Engineering Manager, Access Management

<div class="content-intro"><h2><strong>About Anthropic</strong></h2> <p>Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.</p></div><h2><strong>About the Role</strong>&nbsp;</h2> <p>We are seeking a Security Engineering Manager to lead our Access Management team. This team builds and operates the systems that control who and what can access Anthropic's infrastructure, data, and AI systems — our policy-based authorization engine, our centralized access-request and provisioning platform, and the audit tooling that keeps these systems accountable.&nbsp;</p> <p>The central challenge is designing access controls that keep pace with Anthropic's rapid growth — scaling least-privilege enforcement across an expanding fleet of cloud infrastructure, AI systems, and SaaS tools while keeping engineers productive.&nbsp;</p> <p>This includes a problem few companies have encountered yet: deciding how AI agents that work autonomously alongside human engineers should be granted and reviewed for access. You'll lead a small, high-impact team today and grow it as the company scales, partnering closely with IT, Security, GRC, and engineering teams across the organization.</p> <h2><strong>What You'll Do:</strong></h2> <ul> <li>Lead, mentor, and grow a team of security engineers building access management infrastructure; you'll own hiring as the team scales</li> <li>Own the technical roadmap for our authorization engine, access-request platform, and related access control systems — making strategic decisions about what to build based on security risk and engineering velocity</li> <li>Drive least-privilege enforcement across public workloads, employees, SaaS applications, and internal tools, systematically identifying and eliminating over-provisioned access</li> <li>Evolve the RBAC model, automated provisioning, and the access-request platform end-to-end — request workflows, approval chains, HRIS sync, two-party controls, and integrations with downstream systems&nbsp;</li> <li>Contribute to the company's emerging agent access model — defining how AI agents are granted permissions and how those permissions are reviewed, so agents operate within the same least-privilege framework as human engineers</li> <li>Ensure access events are well-structured and queryable — building the data foundation that supports audit, access reviews, compliance reporting, and incident response</li> <li>Ensure the systems you build satisfy audit and regulatory requirements (SOC 2, ISO 27001, ISO 42001, HIPAA), partnering with GRC so compliance is a byproduct of good engineering rather than a separate workstream</li> <li>Partner across the organization with IT, GRC, People Operations, Security Engineering, Detection and Response, Research and Engineering teams to ensure access management serves the entire company while maintaining security foundations</li> </ul> <h2><strong>Who You Are:</strong></h2> <ul> <li>4+ years managing security, identity, or infrastructure engineering teams with a proven track record of high impact</li> <li>Experience building or operating enterprise access management systems — identity providers, access request workflows, automated provisioning, or directory services</li> <li>Understanding of IAM concepts: RBAC, ABAC, least privilege, separation of duties, access certification, and privileged access management</li> <li>Ability to evaluate security tradeoffs and make risk-based decisions across complex cloud environments</li> <li>Strong cross-functional collaboration skills, balancing security requirements with developer experience and velocity</li> <li>Clear and persuasive communicator in both writing and verbal settings</li> <li>Passionate about building diverse, high-performing teams and growing engineers in a fast-paced environment</li> <li>Low ego and high empathy</li> </ul> <h2><strong>Strong candidates may also have:</strong></h2> <ul> <li>Experience delivering compliance-driven engineering projects (SOC 2, ISO 27001, ISO 42001, HIPAA) at a company undergoing rapid growth or regulatory maturation</li> <li>Familiarity with HRIS integrations for automated identity lifecycle management</li> <li>Experience implementing two-party control (dual approval) patterns for sensitive access</li>