Is the Security Labs Engineer role remote?

It's hybrid — Anthropic expects some on-site time in San Francisco, CA.

What's the salary range?

Anthropic lists $405,000–$485,000 for this role.

How much experience is required?

At least 7 years of relevant experience for this Security Labs Engineer role.

Where is the role based?

Anthropic is hiring for this position in San Francisco, CA.

What's the tech stack?

Joblaze extracted these technologies from the posting: AWS, Confidential computing, Go, offensive security, Zero-knowledge proofs, Rust.

Does Anthropic sponsor work visas for this role?

Yes — the posting indicates visa sponsorship is available for the right candidate.

What seniority level is this role?

Anthropic targets senior candidates for this position.

Is this full-time or contract?

Full-time for this Security Labs Engineer role at Anthropic.

Security Labs Engineer at Anthropic

Joblaze summary

In the role of Security Labs Engineer at Anthropic, the individual is responsible for leading security research projects that explore high-stakes questions about AI safety and infrastructure resilience. Key skills include strong programming abilities in Python and systems languages, along with hands-on experience in cloud environments and security technologies. This position is ideal for seasoned professionals with a background in software or security engineering, particularly those who thrive in experimental and collaborative settings. Anthropic emphasizes a culture of learning from both successes and failures, making it a dynamic environment for innovation.

Joblaze insights

Listed about a month ago on Joblaze — tracked directly from Anthropic's career page.
Anthropic has 401 other open roles including Finance & Strategy, EMEA GTM (Dublin or London location), Director, Infrastructure Compute Procurement, Engineering Manager, Cybersecurity Products.
2370 active Python roles on Joblaze right now.
1251 active AWS roles on Joblaze right now.
1058 active Kubernetes roles on Joblaze right now.
Salary band is above the typical range for Security (median ~$168,000).

Quick facts

Is the Security Labs Engineer role remote?: It's hybrid — Anthropic expects some on-site time in San Francisco, CA.
What's the salary range?: Anthropic lists $405,000–$485,000 for this role.
How much experience is required?: At least 7 years of relevant experience for this Security Labs Engineer role.
Where is the role based?: Anthropic is hiring for this position in San Francisco, CA.
What's the tech stack?: Joblaze extracted these technologies from the posting: AWS, Confidential computing, Go, offensive security, Zero-knowledge proofs, Rust.
Does Anthropic sponsor work visas for this role?: Yes — the posting indicates visa sponsorship is available for the right candidate.
What seniority level is this role?: Anthropic targets senior candidates for this position.
Is this full-time or contract?: Full-time for this Security Labs Engineer role at Anthropic.

From the original posting

About Anthropic

Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About the Role

Frontier AI is on track to be among the most consequential and most adversarially-targeted technology in the world. The capability curve is steep, the adversaries who want these systems are extremely well-resourced, and the security bar this will eventually require is well beyond where the industry operates today. Incremental hardening alone is not going to close that gap, so we need breakthroughs and a group of people to go find them.

Security Labs is that team. We run a portfolio of high-risk, high-expected-value security projects: the work that seems impractical until someone optimistic and stubborn enough actually tries it. Projects run on the order of weeks rather than quarters, and each one is either handed off to the Anthropic team that will own it in production or wound down with a writeup of what we learned. We expect a meaningful fraction of our bets not to land.

This is an experimental team and we expect a meaningful fraction of our bets not to land; the team itself is on a prove-out, engineers in this role need to be comfortable taking risks. If a 30% project success rate with that much ambiguity sounds uncomfortable or spending your time looking into uncharted and chaotic territory isn’t frightening and exciting, this probably isn't the right fit. There are other places in Anthropic Security doing important work with more structure, less risk, and more productive paths to positive outcomes.

The questions we're trying to answer include:

Can our core research workflows survive extreme isolation?
Can we replace trust with cryptographic guarantees?
Can the models themselves become our most effective security control?
What would it actually take to defend against a tier-1 state adversary, and how much of that can we build now?

Who we're looking for. We're hiring generalists with rare depth. You're a strong software engineer as a baseline, and on top of that you've gone deep in at least one area most engineers don't get near: firmware or hardware security, applied cryptography, OS / kernel / hypervisor internals, formal methods, reverse engineering, or high-assurance and cross-domain systems. You've built things under your own direction, you're comfortable jumping layers when the problem demands it, and you'd rather take a swing at something that might not work than ship the safe incremental thing. You think the trajectory of AI matters a great deal, you're not comfortable with how the security side of it is going by default, and you'd rather be on the inside building the answer than watching from outside.

Current Project Areas

The portfolio changes as we learn. The kinds of bets currently in flight or queued:

Standing up a prototype high-assurance research cluster: running real Anthropic training and research workloads under extreme isolation and physical security controls, and finding out exactly where productivity breaks and what we'd need to invent to get it back
Provable inference: cryptographic verification (zero-knowledge proofs, attestation chains) that a given output came from a specific model running specific code, replacing "trust us" with math
Swapping our container runtime for a hypervisor-isolated microVM substrate across the fleet, so a compromised host can't touch workload integrity
Compiling an ML kernel through a formally verified pipeline where every lowering step carries a machine-checked proof of equivalence, making compilation-layer sabotage mathematically detectable
Regenerating clusters: automation that spins up a purpose-built cell, runs a workload, and tears the whole thing down on a TTL measured in hours, so attacker persistence has an expiry date
Using Claude itself to drive security work end to end: threat modeling new compute platforms, rewriting critical services to zero external dependencies, running the test equipment that validates what hardware datasheets claim

Part of your job is deciding what comes next. We hire people we trust to pick good bets, and project selection is owned by the engineers doing the work.

What You’ll Do

Own Security Labs projects end to end. You'll scope the bet, build the prototype, run it against real workloads, and bring it to either a hand-off or a documented exit
Stand up novel security infrastructure fast (isolated clusters, attestation chains, hypervisor and runtime work, verification tooling) optimizing for what we learn rather than for permanence
Find the receiving team early, bring them along while you build, and hand them something they actually want to own
Work embedded with research and infrastructure teams (Pretraining, RL, Inference, Compute) to test whether their workflows survive what you're proposing, and document precisely where they don't
Turn experimental results into short writeups that shape Anthropic's long-term security architecture, and into costed contingency plans we could execute on short notice
Help pick the next round of bets and influence the industry to get better along the way

You May Be a Good Fit If You

Genuinely care about where AI is heading and want to work on the security problems that determine whether it goes well. This is the most important thing on this list
Have real depth in at least one area most software engineers don't touch (e.g. firmware or hardware security, applied cryptography, OS / kernel / hypervisor internals, formal methods and verification, reverse engineering and exploit development, or high-assurance / cross-domain systems)
Have built and shipped things under your own direction. Maybe you founded a company or research group, maintained an open-source project other people depend on, or shipped research that changed how people in your field work. We weight this far more than where you've worked or for how long
Have a track record of choosing the problem yourself and seeing it through, rather than only executing a plan someone else handed you
Are comfortable jumping between domains and layers of the stack when the problem calls for it, and have actually done so
Have run prototypes or experiments where the goal was answering a hard question rather than shipping a permanent system, including ones that didn't pan out
Write clearly enough to turn weeks of work into a couple of pages someone can act on
Change your mind when the evidence says to, and are fine being the least-expert person in a room full of specialists
Care about defense. Plenty of folks here come from offense and that background is valuable, but what you actually want to spend your time on now is making systems hold up
Are a strong programmer (Python plus at least one of Rust, Go, or C/C++) and can stand up real infrastructure without that being the interesting part of your week

Strong Candidates May Also Have

Experience inside airgapped or high-side environments (classified networks, cross-domain solutions, ICS/SCADA, financial trading infrastructure) and the operational realities of working in them
A background in offensive security, red teaming, or vulnerability research, with calibrated intuitions for which threats actually matter
Familiarity with ML infrastructure (training pipelines, distributed schedulers, inference serving, accelerator hardware) sufficient for grounded conversations with researchers about what their workloads actually need
A history of working in environments built around rapid iteration rather than rigid change control: startups, applied research groups, independent consulting, small security shops

What We Care Less About

Years of experience. We level on signal and on what you've built, not tenure.
Whether you've built large-scale distributed systems or worked at a big company. If you learn fast and you've shipped real things, that's enough.

Location

This role is based in our San Francisco office (500 Howard St). Several Labs projects involve physical secure facilities on-site, so expect to be in-office more frequently than Anthropic's standard 25% hybrid baseline.

We Encourage You to Apply

Not all strong candidates will meet every qualification listed above. Research shows that people from underrepresented groups are more likely to talk themselves out of applying. If this work interests you and you have most of what we're looking for, we'd like to hear from you.

We believe AI systems have profound social and ethical implications, and we think diverse perspectives make our work better. We actively work to build a team that reflects a range of backgrounds and experiences.

Deadline to Apply: None, applications will be received on a rolling basis.

The annual compensation range for this role is listed below.

For sales roles, the range provided is the role’s On Target Earnings ("OTE") range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role.

Annual Salary:

$405,000—$485,000 USD

Logistics

Minimum education: Bachelor’s degree or an equivalent combination of education, training, and/or experience

Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience

Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position

Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. We think AI systems like the ones we're building have enormous social and ethical implications. We think this makes representation even more important, and we strive to include a range of diverse perspectives on our team.

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.

How we're different

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills.

The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences.

Come work with us!

Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues. Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process.