single points of failure. Partner with engineering teams to explain security risks and remediation approaches, translating technical findings into actionable guidance.

Collaborate across teams to review security configurations, triage findings, and engage in technical discussions. Communicate insights and recommendations clearly to improve processes. Demonstrate empathy by understanding others' context, priorities, and constraints,adapting communication style to maximize effectiveness with both technical and non-technical audiences.

XML job scraping automation by YubHub

This leadership role within the Vehicle and Connected Cybersecurity organization is responsible for leading the "eyes and ears" of the company. You will lead a global team of experts tasked with monitoring trillions of signals from vehicle telematics, embedded systems, and cloud-native application stacks, ensuring that millions of connected vehicles and the cloud services that power them are continuously protected against sophisticated global threats.

Your mandate covers the entire lifecycle of a threat—from proactive intelligence gathering and managing global bug bounty programs to real-time detection engineering and high-stakes incident response. As a key leader in the Ford+ transformation, you will bridge the gap between Product Development, Model e, Ford Pro, and Enterprise IT to ensure a unified, world-class defense posture.

Responsibilities

Global Vehicle & Application Monitoring (VSOC/ASOC Operations):

Directing 24/7 monitoring for Ford’s global connected fleet and digital services, ensuring operational excellence with high-fidelity visibility across geographies, and overseeing the analysis of vast signals from vehicle telematics, embedded systems, and cloud-native applications.

Analysis & Incident Response (CIRT Partnership):

Serving as the primary executive lead for security incidents involving vehicles or connected services, partnering with the corporate Incident Response Team (CIRT), directing forensic analysis on vehicle-specific protocols (CAN, Automotive Ethernet) and cloud/mobile application stacks, and developing rapid-response playbooks including Over-the-Air (OTA) security mitigations.

Monitoring Development & Detection Engineering:

Leading teams to build advanced detection logic, behavioral heuristics, and Machine Learning (ML) models for automotive attack patterns, driving the implementation of Security Orchestration, Automation, and Response (SOAR) platforms, and integrating data science for anomaly detection.

Product Threat Intelligence:

Building and leading a dedicated capability to track threat actors targeting the automotive sector, EV charging infrastructure, and fleet management tools, translating intelligence into proactive defense strategies, and representing Ford in industry forums like Auto-ISAC.

Threat Hunting & Bug Bounty Program:

Leading a specialized hunt team to identify hidden threats and vulnerabilities, overseeing Ford’s Coordinated Vulnerability Disclosure (CVD) and Bug Bounty programs, and aligning insights with internal red-teaming and secure-coding priorities.

Executive Leadership & Qualifications:

Defining and executing a global monitoring roadmap aligned with Ford’s software-centric transition, acting as the primary authority for operational cyber risks, leading and mentoring a global organization, and influencing cross-functional partners

Qualifications

• Education: Bachelor’s degree in Computer Science, Cybersecurity, or Engineering (Master’s or PhD highly preferred).
• Experience: 15+ years in Cybersecurity, with at least 7 years in a senior leadership role overseeing large-scale SOC or Incident Response organizations.
• Technical Depth: Deep understanding of SOC operations, threat intelligence frameworks (MITRE ATT&CK), and automotive-specific security challenges.
• Executive Presence: Proven ability to manage high-pressure security incidents and communicate complex technical risks to non-technical stakeholders.

Benefits

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!

As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder…or all of the above? No matter what you choose, we offer a work life that works for you, including:

• Immediate medical, dental, vision and prescription drug coverage

• Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more

• Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more

• Vehicle discount program for employees and family members and management leases

• Tuition assistance

• Established and active employee resource groups

• Paid time off for individual and team community service

• A generous schedule of paid holidays, including the week between Christmas and New Year’s Day

• Paid time off and the option to purchase additional vacation time.

Salary

This position is leadership level 5 and ranges from $138,240-261,720.

Final determination of salary grade will be based on candidate's skills and experience, and base salary will be set within the applicable range according to job scope, responsibility and competitive market value.

For more information on salary and benefits, click here: https://fordcareers.co/LL5

Visa Sponsorship

Visa sponsorship is not available for this position.

Equal Opportunity Employer

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call 1-888-336-0660.

XML job scraping automation by YubHub

The Application Security team at Anthropic is at the forefront of building security into every phase of the software development lifecycle. In this hands-on technical role, you will partner closely with software engineers and researchers to ensure security is a core consideration from initial design through implementation.

You will lead threat modeling and secure design reviews to proactively identify and mitigate risks early, and help with continuous risk assessment. You will build tools and systems to support developers shipping code securely, adhering to secure coding best practices.

Your insights will shape our tooling, detection capabilities, and defenses against emerging threats to AI/ML. You'll develop the standards, processes, and educational resources that enable all Anthropic engineers to be security champions.

Responsibilities:

• Help secure AI products and internal tools that are introducing industry-novel security risks and pushing established security boundaries
• Lead “shift left” security efforts to build security into the software development lifecycle
• Conduct secure design reviews and threat modeling. Identify and prioritise risks, attack surfaces, and vulnerabilities
• Develop tooling to scale security code reviews and respond to developer questions, including advising developers on remediating vulnerabilities and following secure coding practices
• Manage Anthropic's vulnerability management program, including integrating data ingestion pipelines, coding logic to prioritise vulnerability fixes, supporting teams remediating vulnerabilities and developing automated systems at scale
• Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with the ethical hacker community
• Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development
• Develop and document security policies, standards, and playbooks. Conduct security awareness training for engineers

You may be a good fit if you:

• Have 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments
• Strong proficiency in at least one programming language (e.g., Python, Rust, Go, Java)
• Lead with empathy, a collaborative spirit, and a learning mindset to work cross-functionally with engineers of all levels to build security into the software development life cycle
• Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls
• Possess broad security knowledge to connect the dots across domains and identify holistic ways to decrease the overall threat surface
• Are keen to distill complex security concepts into clear actions and drive consensus without direct authority
• Embody a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education
• Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes
• Bring experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses
• Are practiced at collaborating cross-functionally and effectively balancing security requirements with business objectives
• Advocate for security fundamentals like least privilege, defence-in-depth, and eliminating complexity that could sub-linearly scale security through smart design

Strong candidates may also:

• Hands-on technical expertise securing complex cloud environments and microservices architectures leveraging technologies like Kubernetes, Docker, and AWS / GCP
• Exposure to offensive security techniques like vulnerability testing, bug bounty, pen testing, and red team exercises
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, model extraction, etc. and mitigations
• Experience building security tools, applications, and automated tools
• Solid foundational knowledge of both software and security engineering principles and are keen to continue learning
• Excellent communication skills, able to distill complex security topics for broad audiences
• Worked and thrived in fast-paced environments, and comfortable navigating ambiguity

The annual compensation range for this role is $300,000 - $405,000 USD.

XML job scraping automation by YubHub

We are looking for a cybersecurity expert to lead our efforts to prevent AI misuse in the cyber domain. As a Cyber Harms Technical Policy Manager, you will lead a team applying deep technical expertise to inform the design of safety systems that detect harmful cyber behaviours and prevent misuse by sophisticated threat actors.

In this role, you will:

• Lead and grow a team of technical specialists focused on cyber threat modelling and evaluation frameworks
• Design and oversee execution of capability evaluations ('evals') to assess the cyber-relevant capabilities of new models
• Create comprehensive cyber threat models, including attack vectors, exploit chains, precursor identification, and weaponization techniques
• Develop and iterate on usage policies that govern responsible use of our models for emerging capabilities and use cases related to cyber harms
• Serve as the primary domain expert on cyber harms, advising cross-functional teams on threat landscapes and mitigation strategies
• Collaborate closely with internal and external threat modelling experts to develop training data for safety systems, and with ML engineers to train these systems, optimising for both robustness against adversarial attacks and low false-positive rates for legitimate security researchers
• Analyse safety system performance in traffic, identifying gaps and proposing improvements
• Conduct regular reviews of existing policies and enforcement systems to identify and address gaps and ambiguities related to cybersecurity risks
• Develop rigorous stress-testing of safeguards against evolving cyber threats and product surfaces
• Partner with Research, Product, Policy, Security Team, and Frontier Red Team to ensure cybersecurity safety is embedded throughout the model development lifecycle
• Translate cybersecurity domain knowledge into actionable safety requirements and clearly articulated policies
• Contribute to external communications, including model cards, blog posts, and policy documents related to cybersecurity safety
• Monitor emerging technologies and threat landscapes for their potential to contribute to new risks and mitigation strategies, and strategically address these
• Mentor and develop team members, fostering a culture of technical excellence and responsible AI development

You may be a good fit if you have:

• An M.S. or PhD in Computer Science, Cybersecurity, or a related technical field, OR equivalent professional experience in offensive or defensive cybersecurity
• 5+ years of hands-on experience in cybersecurity, with deep expertise in areas such as vulnerability research, exploit development, network security, malware analysis, or penetration testing
• 2+ years of experience managing technical teams or leading complex technical projects with multiple stakeholders
• Experience in scientific computing and data analysis, with proficiency in programming (Python preferred)
• Deep expertise in modern cybersecurity, including both offensive techniques (vulnerability research, exploit development, penetration testing, malware analysis) and defensive measures (detection, monitoring, incident response)
• Demonstrated ability to create threat models and translate technical cyber risks into policy frameworks
• Familiarity with responsible disclosure practices, vulnerability coordination, and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, CWE/CVE systems)
• Strong analytical and writing skills, with the ability to navigate ambiguity and explain complex technical concepts to non-technical stakeholders
• Experience developing policies or guidelines at scale, balancing safety concerns with enabling legitimate use cases
• A passion for learning new skills and an ability to rapidly adapt to changing techniques and technologies
• Comfort working in a fast-paced environment where priorities may shift as AI capabilities evolve
• Track record of translating specialised technical knowledge into actionable safety policies or enforcement guidelines

Preferred Qualifications:

• Background in AI/ML systems, particularly experience with large language models
• Experience developing ML-based security systems or adversarial ML research
• Experience working with defence, intelligence, or security organisations (e.g., NSA, CISA, national labs, security contractors)
• Published security research, disclosed vulnerabilities, or participated in bug bounty programs
• Understanding of Trust & Safety operations and content moderation at scale
• Certifications such as OSCP, OSCE, GXPN, or equivalent demonstrating technical depth
• Understanding of dual-use security research concerns and ethical considerations in AI safety

XML job scraping automation by YubHub

This is a hands-on, investigative role requiring strong technical depth, understanding of modern software engineering and CI/CD systems, familiarity with cloud-native infrastructure (especially GCP), and the ability to work across multiple teams in a fast-paced environment.

Responsibilities

Threat Awareness & Rapid Assessment

• Continuously monitor emerging threats, including bad actor activity, 0-day vulnerabilities, public exploitation campaigns, bug bounty reports, and customer-reported security issues

• Quickly assess the applicability of these threats to Replit’s cloud infrastructure, SaaS services, internal tooling, and platform components.

Investigation & Impact Analysis

• Conduct targeted investigations to determine whether Replit is already impacted by a newly discovered threat, vulnerability, or exploit.

• Analyze logs, telemetry, and system behaviors using SIEM, metrics, Cloud Logging, and related tools.

• Identify gaps or weaknesses in existing detection or visibility and propose improvements.

Containment, Mitigation & Cross-Team Collaboration

• Research potential impact paths and develop mitigation strategies for confirmed or applicable threats.

• Partner closely with Security, SRE, and Engineering teams to coordinate and implement containment, patches, configuration updates, or code-level fixes.

• Document findings, mitigations, and follow-up actions clearly for internal teams.

Required Skills & Experience

• Strong understanding of software engineering fundamentals, including code structure, build systems, dependencies, and package ecosystems—enabling effective partnership with Engineering teams.

• Understanding of CI/CD pipelines and DevOps workflows, enabling collaboration with Infrastructure and DevOps teams.

• Solid knowledge of cloud architecture, especially Google Cloud Platform (GCP) services used in modern cloud-native deployments.

• Familiarity with SaaS architectures, identity systems, and integration patterns for effective collaboration with Cloud Security teams.

• Hands-on experience with SIEM, Cloud Logging, and log-based investigation workflows.

• Ability to perform investigations using log data, behavioral indicators, and threat intelligence.

• General understanding of vulnerability lifecycles, exploitability analysis, and common attack vectors.

Preferred Qualifications

• Experience with threat intelligence, security research, or vulnerability analysis.

• Familiarity with Kubernetes, containers, serverless infrastructure, or modern distributed systems.

• Ability to write scripts or small tools for investigation or automation (Python, Go, Bash).

• Experience working with bug bounty programs or coordinated vulnerability disclosure workflows.

• Experience in fast-paced, cloud-native, or AI/ML-driven environments.

What We Value

• Curiosity & initiative: Strong desire to understand attacker behaviors, emerging threats, and how they apply to real-world systems.

• Speed & analytical rigor: Ability to quickly assess high-risk vulnerabilities with clear, evidence-based reasoning.

• Collaboration: Comfort working across cross-functional teams spanning Security, SRE, Engineering, and Infrastructure.

• Clear communication: Ability to explain findings, risks, and mitigation strategies to stakeholders at all levels.

• Ownership mindset: Takes initiative to drive investigations, improvements, and remediations to completion

• Continuous learning: Passion for staying up to date on new vulnerabilities, exploit trends, and cloud-native security best practices.

Full-Time Employee Benefits Include:

💰 Competitive Salary & Equity

💹 401(k) Program with a 4% match

⚕️ Health, Dental, Vision and Life Insurance

🩼 Short Term and Long Term Disability

🚼 Paid Parental, Medical, Caregiver Leave

🚗 Commuter Benefits

📱 Monthly Wellness Stipend

🧑‍💻 Autonomous Work Environment

🖥 In Office Set-Up Reimbursement

🏝 Flexible Time Off (FTO) + Holidays

🚀 Quarterly Team Gatherings

☕ In Office Amenities

Want to learn more about what we are up to?

• Meet the Replit Agent

• Replit: Make an app for that

• Replit Blog

• Amjad TED Talk

Interviewing + Culture at Replit

• Operating Principles

• Reasons not to work at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially

XML job scraping automation by YubHub