Staff Security Engineer, Container and VM Security: Anthropic

Anthropic, a leading AI safety and research company with the mission to create reliable, interpretable, and steerable AI systems, is seeking a Staff Security Engineer. This role is at the forefront of securing the company's frontier AI systems, which require unprecedented levels of security and isolation.

As a specialist in container and VM security, you will be responsible for designing and implementing robust sandboxing solutions that protect Anthropic's AI infrastructure from untrusted workloads. Your work will be critical in ensuring that the systems remain secure as they scale to support increasingly powerful models, leveraging cutting-edge virtualization and containerization technologies.

Key Responsibilities:
Design and implement secure sandboxing architectures using virtualization (KVM, Firecracker) and container technologies (gVisor, Kata Containers).

Develop deep expertise in and apply Linux kernel isolation mechanisms like namespaces, cgroups, seccomp, and LSMs (SELinux/AppArmor).

Create comprehensive threat models for sandboxing infrastructure, identifying attack vectors and designing mitigations for container escapes and VM breakouts.

Build and maintain security policies and configurations for multi-tenant cloud environments.

Partner with infrastructure teams to implement secure-by-default patterns for deploying containerized and virtualized workloads at scale.

Develop monitoring and detection capabilities to identify potential security breaches or anomalous behavior within sandboxed environments.

Required Qualifications:
8+ years of experience in systems security, with deep expertise in virtualization and containerization security.

Expert-level knowledge of Linux kernel isolation mechanisms and experience implementing them in production.

A proven track record of securing untrusted workloads in cloud settings.

Proficiency in multiple programming languages (e.g., Go, Rust, C/C++, Python) with systems programming experience.

Hands-on experience with container runtimes (Docker, containerd) and orchestration platforms like Kubernetes.

Ability to design and articulate complex threat models for distributed systems.

Preferred Qualifications:
Experience with microVM technologies like Firecracker or Cloud Hypervisor.

Knowledge of hardware-based security features (Intel TDX, AMD SEV).

Contributions to open-source security projects related to containerization or virtualization.

Experience with eBPF for security monitoring and enforcement.

A track record of identifying and responsibly disclosing security vulnerabilities.

Note: Anthropic sponsors visas for this role.