Technical Policy Manager, Cyber Harms

Technical Policy Manager, Cyber Harms at Anthropic

Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About The Role

We are looking for a cybersecurity expert to lead our efforts to prevent AI misuse in the cyber domain. As a Technical Policy Manager, Cyber Harms, you will lead a team applying deep technical expertise to inform the design of safety systems that detect harmful cyber behaviors and prevent misuse by sophisticated threat actors. Working closely with Research Engineers who build these safety systems, you and your team will provide the critical cybersecurity domain knowledge needed to ensure our safeguards are effective against real-world threats. You will be at the forefront of defining what responsible AI safety looks like in the cybersecurity domain, working across research, policy, and engineering to translate complex cyber threat concepts into concrete technical safeguards and actionable policies. This is a unique opportunity to shape how frontier AI models handle dual-use cybersecurity knowledge—balancing the tremendous potential of AI to advance legitimate security research and defensive capabilities while preventing misuse by malicious actors.

In This Role, You Will

• Lead and grow a team of technical specialists focused on cyber threat modeling and evaluation frameworks
• Design and oversee execution of capability evaluations ("evals") to assess the cyber-relevant capabilities of new models
• Create comprehensive cyber threat models, including attack vectors, exploit chains, precursor identification, and weaponization techniques
• Develop and iterate on usage policies that govern responsible use of our models for emerging capabilities and use cases related to cyber harms
• Serve as the primary domain expert on cyber harms, advising cross-functional teams on threat landscapes and mitigation strategies
• Collaborate closely with internal and external threat modeling experts to develop training data for safety systems, and with ML engineers to train these systems, optimizing for both robustness against adversarial attacks and low false-positive rates for legitimate security researchers
• Analyze safety system performance in traffic, identifying gaps and proposing improvements
• Conduct regular reviews of existing policies and enforcement systems to identify and address gaps and ambiguities related to cybersecurity risks
• Develop rigorous stress-testing of safeguards against evolving cyber threats and product surfaces
• Partner with Research, Product, Policy, Security Team, and Frontier Red Team to ensure cybersecurity safety is embedded throughout the model development lifecycle
• Translate cybersecurity domain knowledge into actionable safety requirements and clearly articulated policies
• Contribute to external communications, including model cards, blog posts, and policy documents related to cybersecurity safety
• Monitor emerging technologies and threat landscapes for their potential to contribute to new risks and mitigation strategies, and strategically address these
• Mentor and develop team members, fostering a culture of technical excellence and responsible AI development

You May Be a Good Fit If You Have

• An M.S. or PhD in Computer Science, Cybersecurity, or a related technical field, OR equivalent professional experience in offensive or defensive cybersecurity
• 5+ years of hands-on experience in cybersecurity, with deep expertise in areas such as vulnerability research, exploit development, network security, malware analysis, or penetration testing
• 2+ years of experience managing technical teams or leading complex technical projects with multiple stakeholders
• Experience in scientific computing and data analysis, with proficiency in programming (Python preferred)
• Deep expertise in modern cybersecurity, including both offensive techniques (vulnerability research, exploit development, penetration testing, malware analysis) and defensive measures (detection, monitoring, incident response)
• Demonstrated ability to create threat models and translate technical cyber risks into policy frameworks
• Familiarity with responsible disclosure practices, vulnerability coordination, and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, CWE/CVE systems)
• Strong analytical and writing skills, with the ability to navigate ambiguity and explain complex technical concepts to non-technical stakeholders
• Experience developing policies or guidelines at scale, balancing safety concerns with enabling legitimate use cases
• A passion for learning new skills and an ability to rapidly adapt to changing techniques and technologies
• Comfort working in a fast-paced environment where priorities may shift as AI capabilities evolve
• Track record of translating specialized technical knowledge into actionable safety policies or enforcement guidelines

Preferred Qualifications

• Background in AI/ML systems, particularly experience with large language models
• Experience developing ML-based security systems or adversarial ML research
• Experience working with defense, intelligence, or security organizations (e.g., NSA, CISA, national labs, security contractors)
• Published security research, disclosed vulnerabilities, or participated in bug bounty programs
• Understanding of Trust & Safety operations and content moderation at scale
• Certifications such as OSCP, OSCE, GXPN, or equivalent demonstrating technical depth
• Understanding of dual-use security research concerns and ethical considerations in AI safety

Compensation and Logistics

The annual compensation range for this role is $320,000—$405,000 USD. We require at least a Bachelor's degree in a related field or equivalent experience. Currently, we expect all staff to be in one of our offices at least 25% of the time, following a location-based hybrid policy. Visa sponsorship is available, and we make every reasonable effort to secure visas for successful candidates. We encourage all interested individuals to apply, even if you do not believe you meet every single qualification, as we value diverse perspectives and aim to build beneficial AI systems safely and ethically. Please be aware of potential scams; Anthropic recruiters will only contact you from @anthropic.com email addresses.

How We're Different

At Anthropic, we believe that the highest-impact AI research will be big science, working as a single cohesive team on a few large-scale research efforts. We value advancing our long-term goals of steerable, trustworthy AI through an empirical science approach, similar to physics and biology. Our group is extremely collaborative, with frequent research discussions to ensure we pursue the highest-impact work. We are headquartered in San Francisco, offering competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space. We also provide guidance on candidates' AI usage in our application process.

Key skills/competency

• Cybersecurity Expertise
• Threat Modeling
• AI Safety
• Policy Development
• Team Leadership
• Vulnerability Research
• Exploit Development
• ML-based Security
• Cross-functional Collaboration
• Risk Mitigation