Staff+ Application Security Engineer - M&A

AnthropicSeattle, WA
$320,000 - $485,000Hybrid

About The Position

Anthropic's Application Security team is responsible for securing the systems that build, serve, and increasingly are Claude. As Anthropic's footprint grows, this mandate extends to companies and codebases acquired through mergers and acquisitions. This role is the first dedicated position to establish and own this function. The individual will be responsible for security due diligence and secure integration for Anthropic's acquisitions. This includes assessing a target's security posture pre-close, providing security risk readouts to leadership, and ensuring acquired systems meet Anthropic's security standards post-close. The role involves formalizing the M&A security playbook, risk model, and tooling to ensure repeatability. While M&A security is the primary focus, the role is also an active member of the Application Security team, participating in team rituals, on-call rotations, and using the same tooling as engineers securing Anthropic's core product surfaces. The expectation is to leverage Claude as a primary tool and automate repeatable aspects of diligence and integration. During periods of low deal flow, the engineer will contribute to core AppSec projects. The role is described as 'bursty,' assessment-heavy, and operating under confidential, time-sensitive conditions, appealing to those who enjoy assessing unfamiliar codebases under pressure and distilling complex risks into clear reports for leadership.

Requirements

  • Hands-on application and infrastructure security experience, including cloud and containerized environments.
  • Demonstrated ability to rapidly assess an unfamiliar codebase or architecture and produce a clear, prioritized risk assessment for a non-security audience.
  • Production-quality coding ability in at least one of Python, Go, Rust, or TypeScript.
  • Practical threat-modeling and vulnerability-identification skills.
  • Comfort operating with high autonomy, ambiguity, and tightly-held confidential context.
  • Clear written and verbal communication skills across varied audiences, including executives, legal and corporate development partners, and engineering counterparts.

Nice To Haves

  • 7+ years in application security, security consulting, or security architecture.
  • Prior M&A security due diligence, third-party security assessment, or technical due diligence experience.
  • Experience standing up or scaling SAST/DAST, bug bounty, or vulnerability management coverage across multiple codebases.
  • Track record of building security automation or tooling rather than relying solely on manual review.
  • Familiarity with using LLMs as a core part of your security workflow.
  • Experience securing agentic, code-execution, or LLM-integrated systems.

Responsibilities

  • Lead pre-close security due diligence on prospective acquisitions, including coordinating external penetration testing, threat modeling target architectures, assessing security controls, and delivering security risk readouts to leadership.
  • Drive post-close security integration by establishing static and dynamic analysis coverage for acquired codebases, tracking high- and critical-severity remediation, incorporating acquired assets into the bug bounty program, and onboarding repositories to Anthropic's automated vulnerability remediation and reporting systems.
  • Coordinate with adjacent security engineering teams (supply chain, cloud, corporate security, detection & response) on their respective integration responsibilities.
  • Collaborate with a wide range of stakeholders, including corporate development, legal, security leadership, and internal engineering teams, as well as external engineering and security counterparts at target companies, translating technical security information and ensuring the security workstream is understood by all parties.
  • Formalize and scale Anthropic's M&A security playbook, including the risk-scoring model, diligence runbook, and integration checklist, and develop Claude-powered tooling to automate these processes.
  • Participate in the team's operational on-run rotation, including bug bounty escalations, launch consults, and incident response, rotating out during active deal periods.
  • Contribute to core AppSec projects between deals, such as secure design reviews, threat modeling for agentic systems, and the team's security automation roadmap.

Benefits

  • Competitive compensation and benefits
  • Optional equity donation matching
  • Generous vacation and parental leave
  • Flexible working hours
  • Lovely office space
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service