dbt Labs is the pioneer of analytics engineering, helping data teams transform raw data into reliable, actionable insights. As of February 2025, we’ve grown from an open source project into the leading analytics engineering platform, now used by over 90,000 teams every week, driving data transformations and AI use cases.

We’re backed by top-tier investors including Andreessen Horowitz, Sequoia Capital, and Altimeter. At our core, we believe in empowering data practitioners:

• Reliable, high-quality data is the fuel that propels AI-powered data engineering.
• AI is changing data work, fast. dbt’s data control plane keeps data engineers ahead of that curve.
• We empower engineers to deliver reliable, governed data faster, cheaper, and at scale.

About the Security Team

The mission of the Security Engineering team at dbt Labs is to provide clear, opinionated security guidance and scalable, secure-by-default offerings to engineers for the purpose of securing software development and enabling pragmatic risk decisions at dbt.

Responsibilities

As a Senior Security Operations Engineer on the Detection & Response team, you will strengthen and maintain the company's security posture throughout the threat detection lifecycle from telemetry collection and continuous monitoring through threat detection, incident response, and security event management. You will serve as a subject matter expert for security operations across the dbt Labs' teams and technology infrastructure, including multi-cloud production environments, identity, endpoints, and SaaS technologies.

Key Responsibilities

• Participate in a 24/7 on-call rotation providing coverage for active security incidents, investigations, and security events across our global infrastructure.
• Lead investigation and remediation of security incidents, coordinating cross-functional response efforts to minimize impact and recovery time.
• Play a major role in bootstrapping an end to end D&R alert and investigation pipeline.
• Triage and investigate security alerts from detection tools including Wiz Defend, Crowdstrike, and cloud security platforms to identify genuine threats and reduce false positives.
• Develop and maintain detection rules, runbooks, and response procedures mapped to the company's threat model.
• Automate alert triage workflows and improve mean time to detection and response through tooling and process enhancements, including leveraging AI enrichment and processing.
• Collaborate with Infrastructure and Application Security teams to implement secure-by-design principles and remediate identified security issues.
• Conduct security event analysis to identify policy violations, misconfigurations, and potential attack vectors before they become incidents.
• Partner with our Enterprise Security & Technology team to enhance endpoint security controls and monitoring across endpoints (MacOS laptops & some Windows and Linux-based development environments).
• Design and facilitate tabletop exercises and game days to test detection, response, recovery, and remediation capabilities.
• Contribute to the maturation of the security incident response program through documentation, training, and process improvements.
• Mentor junior security engineers and cross-functional team members on incident handling best practices.

Requirements

• Demonstrated ability to excel in high-pressure situations; we need someone who can make sound decisions during active security incidents and can calmly serve as incident commander with confidence.

Qualifications

• Have 8+ years of professional experience in security-related domains, including at least 4 years in security operations, incident response, threat hunting, or threat detection roles.
• Have demonstrable experience leading security incident investigations and coordinating cross-team response efforts.

What We Offer

• Competitive compensation packages commensurate with experience, including salary, equity, and where applicable, performance-based pay.
• Opportunity to work with a leading analytics engineering platform and contribute to the growth and success of the company.
• Collaborative and dynamic work environment with a team of experienced professionals.
• Opportunities for professional growth and development.

How to Apply

If you are a motivated and experienced security professional looking for a new challenge, please submit your resume and cover letter to [insert contact information]. We look forward to hearing from you!

XML job scraping automation by YubHub

We are looking for builders and owners who operate with speed and urgency and execute with excellence. This is an opportunity to do career-defining work.

The Role -------- We seek a knowledgeable and development-focused Security Engineer, who will build micro-services to secure Customer Identity Products and Infrastructure.

Responsibilities --------------- Work across a globally distributed product-aligned team of security engineers Establish a deep understanding of Okta Customer Identity products and infrastructure Collaborate when necessary with the Okta Security team on security operations Build, deploy & maintain scalable and reliable infrastructure services as well as security solutions for customer identity products Build, deploy & maintain automation to improve platform security capabilities at scale including logging, threat detection and compliance benchmarks to increase our security posture Help meet our operational security commitments by thinking like an attacker, assessing the risk, and advising on mitigation strategies Support security investigations in coordination with the Okta Security team, participate in root cause analysis and perform necessary remediations. Support stakeholders by proposing mitigation strategies for end-of-life software and security vulnerability and patch management

Requirements ----------- You have 3+ years of hands-on development experience writing microservices with Golang You have 3+ years of experience in cloud infrastructure security, product security You have working knowledge and hands on development experience with one or more of the following: AWS and/or Azure security Kubernetes You have strong knowledge in OWASP Top 10 and secure coding best practices You have strong foundation on secure software development lifecycle best practices You have strong written and verbal communication skills You have experience working with a globally distributed and remote team.

Bonus points if: You have working knowledge and experience with one or more of the following: Full-stack engineering Site reliability engineering Identity and access management Vulnerability and threat management Security detection and response Governance, risk and compliance

XML job scraping automation by YubHub

This role requires expertise in low-level systems security and the ability to architect solutions that balance security requirements with the performance demands of training AI models across our massive fleet.

Responsibilities:

• Design and implement secure boot chains from firmware through OS initialization for diverse hardware platforms (CPUs, BMCs, switches, peripherals, and embedded microcontrollers)

• Architect attestation systems that provide cryptographic proof of system state from hardware root of trust through application layer

• Develop measured boot implementations and runtime integrity monitoring

• Create reference architectures and security requirements for bare-metal deployments

• Integrate security controls with infrastructure teams without impacting training performance

• Prototype and validate security mechanisms before production deployment

• Conduct firmware vulnerability assessments and penetration testing

• Build firmware analysis pipelines for continuous security monitoring

• Document security architectures and maintain threat models

• Collaborate with software and hardware vendors to ensure security capabilities meet our requirements

Who you are:

• 8+ years of experience in systems security, with at least 5 years focused on firmware and hardware security (firmware, bootloaders, and OS-level security)

• Hands-on experience with secure boot, measured boot, and attestation technologies (TPM, Intel TXT, AMD SEV, ARM TrustZone)

• Strong understanding of cryptographic protocols and hardware security modules

• Experience with UEFI/BIOS or embedded firmware security, bootloader hardening, and chain of trust implementation

• Proficiency in low-level programming (C, Rust, Assembly) and systems programming

• Knowledge of firmware vulnerability assessment and threat modeling

• Track record of designing security architectures for complex, distributed systems

• Experience with supply chain security

• Ability to work effectively across hardware and software boundaries

• Knowledge of NIST firmware security guidelines and hardware security frameworks

Strong candidates may also have:

• Experience with confidential computing technologies and hardware-based TEEs

• Knowledge of SLSA framework and software supply chain security standards

• Experience securing large-scale HPC or cloud infrastructure

• Contributions to open-source security projects (coreboot, CHIPSEC, etc.)

• Background in formal verification or security proof techniques

• Experience with silicon root of trust implementations

• Experience working with building foundational technical designs, operational leadership, and vendor collaboration

• Previous work with AI/ML infrastructure security

Annual Salary: $405,000-$485,000 USD

Logistics:

• Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience

• Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience

• Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position

• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

Why work with us?

• Competitive compensation and benefits

• Optional equity donation matching

• Generous vacation and parental leave

• Flexible working hours

• Lovely office space in which to collaborate with colleagues

Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process

XML job scraping automation by YubHub

About the Role: The Application Security team at Anthropic is at the forefront of building security into every phase of the software development lifecycle. As an Application Security Engineer, you will partner closely with software engineers and researchers to ensure that security is a core consideration from initial design through implementation. You will lead threat modeling and secure design reviews to proactively identify and mitigate risks early, and help with continuous risk assessment. You will build tools and systems to support developers shipping code securely, adhering to secure coding best practices.

Responsibilities:

• Help secure AI products and internal tools that are introducing industry-novel security risks and pushing established security boundaries
• Lead “shift left” security efforts to build security into the software development lifecycle
• Conduct secure design reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities
• Develop tooling to scale security code reviews and respond to developer questions, including advising developers on remediating vulnerabilities and following secure coding practices
• Manage Anthropic's vulnerability management program, including integrating data ingestion pipelines, coding logic to prioritize vulnerability fixes, supporting teams remediating vulnerabilities and developing automated systems at scale
• Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with the ethical hacker community
• Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development
• Develop and document security policies, standards, and playbooks. Conduct security awareness training for engineers

Requirements:

• 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments
• Strong proficiency in at least one programming language (e.g., Python, Rust, Go, Java)
• Lead with empathy, a collaborative spirit, and a learning mindset to work cross-functionally with engineers of all levels to build security into the software development life cycle
• Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls
• Possess broad security knowledge to connect the dots across domains and identify holistic ways to decrease the overall threat surface
• Are keen to distill complex security concepts into clear actions and drive consensus without direct authority
• Embody a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education
• Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes
• Bring experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses
• Are practiced at collaborating cross-functionally and effectively balancing security requirements with business objectives
• Advocate for security fundamentals like least privilege, defense-in-depth, and eliminating complexity that could sub-linearly scale security through smart design

Preferred Qualifications:

• Hands-on technical expertise securing complex cloud environments and microservices architectures leveraging technologies like Kubernetes, Docker, and AWS / GCP
• Exposure to offensive security techniques like vulnerability testing, bug bounty, pen testing, and red team exercises
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, model extraction, etc. and mitigations
• Experience building security tools, applications, and automated tools
• Solid foundational knowledge of both software and security engineering principles and are keen to continue learning
• Excellent communication skills, able to distill complex security topics for broad audiences
• Worked and thrived in fast-paced environments, and comfortable navigating ambiguity

Annual Compensation Range:

$300,000-$405,000 USD

Logistics:

• Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience
• Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience
• Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position
• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

How to Apply:

If you're interested in this role, please submit your application through our website. We look forward to reviewing your application!

Note:

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links,visit anthropic.com/careers directly for confirmed position openings.

XML job scraping automation by YubHub

Fridtjof Nansen crossed the Arctic, going places no human had ever been. Together with our users, we're doing the same onchain , and someone needs to make sure we don't get killed on the way there.

We're building the single best platform for onchain investing , agentic trading, staking infrastructure, AI-powered analytics , and we're scaling fast. Fast enough that security can't be an afterthought bolted on later. It has to be built in, from the start, by someone who knows what they're doing.

Our mission:

Surface the signal and create winners.

What you'll do at Nansen

You'll be the person who makes sure we can move fast without breaking things that matter. That means embedding security into everything we build , cloud infrastructure, applications, CI/CD pipelines, AI systems, staking operations , across a generalist role that spans the full surface area.

• Run security assessments across systems, architectures, and code , find the vulnerabilities before someone else does
• Advise engineering teams on secure design decisions. You're a partner, not a blocker
• Deploy and maintain security infrastructure: SIEM, vulnerability scanning, endpoint protection, logging , the things that let us sleep at night
• Secure our CI/CD pipelines and deployment workflows end-to-end
• Own secrets management, key management, and access controls. No shortcuts
• Address LLM security head-on: API key management, prompt injection prevention, and the risks that come with shipping AI-powered products at speed
• Coordinate penetration tests and security audits with external vendors
• Create and maintain secure coding guidelines and code review processes that engineers actually follow
• Represent the Security Team in the incident response process
• Drive compliance readiness , SOC 2, ISO 27001 , pragmatically, not bureaucratically

What we're looking for

• You've built and hardened production security at scale , you know the difference between a policy document and an actually secure system
• Strong cloud security knowledge (AWS, GCP or equivalent). Container security and network security fundamentals
• Hands-on experience implementing security tooling, not just evaluating it
• Secrets and key management expertise , you've managed this at a company where it actually mattered
• You understand the security implications of AI/LLM and agent-based systems. This is new territory and we need someone thinking about it seriously
• CI/CD pipeline security is second nature
• Pragmatic about compliance , you can get us to SOC 2 without drowning the engineering team in process
• You don't just use AI as a tool. You think with it. AI-first isn't a checkbox , it's how you work
• Strong async communication skills , we're remote-first, Slack-and-docs-heavy, and EMEA hours are preferred for team overlap
• Bonus: blockchain, smart contract, or staking infrastructure security experience. Kubernetes and Terraform security. Incident response or security operations background

What we offer our crew

• Competitive salary. Meaningful equity. Real ownership in what you build
• Fully remote with two no-meeting days a week , because deep work doesn't happen in a Google Meet
• Annual company retreat and team off-sites in one of our offices: Singapore, Bangkok, London, and Oslo , flights and accommodation covered
• Unlimited AI tokens , Claude, OpenAI, whatever helps you move fast
• Your own OpenClaw for work
• Nansen Pro account: giving you full access to the most detailed onchain data in the market
• A team that started as data engineers and data scientists that has grown to over 80 builders. Your craft is respected here.
• Speed, ownership, curiosity, courage. These aren't values on a wall , they're how we run.
• A front-row seat (and a hand in building) the next chapter of finance

XML job scraping automation by YubHub

Fuse Energy is a forward-thinking renewable energy startup on a mission to deliver a terawatt of renewable energy - fast. We're combining first-principles thinking with cutting-edge technology to build a radically better energy system.

We're creating a fully integrated energy company: from developing solar, wind and hydrogen projects to real-time power trading and distributed energy installations. By selling directly to consumers, we cut out the middleman, lower costs and pass on savings to customers.

But we're not stopping there. We're also building the Energy Network: a decentralised platform of smart devices that rewards users in Energy Dollars for electrifying their homes, shifting usage to off-peak hours, and helping balance the grid. This network strengthens grid stability - a critical foundation for scaling AI data centers and other energy-intensive industries.

Responsibilities

Security Engineering & Implementation

• Assist in implementing and maintaining security controls across cloud infrastructure, web applications, and internal systems.
• Support secure configuration of services, including access controls, secrets management, and API security.
• Help review and improve the security of components related to identity, authentication, and transaction workflows.

Threat Modelling & Risk Awareness

• Participate in threat modelling exercises and security reviews for new features and system changes.
• Help identify common security risks and misconfigurations, and work with engineers to remediate them.
• Stay informed about common attack vectors and vulnerabilities relevant to modern cloud and web environments.

Security Operations & Incident Support

• Assist with monitoring, detection, and investigation of security alerts and events.
• Support incident response activities, including analysis, documentation, and follow-up remediation tasks.
• Help maintain and improve runbooks, alerts, and basic detection mechanisms.

Secure Development & Best Practices

• Contribute to secure development practices, including code reviews with a security lens.
• Help document and promote security guidelines for engineers, such as secure coding and secrets handling.
• Support ongoing efforts related to compliance readiness (e.g., evidence gathering, control checks).

Collaboration & Learning

• Work closely with engineering and product teams to integrate security into day-to-day development.
• Learn from senior security engineers and actively develop your skills in cloud security, application security, and infrastructure security.

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience.
• 2–3 years of experience in a Security Engineer, Software Engineer, Infrastructure Engineer, or similar role with security exposure.
• Foundational understanding of security concepts such as authentication, authorisation, encryption, and secure communication.
• Familiarity with common web and cloud security risks (e.g., OWASP Top 10, IAM misconfigurations).
• Basic experience with AWS and an interest in cloud security best practices.
• Working knowledge of operating systems, networking fundamentals, and software development workflows.
• Strong problem-solving skills and a willingness to learn and grow in a fast-moving environment.

Benefits

• Competitive salary and an equity sign-on bonus
• Biannual bonus scheme
• Fully expensed tech to match your needs
• Paid annual leave
• Breakfast and dinner allowance for office based employees

XML job scraping automation by YubHub

Fuse Energy is a forward-thinking renewable energy startup on a mission to deliver a terawatt of renewable energy - fast. We're combining first-principles thinking with cutting-edge technology to build a radically better energy system.

We're creating a fully integrated energy company: from developing solar, wind and hydrogen projects to real-time power trading and distributed energy installations. By selling directly to consumers, we cut out the middleman, lower costs and pass on savings to customers.

But we're not stopping there. We're also building the Energy Network: a decentralised platform of smart devices that rewards users in Energy Dollars for electrifying their homes, shifting usage to off-peak hours, and helping balance the grid. This network strengthens grid stability - a critical foundation for scaling AI data centers and other energy-intensive industries.

Responsibilities

Security Engineering & Implementation

• Assist in implementing and maintaining security controls across cloud infrastructure, web applications, and internal systems.
• Support secure configuration of services, including access controls, secrets management, and API security.
• Help review and improve the security of components related to identity, authentication, and transaction workflows.

Threat Modelling & Risk Awareness

• Participate in threat modelling exercises and security reviews for new features and system changes.
• Help identify common security risks and misconfigurations, and work with engineers to remediate them.
• Stay informed about common attack vectors and vulnerabilities relevant to modern cloud and web environments.

Security Operations & Incident Support

• Assist with monitoring, detection, and investigation of security alerts and events.
• Support incident response activities, including analysis, documentation, and follow-up remediation tasks.
• Help maintain and improve runbooks, alerts, and basic detection mechanisms.

Secure Development & Best Practices

• Contribute to secure development practices, including code reviews with a security lens.
• Help document and promote security guidelines for engineers, such as secure coding and secrets handling.
• Support ongoing efforts related to compliance readiness (e.g., evidence gathering, control checks).

Collaboration & Learning

• Work closely with engineering and product teams to integrate security into day-to-day development.
• Learn from senior security engineers and actively develop your skills in cloud security, application security, and infrastructure security.

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience.
• 2–3 years of experience in a Security Engineer, Software Engineer, Infrastructure Engineer, or similar role with security exposure.
• Foundational understanding of security concepts such as authentication, authorisation, encryption, and secure communication.
• Familiarity with common web and cloud security risks (e.g., OWASP Top 10, IAM misconfigurations).
• Basic experience with AWS and an interest in cloud security best practices.
• Working knowledge of operating systems, networking fundamentals, and software development workflows.
• Strong problem-solving skills and a willingness to learn and grow in a fast-moving environment.

Benefits

• Competitive salary and an equity sign-on bonus
• Biannual bonus scheme
• Fully expensed tech to match your needs
• Paid annual leave
• Breakfast and dinner allowance for office based employees

XML job scraping automation by YubHub

The Application Security team at Anthropic is at the forefront of building security into every phase of the software development lifecycle. In this hands-on technical role, you will partner closely with software engineers and researchers to ensure security is a core consideration from initial design through implementation.

You will lead threat modeling and secure design reviews to proactively identify and mitigate risks early, and help with continuous risk assessment. You will build tools and systems to support developers shipping code securely, adhering to secure coding best practices.

Your insights will shape our tooling, detection capabilities, and defenses against emerging threats to AI/ML. You'll develop the standards, processes, and educational resources that enable all Anthropic engineers to be security champions.

Responsibilities:

• Help secure AI products and internal tools that are introducing industry-novel security risks and pushing established security boundaries
• Lead “shift left” security efforts to build security into the software development lifecycle
• Conduct secure design reviews and threat modeling. Identify and prioritise risks, attack surfaces, and vulnerabilities
• Develop tooling to scale security code reviews and respond to developer questions, including advising developers on remediating vulnerabilities and following secure coding practices
• Manage Anthropic's vulnerability management program, including integrating data ingestion pipelines, coding logic to prioritise vulnerability fixes, supporting teams remediating vulnerabilities and developing automated systems at scale
• Oversee Anthropic's bug bounty program. Set scope, validate submissions, perform root cause analysis, coordinate remediation with engineering teams, and award bounties. Cultivate relationships with the ethical hacker community
• Collaborate closely with product engineers and researchers to instill security best practices. Advocate for secure architecture, design, and development
• Develop and document security policies, standards, and playbooks. Conduct security awareness training for engineers

You may be a good fit if you:

• Have 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments
• Strong proficiency in at least one programming language (e.g., Python, Rust, Go, Java)
• Lead with empathy, a collaborative spirit, and a learning mindset to work cross-functionally with engineers of all levels to build security into the software development life cycle
• Leverage creative and strategic thinking to reduce risk through secure design and simplicity, not just controls
• Possess broad security knowledge to connect the dots across domains and identify holistic ways to decrease the overall threat surface
• Are keen to distill complex security concepts into clear actions and drive consensus without direct authority
• Embody a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education
• Have a strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes
• Bring experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses
• Are practiced at collaborating cross-functionally and effectively balancing security requirements with business objectives
• Advocate for security fundamentals like least privilege, defence-in-depth, and eliminating complexity that could sub-linearly scale security through smart design

Strong candidates may also:

• Hands-on technical expertise securing complex cloud environments and microservices architectures leveraging technologies like Kubernetes, Docker, and AWS / GCP
• Exposure to offensive security techniques like vulnerability testing, bug bounty, pen testing, and red team exercises
• Familiarity with AI/ML security risks such as prompt injection, data poisoning, model extraction, etc. and mitigations
• Experience building security tools, applications, and automated tools
• Solid foundational knowledge of both software and security engineering principles and are keen to continue learning
• Excellent communication skills, able to distill complex security topics for broad audiences
• Worked and thrived in fast-paced environments, and comfortable navigating ambiguity

The annual compensation range for this role is $300,000 - $405,000 USD.

XML job scraping automation by YubHub

We're seeking a Platform Hardware Security Engineer to design and implement security architectures for bare-metal infrastructure. You'll work with teams across Anthropic to build firmware, bootloaders, operating systems, and attestation systems to ensure the integrity of our infrastructure from the ground up.

This role requires expertise in low-level systems security and the ability to architect solutions that balance security requirements with the performance demands of training AI models across our massive fleet.

What you'll do:

• Design and implement secure boot chains from firmware through OS initialization for diverse hardware platforms (CPUs, BMCs, switches, peripherals, and embedded microcontrollers)
• Architect attestation systems that provide cryptographic proof of system state from hardware root of trust through application layer
• Develop measured boot implementations and runtime integrity monitoring
• Create reference architectures and security requirements for bare-metal deployments
• Integrate security controls with infrastructure teams without impacting training performance
• Prototype and validate security mechanisms before production deployment
• Conduct firmware vulnerability assessments and penetration testing
• Build firmware analysis pipelines for continuous security monitoring
• Document security architectures and maintain threat models
• Collaborate with software and hardware vendors to ensure security capabilities meet our requirements

Who you are:

• 8+ years of experience in systems security, with at least 5 years focused on firmware and hardware security (firmware, bootloaders, and OS-level security)
• Hands-on experience with secure boot, measured boot, and attestation technologies (TPM, Intel TXT, AMD SEV, ARM TrustZone)
• Strong understanding of cryptographic protocols and hardware security modules
• Experience with UEFI/BIOS or embedded firmware security, bootloader hardening, and chain of trust implementation
• Proficiency in low-level programming (C, Rust, Assembly) and systems programming
• Knowledge of firmware vulnerability assessment and threat modeling
• Track record of designing security architectures for complex, distributed systems
• Experience with supply chain security
• Ability to work effectively across hardware and software boundaries
• Knowledge of NIST firmware security guidelines and hardware security frameworks

Strong candidates may also have:

• Experience with confidential computing technologies and hardware-based TEEs
• Knowledge of SLSA framework and software supply chain security standards
• Experience securing large-scale HPC or cloud infrastructure
• Contributions to open-source security projects (coreboot, CHIPSEC, etc.)
• Background in formal verification or security proof techniques
• Experience with silicon root of trust implementations
• Experience working with building foundational technical designs, operational leadership, and vendor collaboration
• Previous work with AI/ML infrastructure security

Logistics

• Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience.
• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.

How we're different

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts.

XML job scraping automation by YubHub

We’re looking for a Security Engineering Lead to own and drive Anthropic’s Corporate Security programme. This is a player-coach Tech Lead Manager (TLM) role: you’ll be both the most senior technical individual contributor on corporate security and the people leader for a lean, high-impact team of Security Engineers.

Corporate Security at Anthropic encompasses everything that protects our people, endpoints, networks, SaaS ecosystem, and corporate data—the full surface area outside of production infrastructure. The scope is broad and the team is deliberately small, which means you’ll need deep technical skills across multiple domains, strong judgment about where to invest, and a bias toward automation and engineering-driven solutions over manual process.

You’ll report into Security leadership and partner closely with IT, Infrastructure Security, Detection & Response, and GRC teams. This role is high-visibility and high-autonomy: you’ll be expected to define the roadmap, make architectural decisions, and represent Corporate Security across the company.

Responsibilities:

Technical Leadership & Hands-on Engineering

• Own the security architecture, tooling, and controls for Anthropic’s corporate environment end-to-end, including endpoint fleets (macOS, Windows, ChromeOS), campus and office networks, SaaS applications, mobile devices
• Design, build, and ship security automation, integrations, and internal tooling—including leveraging Claude and LLMs to accelerate security workflows
• Define and enforce security baselines, hardening standards, and configuration policies across all corporate platforms
• Define what it means to operate safely in an environment where AI agents act more like humans than actual humans
• Evaluate, select, deploy, and operate corporate security tools (EDR/XDR, MDM, ZTNA, CASB/SSPM, email security, DLP, browser security, etc.)
• Drive vulnerability management for corporate assets, including patch orchestration, risk-based prioritization, and exception management
• Lead security reviews of new SaaS adoptions, corporate infrastructure changes, and IT projects

People Leadership & Team Building

• Manage, mentor, and grow a purposefully lean team of Security Engineers; set clear expectations, run effective 1:1s, and create an environment where engineers do the best work of their careers
• Hire and build the team as scope expands—own the hiring bar and pipeline for Corporate Security Engineering roles
• Balance your own IC contributions with the team’s needs; know when to go deep on a problem yourself and when to delegate and coach
• Foster a culture of operational excellence, blameless incident review, and continuous improvement

Strategy & Cross-Functional Partnership

• Define and own the Corporate Security roadmap, aligning investments to Anthropic’s risk profile and growth trajectory
• Partner with IT Operations to ensure security is embedded in endpoint provisioning, network design, and SaaS lifecycle management
• Collaborate with Detection & Response on telemetry coverage, detection engineering, and incident handling for corporate-sourced events
• Partner with Infrastructure and Security Engineering teams to ensure security standards are consistent across all of Anthropic
• Communicate security posture, risks, and investment needs to Security leadership and cross-functional stakeholders clearly and persuasively

You may be a good fit if you:

• Have 8+ years of Security Engineering experience in a corporate/enterprise security domain (endpoint security, network security, SaaS security, identity, or a combination)
• Have 2+ years of experience managing or tech-leading a team of engineers, with a demonstrated track record of developing talent and shipping results through others
• Are a strong engineer who still writes code regularly—you can prototype a tool, write a detection, build an integration, or debug a complex configuration issue
• Have deep experience with macOS fleet security (this is our primary platform) and solid working knowledge of Windows and ChromeOS security
• Have hands-on experience deploying and operating EDR/XDR, MDM, ZTNA/zero trust, and identity security solutions at scale
• Understand modern SaaS security challenges: shadow IT, OAuth token sprawl, data exfiltration paths, SaaS-to-SaaS integrations, and SSPM/CASB tooling
• Can work independently with high autonomy, manage ambiguity, and make sound risk-based prioritization decisions in a fast-paced environment
• Have excellent communication skills and can translate complex security topics into clear recommendations for technical and non-technical audiences

Strong candidates may have:

• Securing corporate environments at high-growth AI, cloud, or developer-tools companies
• Maturing a Corporate Security function from early stage, including defining scope, selecting the initial toolset, and hiring the founding team
• Advanced macOS security (system extensions, endpoint security framework, MDM profile engineering, Declarative Device Management)
• Network security architecture for hybrid/multi-office environments, including SD-WAN, ZTNA, DNS security, and network segmentation
• Browser security and isolation technologies (e.g., Island, Talon/Palo Alto, Chrome Enterprise)
• Proficiency in Python, Go, or similar languages for building sec

XML job scraping automation by YubHub

Vendor Security Program Manager

Location

San Francisco; New York City; Seattle; Washington, DC

Employment Type

Full time

Location Type

Hybrid

Department

Security

Compensation

• SF, Seattle and NYC: $207K – $335K • Offers Equity
• Zone A: $186K – $301.5K • Offers Equity
• Zone B: $165.6K – $268K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.

About the Team

The Vendor Security team sits at the core of our mission to ensure our technology benefits humanity safely and securely. We provide security assurances and robust compliance frameworks for our technology, people, and products. Our mission is to build trust with the world in our products and company. Our work is technical yet highly operational, strategically aligning with security and engineering teams to navigate and mitigate risks proactively. We prioritize impact, enable innovation, and foster a culture of continuous compliance and security awareness.

About the Role

As a Program Manager within the Vendor Security team, you will play a crucial role in protecting our organisation against external risks posed by suppliers, vendors, partners, and hardware manufacturers. Your responsibilities will include conducting comprehensive security assessments, building a program to manage global supply chain and vendor risks, and driving security initiatives across all of our third-party relationships. You will be analytical, detail-oriented, and proactive, capable of translating complex security evaluations into clear, actionable strategies.

The role is expected to operate with a strong point of view on risk. You will be responsible not only for identifying and documenting vendor and supply-chain risk, but for helping the company make informed trade-offs between speed, scale, and security. This role requires exceptional organisational skills, the ability to effectively communicate across different business functions, and a strong commitment to operational excellence in a dynamic environment.

This role may be based out of one of our US offices (San Francisco, Seattle, NYC or DC.) We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will:

• Be the interface for Security to the rest of the organisation for vendors.

• Own vendor security risk decisions and escalation paths, including clearly documenting risk acceptance, mitigation plans, and executive-level trade-offs when security requirements cannot be fully met.

• Conduct deep, evidence-based security assessments of third parties, including review of architectures, configurations, controls, logs, and operational practices - moving beyond questionnaires and attestations to validate real-world security posture of vendors.

• Assess and manage security risk across a diverse vendor landscape, including SaaS providers, cloud and infrastructure partners, hardware manufacturers, chip suppliers, and other strategic or high-impact suppliers.

• Develop, build, and continuously improve the vendor security program and security supply chain risk management function at OpenAI.

• Develop, propose, and implement effective controls to mitigate identified vendor risks.

• Build and maintain collaborative partnerships with key internal stakeholders including Infrastructure Security, Product, Engineering, Legal, Procurement, and Threat Intelligence to ensure comprehensive security coverage of the vendor and third-party supply chain.

• Streamline and automate vendor and supply chain security processes to increase efficiency and reduce manual overhead.

You might thrive in this role if you have:

• Proven experience conducting third-party or supply chain security assessments, including building and scaling a vendor management security program.

• An in-depth understanding of information security principles and controls, including data protection, access management, proactive and reactive security measures, and application security.

• Comfort operating in ambiguity, with the ability to form defensible security opinions even when information is incomplete or uncertain.

• Strong analytical and problem-solving skills, with the ability to identify and mitigate complex security risks.

• Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and stakeholders.

• Strong organisational and project management skills, with the ability to prioritise tasks and manage multiple projects simultaneously.

• A strong commitment to operational excellence and continuous improvement, with a focus on delivering high-quality results in a dynamic environment.

• A passion for security and a desire to make a meaningful impact in the field.

XML job scraping automation by YubHub

What you'll do

This DevOps Developer role in the Software Quality organization works with Quality Assurance and Game Development teams to create tools and technical strategies. Our goal is to improve automation infrastructure and increase efficiencies in the Game Development and QA processes.

• Operate and maintain tools, ensuring exceptional uptime, secure environments.
• First responder and driving continuous improvement based on root cause analysis.

What you need

• 5+ year experience in managing distributed, scalable and resilient high-performing systems

XML job scraping automation by YubHub