About the role

The Endpoint team (Client Platform Engineering) treats Anthropic's device fleet as a distributed platform, not a collection of laptops. We run our own MDM as a production service and manage every piece of device configuration as code. Policies, configuration profiles, queries, remediation scripts, and software all ship through pull requests, CI, a staging environment, and a canary group before they reach the fleet. The fleet spans macOS, Windows, and a growing mobile footprint.

You'll own that platform end to end: the infrastructure underneath the MDM, the configuration on top of it, the patching and software pipelines that keep thousands of devices patched and secure, and the telemetry that tells us what is actually true on every device. You'll build zero touch provisioning that turns a sealed box into a productive machine on day one, manage rapid patching enforcement schedules while maintaining a good user experience, and build automation and Claude-driven workflows to eliminate operational toil. The role sits at the intersection of security and developer experience: working with Security teams on hardening, compliance controls, and detection and response, and with developer and infrastructure teams to make sure controls don't get in the way of getting work done. It also lays the groundwork for access decisions based on device trust.

If you think of "100% compliant" as a claim to audit rather than a fact to report, you'll fit right in. The team is deliberately lean and runs with high autonomy. You'll help define the endpoint roadmap, make architecture decisions, and own the platform every Anthropic employee's work runs on. Your work will directly shape how we scale to AI Safety Level 4 and beyond.
Responsibilities

• Own endpoint configuration as code: author, review, test, and progressively roll out MDM policies, configuration profiles, and remediation scripts across macOS, Windows, and mobile, with canary stages and rollback built in
• Operate the MDM platform itself as a production service, including infrastructure as code, observability, upgrades, and incident response
• Build patch management automation with rapid enforcement timelines while maintaining good user experience
• Design zero touch provisioning that turns a sealed box into a productive machine on day one
• Run software distribution for the fleet, including managed app distribution for mobile devices
• Turn fleet telemetry into policy, dashboards, and early drift warnings, and build automation with Claude that removes operational toil
• Partner with Corporate Security on endpoint hardening, binary authorization, and compliance controls
• Serve as the deep escalation tier for endpoint issues IT Operations can't resolve

You may be a good fit if you

• Have 8+ years building secure IT systems in complex environments, or for Staff level, have led projects spanning multiple teams that changed how an organization operates
• Have managed endpoint fleets of thousands of macOS and Windows devices through a modern MDM
• Treat endpoint configuration as code and have moved past clicking in consoles, whether through scripted deployments or full GitOps
• Go deep on one platform (macOS internals such as launchD, configuration profiles, TCC, and system extensions, or Windows internals such as CSPs, the registry, PowerShell, and BitLocker) and are genuinely hands on with the other
• Excel at solving ambiguous problems with multiple stakeholders
• Communicate technical concepts clearly to any audience
• View IT Engineering as requiring product engineering rigor
• Successfully deliver complex projects from conception to production
• Write clear documentation as a natural part of your workflow

Strong candidates may also

• Have operated an MDM or device management platform as a service, not only consumed one as SaaS
• Have worked with open source endpoint and device management tooling
• Have built automated, progressive rollout systems with promotion gated on telemetry
• Have experience running infrastructure as code in a public cloud
• Have managed a mixed fleet across macOS, Windows, and mobile, with real depth on at least one platform
• Bring proficiency in Swift or Go for building endpoint tools
• Have used LLMs to automate operational work, or are excited to make Claude a teammate

Technical Skills

• Python, shell scripting, and PowerShell
• macOS or Windows internals (depth on one, working knowledge of the other)
• Querying live device state at fleet scale
• Modern MDM platforms (Jamf, Intune, Workspace ONE, or equivalent)
• GitOps, CI/CD for configuration management, and infrastructure as code
• Public cloud fundamentals (containers, managed databases, CDN, monitoring)
• Device lifecycle automation (zero touch enrollment, patching, software distribution)
• Endpoint security fundamentals

Deadline to apply: None. Applications will be received on a rolling basis.

The annual compensation range for this role is listed below.

For sales roles, the range provided is the role's On Target Earnings ("OTE") range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role.

Annual Salary:

$325,000-$360,000 USD

Logistics

Minimum education: Bachelor's degree or an equivalent combination of education, training, and/or experience

Required field of study: A field relevant to the role as demonstrated through coursework, training, or professional experience

Minimum years of experience: Years of experience required will correlate with the internal job level requirements for the position

Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work. We think AI systems like the ones we're building have enormous social and ethical implications. We think this makes representation even more important, and we strive to include a range of diverse perspectives on our team.

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from [redacted].com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links-visit anthropic.com/careers directly for confirmed position openings.