A World-Changing Company
At Palantir, we develop the world's leading products for data analysis and we deploy them against problems that truly matter—uncovering human trafficking rings, containing the spread of infectious diseases, combating fraud, stopping cyber attacks, protecting privacy and civil liberties, prosecuting complex financial crimes, providing relief to victims of natural disasters, and more.
Our Information Security (Infosec) Team is responsible for the security of Palantir’s people, infrastructure, and customer deployments around the globe. Infosec Engineers are highly motivated team players with a dedication to security and technology. They thrive on solving problems and tackling new challenges.
As an Application Security Engineer, you will act as both a builder, creating tools to help our engineers write more secure code, and a breaker, performing penetration tests of internally developed applications.
- Consult with internal teams to assist in design, threat modeling, and reviewing security-critical code
- Conduct periodic penetration tests of internal applications with up to several million lines of code
- Plan, build, and deploy infrastructure to help our engineers detect and remediate vulnerabilities automatically
- Work with external vendors to support 3rd party security reviews
- Expert-level knowledge in Python, Java, or Ruby
- Strong familiarity with OWASP top 10 web vulnerabilities and the ability to explain them
- Expert with ZAP, Burp, or another intercepting proxy
- Knowledge of the role of static and dynamic analysis in a robust security testing suite
- Experience in evaluating the choice and implementation of cryptography
- Experience evaluating the security of mobile applications on iOS and Android
- Experience evaluating the security of applications written in Node.js or Go
- Experience integrating WAFs as part of a defensible application stack
- Experience with fuzzing
- Experience with threat modeling, especially STRIDE