Назад
22 часа назад

Staff+ Application Security Engineer (M&A)

320 000 - 485 000$
Формат работы
hybrid
Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
US
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Staff+ Application Security Engineer (M&A): Establishing the security due diligence and integration function for acquisitions with an accent on assessing target security postures and automating integration workflows. Focus on building repeatable risk models and using LLMs to scale security assessments for unfamiliar codebases.

Location: Hybrid (Must be based in the US). Office locations: San Francisco, CA; Seattle, WA; New York City, NY. Expectation to be in-office at least 25% of the time.

Salary: $320,000 - $485,000 USD

Company

Anthropic is a public benefit corporation focused on creating reliable, interpretable, and steerable AI systems.

What you will do

  • Lead pre-close security due diligence for acquisitions, including threat modeling and risk readouts for leadership.
  • Drive post-close integration by implementing SAST/DAST coverage and onboarding acquired assets to vulnerability management systems.
  • Formalize the M&A security playbook, including risk-scoring models and diligence runbooks.
  • Develop Claude-powered tooling to automate repetitive parts of the diligence and integration process.
  • Collaborate with corporate development, legal, and engineering stakeholders across different organizations.
  • Contribute to core AppSec projects and the team's operational on-run rotation, including incident response and bug bounty.

Requirements

  • Hands-on experience in application and infrastructure security within cloud and containerized environments.
  • Ability to rapidly assess unfamiliar architectures and produce prioritized risk assessments for non-security audiences.
  • Production-quality coding skills in Python, Go, Rust, or TypeScript.
  • Practical threat-modeling and vulnerability-identification experience.
  • Ability to operate with high autonomy and handle confidential, time-sensitive context.
  • Must be based in the US (San Francisco, Seattle, or New York City).

Nice to have

  • 7+ years of experience in AppSec, security consulting, or architecture.
  • Prior experience with M&A security due diligence or third-party assessments.
  • Experience scaling SAST/DAST, bug bounty, or vulnerability management.
  • Track record of building security automation tooling.
  • Familiarity with using LLMs as a core part of a security workflow.

Culture & Benefits

  • Competitive compensation and benefits with optional equity donation matching.
  • Generous vacation and parental leave.
  • Flexible working hours and collaborative office spaces.
  • Visa sponsorship availability.
  • High-impact research environment focusing on steerable and trustworthy AI.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →