Anthropic is seeking a Staff Software Engineer to design and implement robust sandboxing solutions that protect their AI infrastructure from untrusted workloads while maintaining performance and usability.
Requirements
- 8+ years of experience in systems security, with deep expertise in virtualization and containerization security
- Expert-level knowledge of Linux kernel isolation mechanisms and have experience implementing them in production environments
- Proven track record of securing untrusted workloads in cloud settings, including both public cloud and private infrastructure
- Proficient in multiple programming languages (e.g., Go, Rust, C/C++, Python) with experience in systems programming
- Hands-on experience with container runtimes (Docker, containerd, CRI-O) and orchestration platforms (Kubernetes)
- Understand hypervisor internals and have experience with VM security (QEMU/KVM, Xen, VMware, Hyper-V)
- Can design and articulate complex threat models for distributed systems
Responsibilities
- Design and implement secure sandboxing architectures using virtualization (KVM, Xen, Firecracker, Cloud Hypervisor) and container technologies (OCI containers, gVisor, Kata Containers) to isolate untrusted workloads
- Develop deep expertise in Linux kernel isolation mechanisms including namespaces, cgroups, seccomp, capabilities, and LSMs (SELinux/AppArmor) to build defense-in-depth strategies
- Create comprehensive threat models for our sandboxing infrastructure, identifying attack vectors and designing mitigations for container escapes, VM breakouts, and side-channel attacks
- Build and maintain security policies and configurations for multi-tenant cloud environments, ensuring strong isolation between different workloads
- Partner with infrastructure teams to implement secure-by-default patterns for deploying and managing containerized and virtualized workloads at scale
- Develop monitoring and detection capabilities to identify potential security breaches or anomalous behavior within our sandboxed environments
- Lead security reviews of new sandboxing technologies and provide guidance on their adoption within our infrastructure
Other
- At least a Bachelor's degree in a related field or equivalent experience
- Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time
- Visa sponsorship: We do sponsor visas, but we aren't able to successfully sponsor visas for every role and every candidate
- Strong communication skills and ability to work collaboratively with both technical and non-technical stakeholders
- Ability to balance security requirements with performance and usability needs
