Staff Security Engineer, Container & VM SecurityThe Rundown AI, Inc. • San Francisco, CA, United States
Staff Security Engineer, Container & VM Security
The Rundown AI, Inc. • San Francisco, CA, United States
4 days ago
Job type
- Full-time
Job descriptionHave 8+ years of experience in systems security, with deep expertise in virtualization and containerization security Possess expert-level knowledge of Linux kernel isolation mechanisms and have experience implementing them in production environments Have a proven track record of securing untrusted workloads in cloud settings, including both public cloud and private infrastructure Are proficient in multiple programming languages (e.g., Go, Rust, C / C++, Python) with experience in systems programming Have hands-on experience with container runtimes (Docker, containerd, CRI-O) and orchestration platforms (Kubernetes) Understand hypervisor internals and have experience with VM security (QEMU / KVM, Xen, VMware, Hyper-V) Can design and articulate complex threat models for distributed systems Have experience with cloud provider security models and their isolation guarantees Thrive in ambiguous environments and can balance security requirements with performance and usability needs Communicate effectively with both technical and non-technical stakeholders about security risks and mitigations Experience with microVM technologies (Firecracker, Cloud Hypervisor) and their security properties Knowledge of hardware-based security features (Intel TDX, AMD SEV, SGX) and their application to confidential computing Contributions to open-source security projects related to containerization or virtualization Experience with eBPF for security monitoring and enforcement Understanding of AI / ML workload characteristics and their unique security requirements Track record of identifying and responsibly disclosing security vulnerabilities in virtualization or container platforms Experience building security tooling and automation for large-scale infrastructure Background in formal verification or security research Designing a multi-layered sandboxing architecture that combines VMs and containers to safely execute untrusted AI-generated code Implementing runtime security policies using seccomp, AppArmor, and SELinux to minimize container attack surface Building a threat detection system that identifies potential container escape attempts using eBPF and kernel audit logs Creating secure defaults and guardrails for Kubernetes deployments to prevent privilege escalation and lateral movement Developing automated security testing for our sandboxing infrastructure to continuously validate isolation properties Architecting network isolation strategies using CNI plugins and cloud-native firewalling to segment workloads
About the Role
At Anthropic, we're building frontier AI systems that require unprecedented levels of security and isolation. We're seeking a Staff Security Engineer specializing in container and VM security to help us design and implement robust sandboxing solutions that protect our AI infrastructure from untrusted workloads while maintaining performance and usability.
In this role, you'll be at the forefront of securing our compute infrastructure, working with cutting-edge virtualization and containerization technologies. You'll architect secure-by-default systems that leverage Linux kernel isolation mechanisms, design threat models for complex distributed systems, and build defenses that can withstand sophisticated attacks. Your work will be critical in ensuring that our systems remain secure as we scale to support increasingly powerful models and diverse use cases.
Responsibilities
- Design and implement secure sandboxing architectures using virtualization (KVM, Xen, Firecracker, Cloud Hypervisor) and container technologies (OCI containers, gVisor, Kata Containers) to isolate untrusted workloads
- Develop deep expertise in Linux kernel isolation mechanisms including namespaces, cgroups, seccomp, capabilities, and LSMs (SELinux / AppArmor) to build defense-in-depth strategies
- Create comprehensive threat models for our sandboxing infrastructure, identifying attack vectors and designing mitigations for container escapes, VM breakouts, and side-channel attacks
- Build and maintain security policies and configurations for multi-tenant cloud environments, ensuring strong isolation between different workloads
- Partner with infrastructure teams to implement secure-by-default patterns for deploying and managing containerized and virtualized workloads at scale
- Develop monitoring and detection capabilities to identify potential security breaches or anomalous behavior within our sandboxed environments
- Lead security reviews of new sandboxing technologies and provide guidance on their adoption within our infrastructure
- Mentor other engineers on secure coding practices and sandboxing best practices
- Contribute to our security incident response efforts, particularly for isolation-related security events
- Collaborate with research teams to understand the unique security requirements of AI workloads and develop appropriate isolation strategies
You may be a good fit if you :
Strong candidates may also have :
Representative projects :
Deadline to apply : None. Applications will be reviewed on a rolling basis.
#J-18808-Ljbffr
Create a job alert for this search
Staff Security Engineer • San Francisco, CA, United States
Related jobs
OpenGov is the leader in AI and ERP solutions for local and state governments in the U.More than 2,000 cities, counties, state agencies, school districts, and special districts rely on the OpenGov ...Show more
Anthropic’s mission is to create reliable, interpretable, and steerable AI systems.We want AI to be safe and beneficial for our users and for society as a whole.
Our team is a quickly growing group ...Show more
Senior Staff Infrastructure Security Engineer Location San Francisco Salary 55000 - 95000 a year (s) Description Crusoe is building the World's Favorite AI-first Cloud infrastructure company.We...Show more
Verkada is the largest cloud-based B2B physical security platform company in the world.Only Verkada offers six product lines — video security cameras, access control, environmental sensors, alarms,...Show more
Staff Security Engineer, Security Partnerships.Staff Security Engineer, Security Partnerships.Stripe is a financial infrastructure platform for businesses.
Millions of companies—from the world's lar...Show more
At Ripple, we’re building a world where value moves like information does today.It’s big, it’s bold, and we’re already doing it.
Through our crypto solutions for financial institutions, businesses, ...Show more
Pomelo Care is a multi‑disciplinary team of clinicians, engineers and problem solvers who are passionate about improving care for moms and babies.
We are transforming outcomes for pregnant people an...Show more
Staff Platform Security Engineer.Be among the first 25 applicants.Staff Platform Security Engineer.Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offer...Show more
Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and in...Show more
EvenUp is on a mission to close the justice gap using technology and AI.We empower personal injury lawyers and victims to get the justice they deserve.
Our products enable law firms to secure faster...Show more
Credit Genie is a mobile-first financial wellness platform designed to help individuals take control of their financial future.
We leverage artificial intelligence to provide personalized insights a...Show more Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and in...Show more 
Staff Security Operations Engineer.Continue with Google Continue with Google.Be among the first 25 applicants.Staff Security Operations Engineer.
We have opened several senior / staff Security Operati...Show more
Okta is The World’s Identity Company.We free everyone to safely use any technology, anywhere, on any device or app.Our flexible and neutral products, Okta Platform and Auth0 Platform, provide secur...Show more Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and in...Show more 
Box (NYSE : BOX) is the leader in Intelligent Content Management.Our platform enables organizations to fuel collaboration, manage the entire content lifecycle, secure critical content, and transform ...Show more
We are seeking a highly skilled and hands-on Security Engineer with a DevSecOps focus to join the TDI BT Security team.In this role, you will be embedded directly within our technical environments,...Show more
Staff Security Engineer (Hybrid).Join us as our first Security Engineer to define and drive the foundation of security for a next‑generation developer platform that powers responsible AI.Your work ...Show more
Sr. Security Operations Engineer
OpenGov • San Francisco, CA, United States
Full-time
Last updated: 1 day ago • Promoted
Staff Software Engineer, Container Infrastructure Security
Anthropic • San Francisco, CA, United States
Full-time
Last updated: 1 day ago • Promoted
Senior Staff Infrastructure Security Engineer
Promote Project • San Francisco, CA, US
Full-time
Last updated: 30+ days ago • Promoted
Staff Backend Engineer - Device Security
Verkada • San Mateo, California, United States
Full-time
Last updated: 30+ days ago • Promoted
Staff Security Engineer, Security Partnerships
Stripe • San Francisco, CA, United States
Full-time
Last updated: 1 day ago • Promoted
Staff Security Engineer, Secure Digital Asset Operations
P2P • San Francisco, CA, United States
Full-time
Last updated: 30+ days ago • Promoted
Staff Security Engineer
Pomelo Care • San Francisco, CA, United States
Full-time
Last updated: 1 day ago • Promoted
Staff Platform Security Engineer
Gemini • San Francisco, CA, United States
Full-time
Last updated: 30+ days ago • Promoted
Staff Platform Security Engineer (IAM)
Gemini Trust Company • San Francisco, CA, United States
Full-time
Last updated: 1 day ago • Promoted
Staff Security Engineer
EvenUp Inc. • San Francisco, CA, United States
Full-time
Last updated: 2 days ago • Promoted
Staff Security Engineer
Credit Genie • San Francisco, CA, United States
Full-time
Last updated: 1 day ago • Promoted
Staff Enterprise Security Engineer
Gemini • San Francisco, CA, United States
Full-time
Last updated: 30+ days ago • Promoted
Staff Security Operations Engineer
Canonical • San Francisco, CA, United States
Full-time
Last updated: 30+ days ago • Promoted
Staff Security Engineer, TDI Okta
Isc2 Eastbay Chapter • San Francisco, CA, United States
Full-time
Last updated: 4 days ago • Promoted
Staff Enterprise Security Engineer
Gemini Trust Company • San Francisco, CA, United States
Full-time
Last updated: 1 day ago • Promoted
Staff Security Engineer
Box • Redwood City, CA, United States
Full-time
Last updated: 30+ days ago • Promoted
Staff Security Engineer, TDI
Okta • San Francisco, CA, United States
Full-time
Last updated: 4 days ago • Promoted
Staff Security Engineer (Hybrid)
Fiddler AI • San Francisco, CA, United States
Full-time
Last updated: 1 day ago • Promoted