We provide the comfort of a safe workplace without sacrificing our culture.Diversity in talent keeps us running. Our team has engineers, analysts and people who do just a little bit of everything. The unifying philosophy:Safeguarding Palantir's future without impeding its present. When the job is done right, no one knows we did it at all.
Our Information Security (Infosec) Team is responsible for the security of Palantir's people, infrastructure, and customer deployments around the globe. Infosec Engineers are highly motivated team players with a dedication to security and technology. They thrive on solving problems and tackling new challenges.
As an Application Security Engineer, you'll work with engineering teams across Palantir to establish and improve the security of Palantir’s entire suite of products at every step of the development lifecycle. You will act as both a builder, creating tools to help our engineers write more secure code, and a breaker, performing penetration tests of internally developed applications.
Consult with internal teams to assist in design, threat modeling, and reviewing security-critical code
Conduct periodic penetration tests of internal applications with up to several million lines of code
Plan, build and deploy infrastructure to help our engineers detect and remediate vulnerabilities automatically
Work with external vendors to support 3rd party security reviews
Expert-level knowledge in Python, Java, or Ruby
Strong familiarity with OWASP top 10 web vulnerabilities and the ability to explain them
Expert with ZAP, Burp or another intercepting proxy
Knowledge of the role of static and dynamic analysis in a robust security testing suite
Experience in evaluating the choice and implementation of cryptography
Experience evaluating the security of mobile applications on iOS and Android
Experience evaluating the security of applications written in Node.js or Go
Experience integrating WAFs as part of a defensible application stack
Experience with fuzzing
Experience with threat modeling, especially STRIDE