This is a unique opportunity to shape how frontier AI models handle dual-use cybersecurity knowledge,balancing the tremendous potential of AI to advance legitimate security research and defensive capabilities while preventing misuse by malicious actors.

In this role, you will lead and grow a team of technical specialists focused on cyber threat modeling and evaluation frameworks. You will serve as the primary domain expert on cyber harms, advising cross-functional teams on threat landscapes and mitigation strategies.

You will collaborate closely with internal and external threat modeling experts to develop training data for safety systems, and with ML engineers to train these systems, optimizing for both robustness against adversarial attacks and low false-positive rates for legitimate security researchers.

You will also analyze safety system performance in traffic, identifying gaps and proposing improvements. You will conduct regular reviews of existing policies and enforcement systems to identify and address gaps and ambiguities related to cybersecurity risks.

You will develop rigorous stress-testing of safeguards against evolving cyber threats and product surfaces. You will partner with Research, Product, Policy, Security Team, and Frontier Red Team to ensure cybersecurity safety is embedded throughout the model development lifecycle.

You will translate cybersecurity domain knowledge into actionable safety requirements and clearly articulated policies. You will contribute to external communications, including model cards, blog posts, and policy documents related to cybersecurity safety.

You will monitor emerging technologies and threat landscapes for their potential to contribute to new risks and mitigation strategies, and strategically address these.

You will mentor and develop team members, fostering a culture of technical excellence and responsible AI development.

To be successful in this role, you will need to have:

• An M.S. or PhD in Computer Science, Cybersecurity, or a related technical field, OR equivalent professional experience in offensive or defensive cybersecurity
• 5+ years of hands-on experience in cybersecurity, with deep expertise in areas such as vulnerability research, exploit development, network security, malware analysis, or penetration testing
• 2+ years of experience managing technical teams or leading complex technical projects with multiple stakeholders
• Experience in scientific computing and data analysis, with proficiency in programming (Python preferred)
• Deep expertise in modern cybersecurity, including both offensive techniques (vulnerability research, exploit development, penetration testing, malware analysis) and defensive measures (detection, monitoring, incident response)
• Demonstrated ability to create threat models and translate technical cyber risks into policy frameworks
• Familiarity with responsible disclosure practices, vulnerability coordination, and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, CWE/CVE systems)
• Strong analytical and writing skills, with the ability to navigate ambiguity and explain complex technical concepts to non-technical stakeholders
• Experience developing policies or guidelines at scale, balancing safety concerns with enabling legitimate use cases
• A passion for learning new skills and an ability to rapidly adapt to changing techniques and technologies
• Comfort working in a fast-paced environment where priorities may shift as AI capabilities evolve
• Track record of translating specialized technical knowledge into actionable safety policies or enforcement guidelines

Preferred qualifications include:

• Background in AI/ML systems, particularly experience with large language models
• Experience developing ML-based security systems or adversarial ML research
• Experience working with defense, intelligence, or security organizations (e.g., NSA, CISA, national labs, security contractors)
• Published security research, disclosed vulnerabilities, or participated in bug bounty programs
• Understanding of Trust & Safety operations and content moderation at scale
• Certifications such as OSCP, OSCE, GXPN, or equivalent demonstrating technical depth
• Understanding of dual-use security research concerns and ethical considerations in AI safety

The annual compensation range for this role is $320,000-$405,000 USD.

XML job scraping automation by YubHub

In this role, you will:

Perform manual and automated testing of web applications, APIs, and mobile apps (iOS/Android). Conduct network and cloud level assessments with various tooling. Triage and validate reports from automated scanners or bug bounty hunters to eliminate false positives and escalate true positives. Perform initial prompt injection and jailbreak tests on AI prototypes, services, and applications using established checklists (OWASP Top 10 for LLMs). Draft high-quality reports that detail the "path to compromise" with clear, reproducible steps for developers. Manage and update the team's testing infrastructure (e.g., Burp Suite, and basic C2 listeners). Provide direct technical guidance to engineering teams on how to patch vulnerabilities like XSS, SQLi, and IDOR. Design and lead multi-week Red Team operations that mimic specific threat actors (APTs) to test the SIRT detection capabilities. Build custom payloads, droppers, and obfuscated scripts to bypass EDR/AV and maintain stealth. Build automated testing frameworks for AI systems (e.g., using PyRIT, Promptfoo, or Garak) to test for models related to sensitive data leakage. Execute sophisticated attacks against AWS/Azure/K8s, focusing on IAM misconfigurations and container escapes. Collaborate with SIRT and Detection Engineering to tune SIEM alerts based on the techniques used during an engagement. Oversee the organization's bug bounty program, identifying trends in submissions to suggest broad architectural security changes.

Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply.

XML job scraping automation by YubHub

Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

We are hiring security specialists who are experienced at exploitation and remediation, and are interested in understanding how LLMs could cause harm in the future, so that we can better prepare for this future and mitigate these risks before they arise.

Responsibilities:

• Triage any vulnerabilities discovered, coordinate and assist the external and open-source community in remediation
• Write scaffolds designed to automate typical traditional attack techniques to help clarify our defensive problem selection
• Research how adversaries might misuse LLMs to identify and exploit vulnerabilities at scale in the future
• Develop promising defensive strategies that could mitigate the ability of adversaries to misuse models in harmful ways
• Work with a small, senior team of engineers and researchers to enact a forward-looking security plan

You may be a good fit if you have:

• 3+ years experience with pentesting, vulnerability research, or other offensive security experience
• Senior-level knowledge in at least one related topic area (reverse engineering, network security, exploitation, physical security)
• A history demonstrating desire to do the 'dirty work' that results in high-quality outputs
• Software engineering experience
• Demonstrated success in bringing clarity and ownership to ambiguous technical problems
• Proven ability to lead cross-functional security initiatives and navigate complex organisational dynamics

Strong candidates may also have:

• Published research papers on computer security, language modeling, or related topics; or given talks at Defcon, Blackhat, CCC, or related venues
• Familiarity with large language models and how they work; for example, you may have written agent scaffolds
• Reported CVEs, or been awarded for bug bounty vulnerabilities
• Contributed to open-source projects in LLM- or security-adjacent repositories

The annual compensation range for this role is $320,000-$405,000 USD.

XML job scraping automation by YubHub

About the Role: The Application Security team at Anthropic is at the forefront of building security into every phase of the software development lifecycle. As an Application Security Engineer, you will partner closely with software engineers and researchers to ensure that security is a core consideration from initial design through implementation. You will lead threat modeling and secure design reviews to proactively identify and mitigate risks early, and help with continuous risk assessment. You will build tools and systems to support developers shipping code securely, adhering to secure coding best practices.

Responsibilities:

• Help secure AI products and internal tools that are introducing industry-novel security risks and pushing established security boundaries
• Lead “shift left” security efforts to build security into the software development lifecycle
• Conduct secure design reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities
• Develop tooling to scale security code reviews and respond to developer questions, including advising developers on remediating vulnerabilities and following secure coding practices
• Manage Anthropic's vulnerability management program, including integrating data ingestion pipelines, coding logic to prioritize vulnerability fixes, supporting teams remediating vulnerabilities and developing automated systems at scale
• Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with the ethical hacker community
• Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development
• Develop and document security policies, standards, and playbooks. Conduct security awareness training for engineers

Requirements:

• 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments
• Strong proficiency in at least one programming language (e.g., Python, Rust, Go, Java)
• Lead with empathy, a collaborative spirit, and a learning mindset to work cross-functionally with engineers of all levels to build security into the software development life cycle
• Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls
• Possess broad security knowledge to connect the dots across domains and identify holistic ways to decrease the overall threat surface
• Are keen to distill complex security concepts into clear actions and drive consensus without direct authority
• Embody a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education
• Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes
• Bring experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses
• Are practiced at collaborating cross-functionally and effectively balancing security requirements with business objectives
• Advocate for security fundamentals like least privilege, defense-in-depth, and eliminating complexity that could sub-linearly scale security through smart design

Preferred Qualifications:

• Hands-on technical expertise securing complex cloud environments and microservices architectures leveraging technologies like Kubernetes, Docker, and AWS / GCP
• Exposure to offensive security techniques like vulnerability testing, bug bounty, pen testing, and red team exercises
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, model extraction, etc. and mitigations
• Experience building security tools, applications, and automated tools
• Solid foundational knowledge of both software and security engineering principles and are keen to continue learning
• Excellent communication skills, able to distill complex security topics for broad audiences
• Worked and thrived in fast-paced environments, and comfortable navigating ambiguity

Annual Compensation Range:

$300,000-$405,000 USD

Logistics:

• Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience
• Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience
• Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position
• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

How to Apply:

If you're interested in this role, please submit your application through our website. We look forward to reviewing your application!

Note:

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links,visit anthropic.com/careers directly for confirmed position openings.

XML job scraping automation by YubHub

In this role, you will establish and test security guardrails for code, cloud resources, and infrastructure components throughout the Anchorage platform. You will monitor and respond to security events and configuration anomalies across the organization, leading investigation and containment efforts. You will manage the full vulnerability lifecycle from discovery through remediation, tracking progress and ensuring timely closure of findings.

You will lead or substantially contribute to Security Operations initiatives with minimal oversight, coordinating across team boundaries to drive projects to completion. You will break complex security problems into manageable workstreams with accurate scope and time estimates. Present options clearly and provide well-reasoned priority recommendations.

Deliver assurance artifacts and evidence for regulated entity requirements, supporting audit and compliance efforts. Balance speed of response with thoroughness of investigation, adapting approach based on risk and business impact.

You will understand and help implement the company's security strategy by participating in planning and defining Security Operations goals in alignment with Anchorage Digital's overall objectives. Stay alert to emerging threats, vulnerabilities, and industry trends that could affect organizational security posture.

Consider security holistically across the product ecosystem,applications, infrastructure, and third-party integrations,while fostering a security-first culture. Collaborate cross-functionally with Engineering, Infrastructure, and Compliance teams to embed security into development and operational processes.

Share knowledge broadly across the team through documentation, runbooks, and post-incident reviews, preventing single points of failure. Partner with engineering teams to explain security risks and remediation approaches, translating technical findings into actionable guidance.

Collaborate across teams to review security configurations, triage findings, and engage in technical discussions. Communicate insights and recommendations clearly to improve processes. Demonstrate empathy by understanding others' context, priorities, and constraints,adapting communication style to maximize effectiveness with both technical and non-technical audiences.

XML job scraping automation by YubHub

This leadership role within the Vehicle and Connected Cybersecurity organization is responsible for leading the "eyes and ears" of the company. You will lead a global team of experts tasked with monitoring trillions of signals from vehicle telematics, embedded systems, and cloud-native application stacks, ensuring that millions of connected vehicles and the cloud services that power them are continuously protected against sophisticated global threats.

Your mandate covers the entire lifecycle of a threat—from proactive intelligence gathering and managing global bug bounty programs to real-time detection engineering and high-stakes incident response. As a key leader in the Ford+ transformation, you will bridge the gap between Product Development, Model e, Ford Pro, and Enterprise IT to ensure a unified, world-class defense posture.

Responsibilities

Global Vehicle & Application Monitoring (VSOC/ASOC Operations):

Directing 24/7 monitoring for Ford’s global connected fleet and digital services, ensuring operational excellence with high-fidelity visibility across geographies, and overseeing the analysis of vast signals from vehicle telematics, embedded systems, and cloud-native applications.

Analysis & Incident Response (CIRT Partnership):

Serving as the primary executive lead for security incidents involving vehicles or connected services, partnering with the corporate Incident Response Team (CIRT), directing forensic analysis on vehicle-specific protocols (CAN, Automotive Ethernet) and cloud/mobile application stacks, and developing rapid-response playbooks including Over-the-Air (OTA) security mitigations.

Monitoring Development & Detection Engineering:

Leading teams to build advanced detection logic, behavioral heuristics, and Machine Learning (ML) models for automotive attack patterns, driving the implementation of Security Orchestration, Automation, and Response (SOAR) platforms, and integrating data science for anomaly detection.

Product Threat Intelligence:

Building and leading a dedicated capability to track threat actors targeting the automotive sector, EV charging infrastructure, and fleet management tools, translating intelligence into proactive defense strategies, and representing Ford in industry forums like Auto-ISAC.

Threat Hunting & Bug Bounty Program:

Leading a specialized hunt team to identify hidden threats and vulnerabilities, overseeing Ford’s Coordinated Vulnerability Disclosure (CVD) and Bug Bounty programs, and aligning insights with internal red-teaming and secure-coding priorities.

Executive Leadership & Qualifications:

Defining and executing a global monitoring roadmap aligned with Ford’s software-centric transition, acting as the primary authority for operational cyber risks, leading and mentoring a global organization, and influencing cross-functional partners

Qualifications

• Education: Bachelor’s degree in Computer Science, Cybersecurity, or Engineering (Master’s or PhD highly preferred).
• Experience: 15+ years in Cybersecurity, with at least 7 years in a senior leadership role overseeing large-scale SOC or Incident Response organizations.
• Technical Depth: Deep understanding of SOC operations, threat intelligence frameworks (MITRE ATT&CK), and automotive-specific security challenges.
• Executive Presence: Proven ability to manage high-pressure security incidents and communicate complex technical risks to non-technical stakeholders.

Benefits

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!

As an established global company, we offer the benefit of choice. You can choose what your Ford future will look like: will your story span the globe, or keep you close to home? Will your career be a deep dive into what you love, or a series of new teams and new skills? Will you be a leader, a changemaker, a technical expert, a culture builder…or all of the above? No matter what you choose, we offer a work life that works for you, including:

• Immediate medical, dental, vision and prescription drug coverage

• Flexible family care days, paid parental leave, new parent ramp-up programs, subsidized back-up child care and more

• Family building benefits including adoption and surrogacy expense reimbursement, fertility treatments, and more

• Vehicle discount program for employees and family members and management leases

• Tuition assistance

• Established and active employee resource groups

• Paid time off for individual and team community service

• A generous schedule of paid holidays, including the week between Christmas and New Year’s Day

• Paid time off and the option to purchase additional vacation time.

Salary

This position is leadership level 5 and ranges from $138,240-261,720.

Final determination of salary grade will be based on candidate's skills and experience, and base salary will be set within the applicable range according to job scope, responsibility and competitive market value.

For more information on salary and benefits, click here: https://fordcareers.co/LL5

Visa Sponsorship

Visa sponsorship is not available for this position.

Equal Opportunity Employer

Candidates for positions with Ford Motor Company must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, age, sex, national origin, sexual orientation, gender identity, disability status or protected veteran status. In the United States, if you need a reasonable accommodation for the online application process due to a disability, please call 1-888-336-0660.

XML job scraping automation by YubHub

The Application Security team at Anthropic is at the forefront of building security into every phase of the software development lifecycle. In this hands-on technical role, you will partner closely with software engineers and researchers to ensure security is a core consideration from initial design through implementation.

You will lead threat modeling and secure design reviews to proactively identify and mitigate risks early, and help with continuous risk assessment. You will build tools and systems to support developers shipping code securely, adhering to secure coding best practices.

Your insights will shape our tooling, detection capabilities, and defenses against emerging threats to AI/ML. You'll develop the standards, processes, and educational resources that enable all Anthropic engineers to be security champions.

Responsibilities:

• Help secure AI products and internal tools that are introducing industry-novel security risks and pushing established security boundaries
• Lead “shift left” security efforts to build security into the software development lifecycle
• Conduct secure design reviews and threat modeling. Identify and prioritise risks, attack surfaces, and vulnerabilities
• Develop tooling to scale security code reviews and respond to developer questions, including advising developers on remediating vulnerabilities and following secure coding practices
• Manage Anthropic's vulnerability management program, including integrating data ingestion pipelines, coding logic to prioritise vulnerability fixes, supporting teams remediating vulnerabilities and developing automated systems at scale
• Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with the ethical hacker community
• Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development
• Develop and document security policies, standards, and playbooks. Conduct security awareness training for engineers

You may be a good fit if you:

• Have 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments
• Strong proficiency in at least one programming language (e.g., Python, Rust, Go, Java)
• Lead with empathy, a collaborative spirit, and a learning mindset to work cross-functionally with engineers of all levels to build security into the software development life cycle
• Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls
• Possess broad security knowledge to connect the dots across domains and identify holistic ways to decrease the overall threat surface
• Are keen to distill complex security concepts into clear actions and drive consensus without direct authority
• Embody a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education
• Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes
• Bring experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses
• Are practiced at collaborating cross-functionally and effectively balancing security requirements with business objectives
• Advocate for security fundamentals like least privilege, defence-in-depth, and eliminating complexity that could sub-linearly scale security through smart design

Strong candidates may also:

• Hands-on technical expertise securing complex cloud environments and microservices architectures leveraging technologies like Kubernetes, Docker, and AWS / GCP
• Exposure to offensive security techniques like vulnerability testing, bug bounty, pen testing, and red team exercises
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, model extraction, etc. and mitigations
• Experience building security tools, applications, and automated tools
• Solid foundational knowledge of both software and security engineering principles and are keen to continue learning
• Excellent communication skills, able to distill complex security topics for broad audiences
• Worked and thrived in fast-paced environments, and comfortable navigating ambiguity

The annual compensation range for this role is $300,000 - $405,000 USD.

XML job scraping automation by YubHub

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

AI Security at Anthropic

We believe we are at an inflection point for AI's impact on cybersecurity. Models are now useful for cybersecurity tasks in practice: for example, Claude can now outperform human teams in some cybersecurity competitions and help us discover vulnerabilities in our own code.

We are looking for researchers and engineers to help us accelerate defensive use of AI to secure code and infrastructure.

Anthropic Fellows Program Overview

The Anthropic Fellows Program is designed to accelerate AI security and safety research, and foster research talent. We provide funding and mentorship to promising technical talent - regardless of previous experience - to research the frontier of AI security and safety for four months.

Fellows will primarily use external infrastructure (e.g. open-source models, public APIs) to work on an empirical project aligned with our research priorities, with the goal of producing a public output (e.g. a paper submission). In our previous cohorts, over 80% of fellows produced papers (more below).

We run multiple cohorts of Fellows each year. This application is for cohorts starting in July 2026 and beyond.

What to Expect

• Direct mentorship from Anthropic researchers
• Access to a shared workspace (in either Berkeley, California or London, UK)
• Connection to the broader AI safety research community
• Weekly stipend of 3,850 USD / 2,310 GBP / 4,300 CAD & access to benefits (benefits vary by country)
• Funding for compute (~$15k/month) and other research expenses

Mentors, Research Areas, & Past Projects

Fellows will undergo a project selection & mentor matching process. Potential mentors include:

• Nicholas Carlini
• Keri Warr
• Evyatar Ben Asher
• Keane Lucas
• Newton Cheng

On our Alignment Science and Frontier Red Team blogs, you can read about some past Fellows projects, including:

• AI agents find $4.6M in blockchain smart contract exploits: Winnie Xiao and Cole Killian, mentored by Nicholas Carlini and Alwin Peng
• Strengthening Red Teams: A Modular Scaffold for Control Evaluations: Chloe Loughridge et al., mentored by Jon Kutasov and Joe Benton

You may be a good fit if you

• Are motivated by reducing catastrophic risks from advanced AI systems
• Are excited to transition into full-time empirical AI safety research and would be interested in a full-time role at Anthropic

Please note:

We do not guarantee that we will make any full-time offers to fellows. However, strong performance during the program may indicate that a Fellow would be a good fit here at Anthropic. In previous cohorts, over 40% of fellows received a full-time offer, and we’ve supported many more to go on to do great work on safety at other organisations.

Strong candidates may also have:

• Contributed to open-source projects in LLM- or security-adjacent repositories
• Demonstrated success in bringing clarity and ownership to ambiguous technical problems
• Experience with pentesting, vulnerability research, or other offensive security
• A history demonstrating desire to do the 'dirty work' that results in high-quality outputs
• Reported CVEs, or been awarded for bug bounty vulnerabilities
• Experience with empirical ML research projects
• Experience with deep learning frameworks and experiment management

Candidates must be:

• Fluent in Python programming
• Available to work full-time on the Fellows program for 4 months

We encourage you to apply even if you do not believe you meet every single qualification.

Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.

Interview process

The interview process will include an initial application & references check, technical assessments & interviews, and a research discussion.

Compensation

The expected base stipend for this role is 3,850 USD / 2,310 GBP / 4,300 CAD per week, with an expectation of 40 hours per week, for 4 months (with possible extension).

Logistics

Logistics Requirements: To participate in the Fellows program, you must have work authorization in the US, UK, or Canada and be located in that country during the program.

Workspace Locations: We have designated shared workspaces in London and Berkeley where fellows will work from and mentors will visit. We are also open to remote fellows in the UK, US, or Canada. We will ask you about your availability to work from Berkeley or London (full- or part-time) during the program.

Visa Sponsorship: We are not currently able to sponsor visas for fellows. To participate in the Fellows program, you must have work authorization in the US, UK, or Canada and be located in that country during the program.

XML job scraping automation by YubHub

We are looking for a cybersecurity expert to lead our efforts to prevent AI misuse in the cyber domain. As a Cyber Harms Technical Policy Manager, you will lead a team applying deep technical expertise to inform the design of safety systems that detect harmful cyber behaviours and prevent misuse by sophisticated threat actors.

In this role, you will:

• Lead and grow a team of technical specialists focused on cyber threat modelling and evaluation frameworks
• Design and oversee execution of capability evaluations ('evals') to assess the cyber-relevant capabilities of new models
• Create comprehensive cyber threat models, including attack vectors, exploit chains, precursor identification, and weaponization techniques
• Develop and iterate on usage policies that govern responsible use of our models for emerging capabilities and use cases related to cyber harms
• Serve as the primary domain expert on cyber harms, advising cross-functional teams on threat landscapes and mitigation strategies
• Collaborate closely with internal and external threat modelling experts to develop training data for safety systems, and with ML engineers to train these systems, optimising for both robustness against adversarial attacks and low false-positive rates for legitimate security researchers
• Analyse safety system performance in traffic, identifying gaps and proposing improvements
• Conduct regular reviews of existing policies and enforcement systems to identify and address gaps and ambiguities related to cybersecurity risks
• Develop rigorous stress-testing of safeguards against evolving cyber threats and product surfaces
• Partner with Research, Product, Policy, Security Team, and Frontier Red Team to ensure cybersecurity safety is embedded throughout the model development lifecycle
• Translate cybersecurity domain knowledge into actionable safety requirements and clearly articulated policies
• Contribute to external communications, including model cards, blog posts, and policy documents related to cybersecurity safety
• Monitor emerging technologies and threat landscapes for their potential to contribute to new risks and mitigation strategies, and strategically address these
• Mentor and develop team members, fostering a culture of technical excellence and responsible AI development

You may be a good fit if you have:

• An M.S. or PhD in Computer Science, Cybersecurity, or a related technical field, OR equivalent professional experience in offensive or defensive cybersecurity
• 5+ years of hands-on experience in cybersecurity, with deep expertise in areas such as vulnerability research, exploit development, network security, malware analysis, or penetration testing
• 2+ years of experience managing technical teams or leading complex technical projects with multiple stakeholders
• Experience in scientific computing and data analysis, with proficiency in programming (Python preferred)
• Deep expertise in modern cybersecurity, including both offensive techniques (vulnerability research, exploit development, penetration testing, malware analysis) and defensive measures (detection, monitoring, incident response)
• Demonstrated ability to create threat models and translate technical cyber risks into policy frameworks
• Familiarity with responsible disclosure practices, vulnerability coordination, and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, CWE/CVE systems)
• Strong analytical and writing skills, with the ability to navigate ambiguity and explain complex technical concepts to non-technical stakeholders
• Experience developing policies or guidelines at scale, balancing safety concerns with enabling legitimate use cases
• A passion for learning new skills and an ability to rapidly adapt to changing techniques and technologies
• Comfort working in a fast-paced environment where priorities may shift as AI capabilities evolve
• Track record of translating specialised technical knowledge into actionable safety policies or enforcement guidelines

Preferred Qualifications:

• Background in AI/ML systems, particularly experience with large language models
• Experience developing ML-based security systems or adversarial ML research
• Experience working with defence, intelligence, or security organisations (e.g., NSA, CISA, national labs, security contractors)
• Published security research, disclosed vulnerabilities, or participated in bug bounty programs
• Understanding of Trust & Safety operations and content moderation at scale
• Certifications such as OSCP, OSCE, GXPN, or equivalent demonstrating technical depth
• Understanding of dual-use security research concerns and ethical considerations in AI safety

XML job scraping automation by YubHub

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About the Role

We are looking for vulnerability researchers to help mitigate the risks that come with building AI systems. One of these risks is the potential for LLMs to enable adversaries to cause harm by automating the attacks that today are carried out by human cybercrime groups, but in the future may be easily carried out by humans misusing LLMs. We are hiring security specialists who are experienced at exploitation and remediation, and are interested in understanding how LLMs could cause harm in the future, so that we can better prepare for this future and mitigate these risks before they arise.

Responsibilities:

• Triage any vulnerabilities discovered, coordinate and assist the external and open-source community in remediation
• Write scaffolds designed to automate typical traditional attack techniques to help clarify our defensive problem selection
• Research how adversaries might misuse LLMs to identify and exploit vulnerabilities at scale in the future
• Develop promising defensive strategies that could mitigate the ability of adversaries to misuse models in harmful ways
• Work with a small, senior team of engineers and researchers to enact a forward-looking security plan

You may be a good fit if you have:

• 3+ years experience with pentesting, vulnerability research, or other offensive security experience
• Senior-level knowledge in at least one related topic area (reverse engineering, network security, exploitation, physical security)
• A history demonstrating desire to do the 'dirty work' that results in high-quality outputs
• Software engineering experience
• Demonstrated success in bringing clarity and ownership to ambiguous technical problems
• Proven ability to lead cross-functional security initiatives and navigate complex organisational dynamics

Strong candidates may also have:

• Published research papers on computer security, language modeling, or related topics; or given talks at Defcon, Blackhat, CCC, or related venues
• Familiarity with large language models and how they work; for example, you may have written agent scaffolds
• Reported CVEs, or been awarded for bug bounty vulnerabilities
• Contributed to open-source projects in LLM- or security-adjacent repositories

Logistics

Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience. Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.

How we're different

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills.

The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences.

Come work with us!

Anthropic is a public benefit corporation headquartered in San Francisco.

XML job scraping automation by YubHub

This is a hands-on, investigative role requiring strong technical depth, understanding of modern software engineering and CI/CD systems, familiarity with cloud-native infrastructure (especially GCP), and the ability to work across multiple teams in a fast-paced environment.

Responsibilities

Threat Awareness & Rapid Assessment

• Continuously monitor emerging threats, including bad actor activity, 0-day vulnerabilities, public exploitation campaigns, bug bounty reports, and customer-reported security issues

• Quickly assess the applicability of these threats to Replit’s cloud infrastructure, SaaS services, internal tooling, and platform components.

Investigation & Impact Analysis

• Conduct targeted investigations to determine whether Replit is already impacted by a newly discovered threat, vulnerability, or exploit.

• Analyze logs, telemetry, and system behaviors using SIEM, metrics, Cloud Logging, and related tools.

• Identify gaps or weaknesses in existing detection or visibility and propose improvements.

Containment, Mitigation & Cross-Team Collaboration

• Research potential impact paths and develop mitigation strategies for confirmed or applicable threats.

• Partner closely with Security, SRE, and Engineering teams to coordinate and implement containment, patches, configuration updates, or code-level fixes.

• Document findings, mitigations, and follow-up actions clearly for internal teams.

Required Skills & Experience

• Strong understanding of software engineering fundamentals, including code structure, build systems, dependencies, and package ecosystems—enabling effective partnership with Engineering teams.

• Understanding of CI/CD pipelines and DevOps workflows, enabling collaboration with Infrastructure and DevOps teams.

• Solid knowledge of cloud architecture, especially Google Cloud Platform (GCP) services used in modern cloud-native deployments.

• Familiarity with SaaS architectures, identity systems, and integration patterns for effective collaboration with Cloud Security teams.

• Hands-on experience with SIEM, Cloud Logging, and log-based investigation workflows.

• Ability to perform investigations using log data, behavioral indicators, and threat intelligence.

• General understanding of vulnerability lifecycles, exploitability analysis, and common attack vectors.

Preferred Qualifications

• Experience with threat intelligence, security research, or vulnerability analysis.

• Familiarity with Kubernetes, containers, serverless infrastructure, or modern distributed systems.

• Ability to write scripts or small tools for investigation or automation (Python, Go, Bash).

• Experience working with bug bounty programs or coordinated vulnerability disclosure workflows.

• Experience in fast-paced, cloud-native, or AI/ML-driven environments.

What We Value

• Curiosity & initiative: Strong desire to understand attacker behaviors, emerging threats, and how they apply to real-world systems.

• Speed & analytical rigor: Ability to quickly assess high-risk vulnerabilities with clear, evidence-based reasoning.

• Collaboration: Comfort working across cross-functional teams spanning Security, SRE, Engineering, and Infrastructure.

• Clear communication: Ability to explain findings, risks, and mitigation strategies to stakeholders at all levels.

• Ownership mindset: Takes initiative to drive investigations, improvements, and remediations to completion

• Continuous learning: Passion for staying up to date on new vulnerabilities, exploit trends, and cloud-native security best practices.

Full-Time Employee Benefits Include:

💰 Competitive Salary & Equity

💹 401(k) Program with a 4% match

⚕️ Health, Dental, Vision and Life Insurance

🩼 Short Term and Long Term Disability

🚼 Paid Parental, Medical, Caregiver Leave

🚗 Commuter Benefits

📱 Monthly Wellness Stipend

🧑‍💻 Autonomous Work Environment

🖥 In Office Set-Up Reimbursement

🏝 Flexible Time Off (FTO) + Holidays

🚀 Quarterly Team Gatherings

☕ In Office Amenities

Want to learn more about what we are up to?

• Meet the Replit Agent

• Replit: Make an app for that

• Replit Blog

• Amjad TED Talk

Interviewing + Culture at Replit

• Operating Principles

• Reasons not to work at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially

XML job scraping automation by YubHub

This role requires strong technical ability to reproduce vulnerabilities, deep understanding of web/app/cloud exploit classes, and experience operating bug bounty and coordinated disclosure programs. You will work closely with Engineering, Cloud Security, SecOps, SRE, and IT teams to ensure vulnerabilities are fixed quickly and communicated responsibly.

Vulnerability Intake, Triage & Validation

• Manage intake from bug bounty platforms (HackerOne preferred), customer reports, automated scanners, pentest reports, and coordinated disclosure channels.
• Independently validate, reproduce, severity-score, and document findings.
• Identify duplicates and maintain a clean vulnerability records pipeline.
• Assess relevance and exploitability using OWASP, cloud misconfiguration patterns, and identity/authentication/authorisation risks (Oauth, OIDC).

Remediation Coordination & SLA Management

• Work with Engineering, SecOps, IT, SRE, and Cloud Security to confirm product impact and drive remediation.
• Provide detailed reproduction steps, proof-of-concepts, and technical analyses.
• Track SLAs, remediation progress, regression testing, and systemic improvements.
• Support SOC 2, ISO 27001, and pentest evidence needs as part of vulnerability lifecycle governance.

Bug Bounty & Vulnerability Disclosure Program Management

• Design and evolve the bug bounty program, including scope, rules, and reward structures.
• Manage platform selection, private vs. public launches, and community engagement.
• Communicate clearly with researchers, provide clarifications, and handle feedback or disputes.
• Determine reward payouts, bonus decisions, and recognition for top contributors.

Coordinated Disclosure & CVE Management

• Lead the coordinated vulnerability disclosure process for internal and external findings.
• Negotiate disclosure timelines with researchers and partners.
• Coordinate CVE assignments and publications, and prepare customer/public advisories.

Required Skills

• Experience running or triaging for bug bounty programs (HackerOne ideally).
• Strong ability to triage, validate, and reproduce vulnerabilities independently.
• Deep understanding of web/app/cloud vulnerability classes, OWASP Top 10, misconfigurations, authN/Z issues, etc.
• Familiarity with cloud platforms (GCP preferred) and SaaS architectures.
• Strong understanding of CI/CD workflows, code structure, and software engineering fundamentals.

Nice to Have

• Scripting or automation experience (Python, Go, Bash).
• Pentesting background or exposure to offensive security work.
• Familiarity with compliance frameworks such as SOC 2 and ISO 27001.
• Experience authoring public advisories or CVE writeups.
• Hands-on experience with SIEM, Cloud Logging, and investigative tooling.

This is a full-time role that can be held from our Foster City, CA office. The role has an in-office requirement of Monday, Wednesday, and Friday.

Full-Time Employee Benefits Include:

• Competitive Salary & Equity
• 401(k) Program with a 4% match
• Health, Dental, Vision and Life Insurance
• Short Term and Long Term Disability
• Paid Parental, Medical, Caregiver Leave
• Commuter Benefits
• Monthly Wellness Stipend
• Autonomous Work Environment
• In Office Set-Up Reimbursement
• Flexible Time Off (FTO) + Holidays
• Quarterly Team Gatherings
• In Office Amenities

Want to learn more about what we are up to?

• Meet the Replit Agent
• Replit: Make an app for that
• Replit Blog
• Amjad TED Talk

Interviewing + Culture at Replit

• Operating Principles
• Reasons not to work at Replit

To achieve our mission of making programming more accessible around the world, we need our team to be representative of the world. We welcome your unique perspective and experiences in shaping this product. We encourage people from all kinds of backgrounds to apply, including and especially candidates from underrepresented and non-traditional backgrounds.

Compensation Range: $180K - $325K

XML job scraping automation by YubHub