This isn't just about finding vulnerabilities; it's about shaping the future of secure AI by embedding an attacker's mindset into everything we build. You'll work at the intersection of offensive security, AI safety, and product development, collaborating with cross-functional teams to harden our systems against evolving threats.

Your expertise will directly influence how we design, deploy, and protect our most critical assets , ensuring our agents remain resilient, trustworthy, and ahead of adversaries. This role is ideal for those who thrive in dynamic environments, where creativity, technical depth, and a passion for security converge to solve unprecedented challenges.

Key responsibilities include:

• Proactively hunting for vulnerabilities in the interactions between our agentic applications, cloud infrastructure, and foundational models, with a focus on realistic, high-impact attack vectors.

• Designing and executing red and purple team exercises, simulating sophisticated adversarial scenarios to stress-test our defenses and refine our detection capabilities.

• Partnering with defensive teams to translate offensive insights into actionable improvements, from detection engineering to incident response.

• Conducting in-depth penetration testing across our product suite, including AI-driven workflows, custom infrastructure, and user-facing interfaces.

• Building and automating offensive tooling to scale your impact, leveraging cutting-edge techniques to stay ahead of emerging threats.

• Communicating findings with clarity and conviction, ensuring technical and non-technical stakeholders understand risks and prioritize mitigations effectively.

• Shaping Mistral AI's security strategy by contributing attacker-informed perspectives to threat modeling, risk assessment, and architectural decisions.

XML job scraping automation by YubHub

Enterprise Technology plays a critical part in shaping the future of mobility. If you're looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience and improve people's lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are.

This role is responsible for designing, implementing, automating, and maintaining security platforms that support enterprise cybersecurity operations. The role focuses on integrating security agents/tools, improving detection capabilities, ensuring platform reliability, and enabling security teams through scalable infrastructure and automation.

Responsibilities

• Design, implement, maintain, and improve security platforms and tools that protect the organization's IT infrastructure.
• Optimize security technologies to detect, prevent, and respond to security threats in real time.
• Collaborate with engineering, IT, and security operations teams to deploy and support enterprise cybersecurity platforms and solutions.
• Secure in-house and public AI and ML/DL systems against cyber threats, adversarial attacks, and data breaches across the solution lifecycle.
• Design and implement robust security platforms supporting enterprise security needs (e.g., unified telemetry pipeline like BindPlane, SIEM like QRadar, SecOps, and AI security).
• Define and maintain guidelines and controls to secure AI systems, including data protection, model security, and compliance requirements.
• Apply established frameworks as references/baselines (e.g., Google Secure AI Framework (SAIF), NIST AI Risk Management Framework, Framework for AI Cybersecurity Practices (FAICP)).
• Identify, assess, and mitigate AI-specific security risks (adversarial attacks, data poisoning, model inversion, unauthorized access).
• Conduct vulnerability assessments and penetration testing on AI models and data pipelines.
• Ensure AI data is encrypted, anonymized, and securely stored.
• Implement access controls for sensitive AI data and models (RBAC, ABAC, Zero Trust).
• Protect AI models from tampering, theft, and adversarial manipulation during training and deployment.
• Monitor and log AI system activity for anomalies and security incidents.
• Develop and enforce policies to align AI systems with industry regulations, ethical standards, and organizational governance requirements.
• Develop automated workflows and scripts to enhance security platform functionality and scalability, improving operational efficiency.
• Manage timely patching and upgrades to security tools and systems to reduce downtime and minimize vulnerabilities.
• Configure alerting systems for security threats and enable real-time monitoring for observability.
• Partner with incident response teams to identify, contain, and mitigate security incidents.
• Support root cause analysis to improve security posture and prevent repeat breaches.
• Optimize security tools and platforms for performance and effectiveness while meeting compliance and organizational requirements.
• Maintain documentation for platform configurations, AI services and capabilities, troubleshooting guides, and operational procedures.

Qualifications

• Bachelor's degree in Computer Science, Information Security, or related field OR a combination of education and experience
• 5+ years of experience in security engineering, platform engineering, and AI/ML, including experience in large, complex environments
• Experience in managing security platforms and tools in enterprise environments
• Experience in telemetry pipeline platforms (e.g., BindPlane), SIEM (e.g., Splunk, QRadar), and vulnerability management tools
• Experience in scripting and automation (Python, PowerShell, and/or Bash)
• Experience in infrastructure as Code (Terraform, Ansible)
• Experience in cloud security tools and platforms (GCP, AWS, Azure)
• Experience in container security (Docker, Kubernetes)
• Experience in networking protocols, firewalls, and network security best practices
• Experience in AI/ML concepts, architectures, and AI security challenges
• Experience in AI threat areas (adversarial attacks, data poisoning, model inversion, unauthorized access)
• Experience in vulnerability assessment and penetration testing on AI models and data pipelines
• Experience in data protection techniques (encryption, anonymization, secure storage) and secure access management (RBAC, ABAC, Zero Trust)
• Experience in incident response, monitoring tools, and threat intelligence platforms
• Experience in security frameworks and compliance references (SAIF, NIST, FAICP)
• Experience in ITSM processes and tools (ServiceNow) and delivery practices/tools (Agile, JIRA)
• Master's degree in Computer Science, Information Security, or related field
• Understanding of cloud AI/ML services and deployment pipelines
• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Professional)
• Preferred certifications such as CAISF, AICERTs, AI for Cybersecurity Specialization, or equivalent
• GCP cloud certification or equivalent in AWS or Azure (preferred)
• Additional cybersecurity certificates (preferred)
• Excellent communication and documentation skills for policy development and stakeholder engagement

XML job scraping automation by YubHub

Tonies is the world's leading interactive audio platform for children, with over 10 million Tonieboxes and 125 million Tonies sold globally. Our intuitive, screen-free system empowers children to learn and play independently in a safe and engaging way.

As Manager Digital Trust & Security, you will lead the strategic expansion of our security service offerings. You will bridge the gap between technical architecture and business-centric consulting, ensuring our digital infrastructure remains resilient while fostering consumer trust across our global operations.

Responsibilities:

• Strategic Governance & Architecture: Define the global security vision and design scalable architectures to mitigate complex cyber threats across our media and hardware footprints.
• Trust Infrastructure Management: Architect and manage the security technology stack, ensuring our global IT assets and infrastructures remain resilient against emerging threats.
• Proactive Risk & Compliance: Lead comprehensive vulnerability assessments and recommend mitigation strategies that align with industry standards such as ISO 27001.
• Operational Excellence: Oversee incident response lifecycles, from real-time resolution to deep-dive post-incident analysis and reporting.
• Security Culture & Training: Develop and execute global training programs to embed security awareness into the company DNA, ensuring compliance across all departments.
• Cross-Functional Leadership: Partner with Enterprise Architecture and Application Management to integrate security-by-design into every product and internal service.

What we are looking for:

• Expertise: Several years of leadership in security or service management within the technology or consumer electronics sector.
• Technical Breadth: Deep understanding of security frameworks, cloud security (AWS/GCP), and modern monitoring platforms.
• Strategic Mindset: Proven ability to translate complex security risks into actionable business insights for diverse stakeholders.
• Lateral Leadership: A collaborative leader capable of managing cross-functional initiatives in a fast-paced, global environment.
• Communication: Professional fluency in English and German is essential for our global coordination.
• Mandatory: Demonstrable expertise in at least two security domains, backed by relevant professional certifications.
• Preferred: Advanced credentials in Cloud Security or specialized standards like ISO 27001.

Why tonies?

Our benefits vary by location. The following benefits apply in Germany:

• Global Teamwork: We collaborate across departmental and country borders on our vision to bring the Toniebox into every child's room in the world.
• Come as you are: This applies not only to the dress code but also to everything else. Because only where you truly feel comfortable can you give your best.
• Mobility: Choose the option that suits you best - a Deutschlandticket (public transport ticket) for unlimited mobility, a monthly contribution for an office parking space, a leasing bicycle, or a remote work subsidy.
• Enhanced Security: Benefit from subsidies for company pension plans, occupational pension schemes, and occupational disability insurance.
• Rest & Time Off: Enjoy 30 days of paid annual leave as well as three additional days off such as Rosenmontag, Christmas Eve, and New Year's Eve. After one year of employment, you can also use up to 10 'toniecation days' (unpaid leave days).
• Continuous Learning: Benefit from our internal and external training opportunities as well as an individual learning budget to continuously expand your knowledge.
• Language Learning & Relaxation: Improve your communication skills with the language learning app Babbel and find relaxation through our access to the meditation app Calm.
• Discounts: Benefit from attractive discounts on our entire range of tonies products.

XML job scraping automation by YubHub

Key responsibilities include:

• Performing hands-on vulnerability triage and risk assessment using team-defined standards and playbooks
• Tracking remediation progress with owner teams, escalating blockers, and ensuring clean issue closure
• Supporting automated triage workflows by validating outputs and improving signal quality
• Contributing to automated remediation campaigns (e.g., EOL cleanup, vulnerable software upgrades, and fix verification)
• Supporting zero-day and embargo response by helping inventory affected assets and tracking owner-team deployment status
• Participating in incident investigations by gathering technical evidence and supporting impact analysis
• Participating in on-call rotation for critical vulnerability events
• Maintaining high-quality documentation, runbooks, and operational updates

The ideal candidate will have 3+ years of relevant experience in vulnerability management, security operations, application security, or related security engineering. Key skills include a strong understanding of vulnerability assessment fundamentals, hands-on experience with vulnerability management platforms, proficiency in scripting/automation for workflow support, and familiarity with cloud security concepts.

In addition to a competitive salary, we offer a variety of benefits to support your needs, including medical, dental, and vision insurance, 100% paid for by CoreWeave, company-paid life insurance, and flexible PTO.

XML job scraping automation by YubHub

This is a rare opportunity to architect and build distributed systems that will fundamentally change how large organisations approach application security and developer security workflows.

As the SRM Stage Lead, you'll be responsible for transforming our engineering culture toward high-performance distributed systems while delivering an exceptional user experience for both Application Security professionals and Developers.

You'll own the technical strategy for processing, analysing, and remediating vulnerabilities across massive codebases and complex enterprise environments.

Technical Leadership & Architecture

• Design distributed systems architecture capable of processing vulnerability data from thousands of repositories, millions of commits, and complex dependency graphs in real-time
• Drive storage system decisions for multi-petabyte security datasets, balancing query performance, cost efficiency, and data retention requirements across time-series, graph, and document storage paradigms
• Architect scalable analysis pipelines that can ingest vulnerability feeds, correlate findings across multiple security tools, and provide actionable intelligence to both security teams and individual developers
• Lead the technical evolution from monolithic security scanning to microservices-based, event-driven vulnerability management systems

Engineering Culture Transformation

• Champion high-performance systems thinking throughout the team, establishing patterns for horizontal scaling, efficient resource utilisation, and fault-tolerant distributed computing
• Establish technical standards for system observability, chaos engineering, and performance optimisation in security-critical systems
• Mentor and develop senior engineers in distributed systems design, database optimisation, and large-scale system architecture
• Drive architectural decision records (ADRs) for major technical decisions, particularly around data storage, processing frameworks, and system boundaries

Product & User Experience Excellence

• Own the end-to-end user journey (in partnership with PM) for both AppSec professionals managing enterprise-wide risk and developers receiving actionable security feedback in their workflow
• Design APIs and interfaces that abstract complexity while providing the power and flexibility that security professionals demand
• Collaborate with Product Management, UX and Product Design to translate complex technical capabilities into intuitive user experiences
• Establish feedback loops with large enterprise customers to ensure our technical solutions scale with their organisational complexity

Strategic Technical Execution

• Evaluate and integrate cutting-edge technologies in areas such as graph databases, stream processing, machine learning inference at scale, and distributed caching, in collaboration with GitLab’s Infrastructure, Data and AI teams
• Own the technical roadmap for vulnerability correlation, risk scoring, and automated remediation workflows
• Drive partnerships with other GitLab stages to ensure seamless integration across the DevSecOps platform
• Lead incident response for availability and performance issues in customer-facing security systems

What You’ll Bring

• 10+ years of software engineering experience with 5+ years leading distributed systems at scale (>100M daily operations)
• Deep expertise in designing and operating high-throughput, low-latency distributed systems with complex data models
• Proven experience with polyglot persistence strategies, including relational databases (PostgreSQL, Cloud Spanner), time-series databases, graph databases, and distributed key-value stores
• Strong background in stream processing frameworks (Apache Kafka, Apache Flink, or similar) and event-driven architectures
• Hands-on experience with container orchestration (Kubernetes) and cloud-native observability stacks
• Security domain knowledge with understanding of vulnerability assessment, static analysis, dependency scanning, or application security testing

Leadership & Communication

• Proven track record of leading and growing high-performing engineering teams (40+ engineers)
• Experience transforming engineering culture and establishing technical excellence standards in fast-growing organisations
• Strong technical communication skills with ability to present complex architectural decisions to executive stakeholders
• Collaborative leadership style with experience working across multiple engineering teams and product stakeholders

Problem-Solving & Innovation

• Systems thinking approach to complex technical problems with demonstrated ability to make appropriate trade-offs between performance, scalability, and maintainability
• Experience with A/B testing frameworks and data-driven decision making in technical contexts
• Track record of successfully delivering large-scale technical migrations or architectural transformations
• Startup or high-growth company experience with ability to balance technical debt with rapid feature delivery

About the team

Security Risk Management sits at the heart of modern DevSecOps. The systems you build will directly impact how Fortune 500 companies protect their applications and how millions of developers integrate security into their daily workflow.

You'll have the opportunity to define the future of application security tooling while working with some of the most challenging distributed systems problems in the industry.

The Technical Challenge

You'll be solving some of the most interesting distributed systems problems in the security space:

• Scale: Processing vulnerability data for organisations with 100,000+ repositories and millions of developers
• Performance: Sub-second query response times for complex security analytics across massive datasets
• Reliability: 99.95%+ uptime SLAs for security-critical workflows that can't afford downtime
• Complexity: Correlating findings across 20+ different security tools while maintaining data lineage and audit trails
• User Experience: Making complex security data accessible to both security experts and developers with varying security expertise

Salary

The base salary range for this role’s listed level is currently for residents of the United States.

XML job scraping automation by YubHub

About the Team: Anduril employs a variety of networks and networking infrastructures to support global operations. Information Systems Security Managers are in charge of directly supporting business lines that wish to deploy Anduril products in classified environments.

About the Job: As an Information Systems Security Manager, you will be responsible for providing expertise in documenting security controls to reduce the administrative cost of deploying Anduril's products into operational environments. You will partner with program and security teams to coordinate security artifacts in support of classified deployments. You will apply technology standards from the commercial space in classified, air-gapped environments.

Responsibilities:

• Provide expertise in documenting security controls to reduce the administrative cost of deploying Anduril's products into operational environments.
• Partner with program and security teams to coordinate security artifacts in support of classified deployments.
• Apply technology standards from the commercial space in classified, air-gapped environments.
• Collaborate with Information System Owners to understand key stakeholders' needs and provide complex technical solutions to meet contractual obligations.
• Tailor NIST 800-53 controls to determine applicability to the network environment and oversee the implementation of Continuous Monitoring for respective programs.
• Define, document, and conduct security scanning on Anduril's products and accredited information systems.
• Scope, shape, and orchestrate the development of features to ensure products meet compliance goals.

Required Qualifications:

• Design, develop, and implement secure systems and networks per NIST RMF, JSIG, and other industry standards.
• Integrate security best practices into Anduril's Software Development Lifecycle (SDLC) and infrastructure design, collaborating with internal IT and engineering teams.
• Conduct security risk assessments, vulnerability assessments, and audits to identify and mitigate threats.
• Recommend and implement security solutions, such as IDS/IPS, encryption protocols, and secure communications technologies.
• Develop and enforce access controls, encryption strategies, and other technical measures to safeguard systems.
• Maintain and update System Security Plans (SSPs), POA&Ms, and other accreditation documentation.

Preferred Qualifications:

• Experience with application security paradigms such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
• Proven experience in securing micro-services architecture, including implementing best practices and compliance with DoD cybersecurity standards.
• Experience with cybersecurity in unmanned and ground control system within DoD environments.
• Experience with containerization and kubernetes along with the best practices for securing them.
• Experience with Cloud Service Providers (CSPs) and the various tools they offer for implementing security and compliance best practices.

Salary: The salary range for this role is $146,000-$194,000 USD.

Benefits: Anduril offers top-tier benefits for full-time employees, including comprehensive medical, dental, and vision plans at little to no cost to you. Anduril also offers income protection, generous time off, family planning and parenting support, mental health resources, professional development, commuter benefits, relocation assistance, and a retirement savings plan.

Protecting Yourself from Recruitment Scams: Anduril is committed to maintaining the integrity of our Talent acquisition process and the security of our candidates. We've observed a rise in sophisticated phishing and fraudulent schemes where individuals impersonate Anduril representatives, luring job seekers with false interviews or job offers. These scammers often attempt to extract payment or sensitive personal information.

To ensure your safety and help you navigate your job search with confidence, please keep the following critical points in mind:

• No Financial Requests: Anduril will never solicit payment or demand personal financial details (such as banking information, credit card numbers, or social security numbers) at any stage of our hiring process. Our legitimate recruitment is entirely free for candidates.
• Please always verify communications:
• Direct from Anduril: If you receive an email from one of our recruiters, it will only come from an @anduril.com address.
• Via Agency Partner: If contacted by a recruiting agency for an Anduril role, their email will clearly identify their agency. If you suspect any suspicious activity, please verify the agency's authenticity by reaching out to contact@anduril.com.
• Exercise Caution with Unsolicited Outreach: If you receive any communication that appears suspicious, contains grammatical errors, or makes unusual requests, do not respond or engage with the sender.

XML job scraping automation by YubHub

This role requires expertise in low-level systems security and the ability to architect solutions that balance security requirements with the performance demands of training AI models across our massive fleet.

Responsibilities:

• Design and implement secure boot chains from firmware through OS initialization for diverse hardware platforms (CPUs, BMCs, switches, peripherals, and embedded microcontrollers)

• Architect attestation systems that provide cryptographic proof of system state from hardware root of trust through application layer

• Develop measured boot implementations and runtime integrity monitoring

• Create reference architectures and security requirements for bare-metal deployments

• Integrate security controls with infrastructure teams without impacting training performance

• Prototype and validate security mechanisms before production deployment

• Conduct firmware vulnerability assessments and penetration testing

• Build firmware analysis pipelines for continuous security monitoring

• Document security architectures and maintain threat models

• Collaborate with software and hardware vendors to ensure security capabilities meet our requirements

Who you are:

• 8+ years of experience in systems security, with at least 5 years focused on firmware and hardware security (firmware, bootloaders, and OS-level security)

• Hands-on experience with secure boot, measured boot, and attestation technologies (TPM, Intel TXT, AMD SEV, ARM TrustZone)

• Strong understanding of cryptographic protocols and hardware security modules

• Experience with UEFI/BIOS or embedded firmware security, bootloader hardening, and chain of trust implementation

• Proficiency in low-level programming (C, Rust, Assembly) and systems programming

• Knowledge of firmware vulnerability assessment and threat modeling

• Track record of designing security architectures for complex, distributed systems

• Experience with supply chain security

• Ability to work effectively across hardware and software boundaries

• Knowledge of NIST firmware security guidelines and hardware security frameworks

Strong candidates may also have:

• Experience with confidential computing technologies and hardware-based TEEs

• Knowledge of SLSA framework and software supply chain security standards

• Experience securing large-scale HPC or cloud infrastructure

• Contributions to open-source security projects (coreboot, CHIPSEC, etc.)

• Background in formal verification or security proof techniques

• Experience with silicon root of trust implementations

• Experience working with building foundational technical designs, operational leadership, and vendor collaboration

• Previous work with AI/ML infrastructure security

Annual Salary: $405,000-$485,000 USD

Logistics:

• Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience

• Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience

• Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position

• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

Why work with us?

• Competitive compensation and benefits

• Optional equity donation matching

• Generous vacation and parental leave

• Flexible working hours

• Lovely office space in which to collaborate with colleagues

Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process

XML job scraping automation by YubHub

Key responsibilities include:

• Defining and executing the strategy for secure frameworks, primitives, and tooling used across Databricks
• Partnering closely with engineering and product leaders across the company to ensure security/compliance by design in all new initiatives
• Driving adoption of security best practices across the organization by building easy-to-use, scalable frameworks and services
• Providing technical oversight for secure system design and guiding efforts to reduce technical debt in core security components
• Representing Databricks and our security practices internally to senior leadership and externally to the industry

Requirements include:

• Strong track record building and managing high-performing teams of engineers, with experience growing organizations through multiple phases of scale
• Deep understanding of the relevant domains and infrastructure
• Demonstrated success driving cross-functional initiatives that require influencing without direct authority
• Ability to provide technical direction at the architecture level while fostering pragmatic, high-quality execution
• Strong communication and leadership skills, with the ability to evangelize security and inspire teams and stakeholders

Preferred qualifications include a BS, MS, or PhD in Computer Science or a related technical field.

XML job scraping automation by YubHub

This role ensures the protection of personnel, assets, and sensitive information across all facility operations. You will develop and enforce security procedures, oversee access control systems, coordinate security training, and interface with regulatory and law enforcement agencies as needed.

This position requires a strong understanding of government security protocols and experience in regulated or high-security environments. Former military or government service experience is highly valued.

Responsibilities:

• Develop, implement, and maintain facility security programs in compliance with federal and company regulations.
• Establish and manage access control policies, visitor procedures, and badging systems.
• Oversee physical security measures including perimeter control, surveillance systems, and alarm response.
• Conduct vulnerability assessments and implement corrective actions to maintain compliance.
• Ensure compliance with applicable DOE, NRC, and DOD security requirements.
• Serve as the primary point of contact for security-related audits, inspections, and reviews.
• Prepare and maintain documentation, reports, and records required for regulatory compliance.
• Collaborate with internal stakeholders to integrate security requirements into facility operations and projects.

Personnel Security:

• Oversee the personnel security program, including background checks, clearance processing, and access authorization.
• Ensure proper handling and protection of sensitive information and controlled materials.
• Provide training and guidance to employees on security policies, procedures, and best practices.

Incident Response & Investigation:

• Lead investigations into security incidents and violations; coordinate with local, state, or federal authorities as required.
• Maintain and test emergency response and security incident protocols.
• Support after-hours or weekend response to urgent security matters as necessary.

Preferred Qualifications:

• Bachelor’s degree in Criminal Justice, Security Management, or related field; equivalent military or professional experience accepted.
• 5+ years of experience in security, law enforcement, or military operations, preferably in a regulated or government environment.
• Familiarity with DOE, NRC, or DOD security requirements and facility clearance processes.
• Experience implementing and managing physical and personnel security programs.
• Strong knowledge of access control, CCTV, intrusion detection, and related systems.
• Excellent organizational, communication, and leadership skills.
• Ability to obtain and maintain a federal security clearance.
• Former military or government service strongly preferred.

Benefits:

• Health, Dental & Vision Insurance
• Health Savings Account
• Disability and Life Insurance
• 401K Plan
• Paid Time Off, Holidays

XML job scraping automation by YubHub

In this role, you will establish and test security guardrails for code, cloud resources, and infrastructure components throughout the Anchorage platform. You will monitor and respond to security events and configuration anomalies across the organization, leading investigation and containment efforts. You will manage the full vulnerability lifecycle from discovery through remediation, tracking progress and ensuring timely closure of findings.

You will lead or substantially contribute to Security Operations initiatives with minimal oversight, coordinating across team boundaries to drive projects to completion. You will break complex security problems into manageable workstreams with accurate scope and time estimates. Present options clearly and provide well-reasoned priority recommendations.

Deliver assurance artifacts and evidence for regulated entity requirements, supporting audit and compliance efforts. Balance speed of response with thoroughness of investigation, adapting approach based on risk and business impact.

You will understand and help implement the company's security strategy by participating in planning and defining Security Operations goals in alignment with Anchorage Digital's overall objectives. Stay alert to emerging threats, vulnerabilities, and industry trends that could affect organizational security posture.

Consider security holistically across the product ecosystem,applications, infrastructure, and third-party integrations,while fostering a security-first culture. Collaborate cross-functionally with Engineering, Infrastructure, and Compliance teams to embed security into development and operational processes.

Share knowledge broadly across the team through documentation, runbooks, and post-incident reviews, preventing single points of failure. Partner with engineering teams to explain security risks and remediation approaches, translating technical findings into actionable guidance.

Collaborate across teams to review security configurations, triage findings, and engage in technical discussions. Communicate insights and recommendations clearly to improve processes. Demonstrate empathy by understanding others' context, priorities, and constraints,adapting communication style to maximize effectiveness with both technical and non-technical audiences.

XML job scraping automation by YubHub

We're seeking a Platform Hardware Security Engineer to design and implement security architectures for bare-metal infrastructure. You'll work with teams across Anthropic to build firmware, bootloaders, operating systems, and attestation systems to ensure the integrity of our infrastructure from the ground up.

This role requires expertise in low-level systems security and the ability to architect solutions that balance security requirements with the performance demands of training AI models across our massive fleet.

What you'll do:

• Design and implement secure boot chains from firmware through OS initialization for diverse hardware platforms (CPUs, BMCs, switches, peripherals, and embedded microcontrollers)
• Architect attestation systems that provide cryptographic proof of system state from hardware root of trust through application layer
• Develop measured boot implementations and runtime integrity monitoring
• Create reference architectures and security requirements for bare-metal deployments
• Integrate security controls with infrastructure teams without impacting training performance
• Prototype and validate security mechanisms before production deployment
• Conduct firmware vulnerability assessments and penetration testing
• Build firmware analysis pipelines for continuous security monitoring
• Document security architectures and maintain threat models
• Collaborate with software and hardware vendors to ensure security capabilities meet our requirements

Who you are:

• 8+ years of experience in systems security, with at least 5 years focused on firmware and hardware security (firmware, bootloaders, and OS-level security)
• Hands-on experience with secure boot, measured boot, and attestation technologies (TPM, Intel TXT, AMD SEV, ARM TrustZone)
• Strong understanding of cryptographic protocols and hardware security modules
• Experience with UEFI/BIOS or embedded firmware security, bootloader hardening, and chain of trust implementation
• Proficiency in low-level programming (C, Rust, Assembly) and systems programming
• Knowledge of firmware vulnerability assessment and threat modeling
• Track record of designing security architectures for complex, distributed systems
• Experience with supply chain security
• Ability to work effectively across hardware and software boundaries
• Knowledge of NIST firmware security guidelines and hardware security frameworks

Strong candidates may also have:

• Experience with confidential computing technologies and hardware-based TEEs
• Knowledge of SLSA framework and software supply chain security standards
• Experience securing large-scale HPC or cloud infrastructure
• Contributions to open-source security projects (coreboot, CHIPSEC, etc.)
• Background in formal verification or security proof techniques
• Experience with silicon root of trust implementations
• Experience working with building foundational technical designs, operational leadership, and vendor collaboration
• Previous work with AI/ML infrastructure security

Logistics

• Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience.
• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.

How we're different

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts.

XML job scraping automation by YubHub

Product & Solutions Lead, Safety and Security

Location

San Francisco

Employment Type

Full time

Department

Intelligence & Investigations

Compensation

• $288K – $425K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.

About the Team

The Intelligence & Investigations (I2) team detects and disrupts abuse and strategic risks so people can use AI safely. We translate real-world signals, investigations, and external threat intelligence into practical mitigations, operating guidance, and partner-ready support that improves safety outcomes across the AI ecosystem.

About the Role

As a Product & Solutions Lead focused on safety and security, you will build and operate 0–1 products, services, and technical solution packages that help developers and public institutions move from experimentation to durable, trusted outcomes—while maintaining public safety, transparency, and respect for privacy and rights.

This role balances two modes of delivery:

1. Bespoke products and technical solutions for strategic internal and external partners, and

1. Scalable product and solution packages that can be reused broadly across partners and deployments.

Training is a component of scale, but not the center of gravity. You will also ship reference implementations, playbooks, evaluation kits, and repeatable operating models that partners can adopt and operate.

You will work directly with engineers and a multidisciplinary group of safety and geopolitical analysts, and data and quantitative scientists to convert complex, evolving challenges into solutions that teams can adopt in high-stakes environments.

This role is based in San Francisco, CA (hybrid, 3 days/week). Relocation support is available.

In this role, you will:

• Own the 0–1 roadmap for safety and security solution offerings: define the target users, problem statements, tools, operating models, success metrics, and the set of reusable deliverables we ship.

• Design and ship bespoke technical solutions for priority partners (internal and external), then abstract what works into reusable patterns and toolkits.

• Build partner-ready technical artifacts: solution blueprints, reference architectures, evaluation and monitoring guidance, incident/response playbooks, and deployment checklists.

• Package open-source and proprietary capabilities into adoption-ready solutions (e.g., reference implementations, configuration patterns, validated workflows).

• Maintain a consistent delivery model across engagements: intake, scoping, governance alignment, execution cadence, and retrospectives that improve the offering over time.

• Translate evolving threats into actionable guidance and updates for solution packages (e.g., scams/fraud patterns, cyber-enabled threats, ecosystem abuse trends).

• Develop lightweight enablement components as needed: targeted technical modules, hands-on labs, and readiness assessments that accelerate adoption of the solutions.

• Define and instrument impact measurement: adoption milestones, readiness indicators, reliability and safety posture improvements, and partner satisfaction with outputs.

• Partner closely across engineering, safety, geopolitical analysis, and quantitative teams to ensure solutions are technically credible, threat-informed, and measurable.

• Communicate crisply and decision-readily to internal and external stakeholders: progress, trade-offs, risks, and recommendations.

You might thrive in this role if you:

• Have 6+ years in product, technical program leadership, solutions, or platform operations, especially in safety, security, risk, integrity, or enterprise/public-sector contexts.

• Have built 0–1 solution offerings (product plus services or productized services): taking ambiguous needs, shipping something concrete, then scaling it into a repeatable model.

• Have a builder’s mindset: comfortable incubating early-stage ideas, testing them with partners, and evolving them into durable, repeatable safety and security solutions.

• Can go deep with engineers and still produce partner-ready artifacts that are clear

XML job scraping automation by YubHub

Offensive Security Engineer, Agent Security

Location

San Francisco; New York City; Remote - US; Seattle; Washington, DC

Employment Type

Full time

Department

Security

Compensation

• San Francisco, Seattle, New York$347K – $490K • Offers Equity
• Zone A$312.3K – $490K • Offers Equity
• Zone B$277.6K – $490K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.

About the Team

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture.

About the Role

We're seeking an exceptional Principal-level Offensive Security Engineer to challenge and strengthen OpenAI's security posture. This role isn't your typical red team job - it's an opportunity to engage broadly and deeply, craft innovative attack simulations, collaborate closely with defensive teams, and influence strategic security improvements across the organization.

You'll have the chance to not only find vulnerabilities but actively drive their resolution, automate offensive techniques with cutting-edge technologies, and use your unique attacker perspective to shape our security strategy.

This role will be primarily focused on continuously testing our agent powered products like codex and operator. These systems are uniquely valuable targets because they’re rapidly evolving, have access to perform sensitive actions on behalf of users, and have large, diverse attack surfaces. You will play a crucial role in securing our agents by hunting for realistic vulnerabilities that emerge from the interactions between the applications, infrastructure, and models that power them.

In this role you will:

• Continuously hunt for vulnerabilities in the interactions between the applications, infrastructure, and models that power our agentic products.

• Conduct open-scope red and purple team operations, simulating realistic attack scenarios.

• Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities.

• Perform comprehensive penetration testing on our diverse suite of products.

• Leverage advanced automation and OpenAI technologies to optimize your offensive security work.

• Present insightful, actionable findings clearly and compellingly to inspire impactful change.

• Influence security strategy by providing attacker-driven insights into risk and threat modeling.

You might thrive in this role if you have:

• 7+ years of hands-on red team experience or exceptional accomplishments demonstrating equivalent expertise.

• Deep expertise conducting offensive security operations within modern technology companies.

• Experience designing, developing, or testing assessing the security of AI-powered systems.

• Experience working finding, exploiting and mitigating common vulnerabilities in AI systems like prompt injection, leaking sensitive data, confused deputies, and dynamically generated UI components.

• Exceptional skill in code review, identifying novel and subtle vulnerabilities.

• Proven experience performing offensive security assessments in at least one hyperscaler cloud environment (Azure preferred).

• Demonstrated mastery assessing complex technology stacks, including:

• Highly customized Kubernetes clusters

• Container environments

• CI/CD pipelines

• GitHub security

• macOS and Linux operating systems

• Data science tooling and environments

• Python-based web services

• React-based frontend applications
• Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts.

• Excellent coding skills, capable of writing robust tools and automation for offensive operations.

• Ability to communicate complex technical concepts to both technical and non-technical stakeholders.

Experience Level

Senior

Employment Type

Full-time

Workplace Type

Remote

Category

Engineering

Industry

Technology

Salary Range

$347K – $490K • Offers Equity

Required Skills

• Red team experience
• Offensive security operations
• AI-powered systems security
• Vulnerability assessment
• Penetration testing
• Automation
• Code review
• Cloud security
• Kubernetes
• Container security
• CI/CD pipelines
• GitHub security
• macOS and Linux operating systems
• Data science tooling and environments
• Python-based web services
• React-based frontend applications

Preferred Skills

• Azure cloud security
• Highly customized Kubernetes clusters
• Container environments
• CI/CD pipelines
• GitHub security
• macOS and Linux operating systems
• Data science tooling and environments
• Python-based web services
• React-based frontend applications

XML job scraping automation by YubHub