Application Security Engineer

Application Security Engineers work with engineering teams across Palantir to establish and improve the security of Palantir’s entire suite of products at every step of the development lifecycle.

View Openings for this Role

A World-Changing Company

At Palantir, we develop the world's leading products for data analysis and we deploy them against problems that truly matter—uncovering human trafficking rings, containing the spread of infectious diseases, combating fraud, stopping cyber attacks, protecting privacy and civil liberties, prosecuting complex financial crimes, providing relief to victims of natural disasters, and more.

The role

Our Information Security (Infosec) Team is responsible for the security of Palantir’s people, infrastructure, and customer deployments around the globe. Infosec Engineers are highly motivated team players with a dedication to security and technology. They thrive on solving problems and tackling new challenges.

As an Application Security Engineer, you will act as both a builder, creating tools to help our engineers write more secure code, and a breaker, performing penetration tests of internally developed applications.


  • Consult with internal teams to assist in design, threat modeling, and reviewing security-critical code
  • Conduct periodic penetration tests of internal applications with up to several million lines of code
  • Plan, build, and deploy infrastructure to help our engineers detect and remediate vulnerabilities automatically
  • Work with external vendors to support 3rd party security reviews


  • Expert-level knowledge in Python, Java, or Ruby
  • Strong familiarity with OWASP top 10 web vulnerabilities and the ability to explain them
  • Expert with ZAP, Burp, or another intercepting proxy
  • Knowledge of the role of static and dynamic analysis in a robust security testing suite


  • Experience in evaluating the choice and implementation of cryptography
  • Experience evaluating the security of mobile applications on iOS and Android
  • Experience evaluating the security of applications written in Node.js or Go
  • Experience integrating WAFs as part of a defensible application stack
  • Experience with fuzzing
  • Experience with threat modeling, especially STRIDE



We are engineers, analysts, and operators who do just a little bit of everything. We hold the line that separates a safe, supportive environment from a dangerous, closed environment.

Engineering Culture

Engineers build things that solve problems, but at Palantir you don't have to be a computer scientist to be an engineer. You do have to speak up when things aren't right and build things that fix what's broken.

Life at Palantir

Perks, benefits, social activities, and learning opportunities: people are our most important asset, so we invest in our people every day.

Getting Hired

If you want to stare into the face of important problems and have the freedom to solve them, we want to work with you. We have some resources to help you navigate the hiring process.

Application Security Engineer Openings

No matter which office you are based at, you will be part of a group of people working together to build solutions to mission-critical problems and a company that values the very best ideas.