Application Security Engineer
Join Perplexity, a cutting-edge company revolutionizing search and AI interaction! As an Application Security Engineer, you'll be a key player in securing our innovative platform, protecting millions of users as we redefine how people access information. You'll build security into the core of our development process, making it seamless for our engineers to build secure and reliable products at scale.
Responsibilities
Architect and implement scalable, developer-centric security solutions that integrate directly into engineering workflows, empowering teams to build securely.
Lead threat modeling exercises, security design reviews, and in-depth code reviews for new features and major product releases.
Design, build, and evolve secure-by-default frameworks and libraries for critical security functions like authentication, authorization, input validation, and secrets management.
Develop and integrate automated security tooling into our CI/CD pipelines (e.g., SAST/DAST, dependency scanners, policy enforcement) to proactively identify and address vulnerabilities.
Collaborate closely with product and engineering teams to triage and remediate vulnerabilities, actively contributing to incident response and thorough postmortems.
Take ownership of our third-party penetration testing engagements and bug bounty program, working alongside talented external security researchers to identify and resolve complex vulnerabilities.
Stay at the forefront of emerging threats and attack techniques, continuously improving our application security posture and proactively mitigating potential risks.
Qualifications
8+ years of proven experience in Application Security, Product Security, or related roles.
Deep understanding of secure software development lifecycle (SSDLC) practices, threat modeling methodologies, and common web application vulnerabilities (e.g., OWASP Top 10).
Strong familiarity with modern authentication and authorization patterns including OAuth, OIDC, SSO, and Zero Trust architectures.
Demonstrable track record of building secure infrastructure, reusable libraries, and/or developer tooling to enhance security across an organization.
Proficiency in at least one major programming language such as Python, Go, JavaScript, or Java.
Bonus points for experience securing cloud infrastructure (AWS, GCP, Azure) or AI/ML systems.
The cash compensation range for this role is $250,000 - $350,000.
Final offer amounts are determined by multiple factors, including experience and expertise, and may vary from the amounts listed above.
Equity: In addition to the base salary, equity may be part of the total compensation package.
Benefits: Comprehensive health, dental, and vision insurance for you and your dependents, along with a 401(k) plan.