Application Security Engineer

About the Role

The Application Security Team is responsible for enabling developers to produce secure software while maintaining agility and productivity. Given the mission-critical nature of Palantir's work, investments in application security have never been more crucial. As an Application Security Engineer, you will have a wide-ranging impact on the company's security posture and will be empowered to drive significant security improvements across the organization.

Palantir's products support some of the most important and impactful work in the world, including defense, intelligence, and commercial applications. The company's platforms empower partners to develop lifesaving drugs, forecast supply chain disruptions, and locate missing children, among other critical tasks. As an Application Security Engineer, you will be part of a team that is dedicated to protecting the sensitive information of these partners and ensuring the security of Palantir's products.

What You Will Do

• Perform full-scope security reviews of Palantir's current and future product portfolio, including whitebox, greybox, and blackbox assessments
• Work with offensive security teams, engineering teams, and other members of the InfoSec organization to harden Palantir's products against dedicated adversaries
• Threat model, assess risks, and implement security controls and mitigations to address identified issues
• Collaborate with product architects and engineers to ensure secure-by-default design principles are incorporated into product development
• Identify new and novel ways to detect and resolve security vulnerabilities in Palantir's products
• Develop and implement automation to eliminate entire classes of weaknesses across the organization
• Lead engineering teams in feature design, threat modeling, and security-critical code and architecture
• Drive decision-making by determining the tradeoffs between security and product design
• Implement strategic security initiatives that improve security across Palantir

What We Are Looking For

• Development or software engineering experience with a deep passion for information security
• Experience with a modern high-level programming language (e.g., Java, Golang, Javascript, Python)
• Demonstrated experience evaluating code for vulnerabilities and weaknesses
• Familiarity with complex architectures and codebases (e.g., SOA or micro-services)
• Strong communication and collaboration skills, with the ability to work closely with engineering teams
• Self-motivation and experience in solving complex problems
• Ability to learn and apply new technologies quickly in complex deployments
• Experience with security scanning, static and dynamic code analysis, and security automation
• Knowledge of security frameworks and compliance standards (e.g., OWASP, NIST)

Nice to Have

• Experience with cloud-based security solutions and infrastructure (e.g., AWS, Azure, GCP)
• Familiarity with containerization and orchestration technologies (e.g., Docker, Kubernetes)
• Knowledge of security testing frameworks and tools (e.g., Burp Suite, ZAP)
• Experience with agile development methodologies and version control systems (e.g., Git)
• Certification in information security or a related field (e.g., CISSP, CEH)

Benefits and Perks

• Competitive compensation package
• Opportunities for professional growth and development in a rapidly expanding company
• Collaborative and dynamic work environment with a team of experienced security professionals
• Access to cutting-edge security tools and technologies
• Flexible remote work arrangements with a stipend for home office setup
• Comprehensive health insurance and wellness programs
• Generous paid time off and holidays
• Retirement savings plan with company matching
• Annual budget for conferences, training, and certifications

• Tip: Develop a strong understanding of secure coding principles and common web application vulnerabilities to stand out in the application process.
• When applying, make sure your resume and cover letter highlight specific examples of security improvements you've made in previous roles.
• Practice whitebox, greybox, and blackbox testing to demonstrate your skills in security assessments.
• Be prepared to discuss your experience with security frameworks and compliance standards during the interview process.
• Consider building a personal project or contributing to open-source security projects to showcase your skills and passion for information security.
• Research Palantir's products and services to understand the company's security needs and be prepared to discuss how your skills align with those needs.