Application Security Engineer

Perplexity AI, Inc.

Job Overview

Location

Remote

Job Type

Full-time

Full Job Description

📋 Description

• As an Application Security Engineer at Perplexity, you will be at the forefront of safeguarding our innovative search and internet interaction platform. This is a critical, hands-on role where you will architect, build, and deploy the essential systems, tools, and processes that embed security deeply into our development lifecycle. Your mission is to make security a seamless, integrated part of our developers' workflows, ensuring that our products are not only rapidly innovated but also inherently secure and robust, capable of protecting our growing user base at an immense scale.
• You will be instrumental in designing and implementing scalable, developer-friendly security solutions that integrate seamlessly into our existing engineering workflows. This involves understanding the needs of our development teams and providing them with the tools and guidance to build secure software from the ground up. Your work will directly impact the speed and confidence with which our engineers can ship new features and improvements.
• A core part of your responsibility will be to lead comprehensive threat modeling exercises for new features and major product launches. This proactive approach allows us to identify potential security risks early in the design phase, mitigating them before they can be exploited. You will also conduct thorough design and code reviews, ensuring that security best practices are adhered to throughout the development process.
• You will be tasked with building and evolving secure-by-default frameworks that form the bedrock of our application security. This includes establishing robust patterns for authentication and authorization, implementing effective input validation mechanisms to prevent injection attacks, and ensuring the secure management of sensitive information like API keys and credentials (secrets management).
• Developing and integrating automated security tooling into our Continuous Integration and Continuous Deployment (CI/CD) pipelines is a key objective. This includes implementing and managing tools such as static analysis security testing (SAST) linters, software composition analysis (SCA) for dependency scanning, and policy enforcement tools to ensure compliance with our security standards. The goal is to catch vulnerabilities automatically and early in the development cycle.
• You will foster a strong collaborative relationship with our product and engineering teams. This partnership is essential for effectively remediating identified vulnerabilities, contributing your expertise to incident response efforts, and conducting thorough postmortems to learn from security events and prevent recurrence.
• You will own, manage, and continuously improve our third-party penetration testing engagements. This involves selecting and managing external security vendors, analyzing their findings, and driving the remediation of discovered vulnerabilities. Furthermore, you will play a key role in managing and enhancing our bug bounty program, fostering positive relationships with external security researchers and ensuring timely and effective resolution of reported issues.
• A crucial aspect of this role is to stay ahead of the curve by continuously monitoring emerging threats, attack techniques, and evolving security landscapes. You will leverage this knowledge to drive the ongoing maturity and enhancement of our overall application security posture, ensuring Perplexity remains a leader in security and user trust.
• This role requires a deep understanding of secure software development lifecycles, common vulnerability patterns such as the OWASP Top 10, and modern security paradigms. You will be expected to apply this knowledge to practical, real-world scenarios within a fast-paced, innovative environment.
• You will contribute to building a security-first culture at Perplexity, empowering engineers with the knowledge and tools they need to be security champions within their own teams. Your expertise will be a guiding force in shaping the security architecture and practices of our platform.
• The opportunity to work with cutting-edge technology and influence the security direction of a rapidly growing company makes this a unique and exciting role for a seasoned Application Security Engineer.

🎯 Requirements

• Minimum of 8 years of progressive experience in Application Security, Product Security, or closely related fields.
• Deep, demonstrable understanding of secure software development practices, threat modeling methodologies, and common web application vulnerabilities (e.g., OWASP Top 10).
• Proven track record of designing, building, and implementing secure infrastructure, reusable security libraries, or developer-focused security tooling.
• Proficiency in at least one major programming language such as Python, Go, JavaScript, or Java, with the ability to write secure code and integrate security tools.
• Familiarity with modern authentication and authorization patterns including OAuth, OIDC, SSO, and Zero Trust architectures.
• Experience managing and improving third-party penetration testing programs and bug bounty initiatives.

🏖️ Benefits

• Competitive salary and equity package.
• Comprehensive health, dental, and vision insurance.
• Generous paid time off and holidays.
• Remote work flexibility.
• Opportunity to work on a cutting-edge product with a significant impact.
• Professional development and learning opportunities.

Skills & Technologies

Python

JavaScript

Java

OAuth

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Perplexity AI, Inc.

Visit Website

About Perplexity AI, Inc.

Perplexity AI operates an AI-powered conversational search engine that answers queries by synthesizing live web information. The platform combines large language models with real-time retrieval, citing sources for transparency. Founded in 2022, the San Francisco-based company offers free and subscription tiers, mobile apps, and browser extensions, targeting consumers and enterprises seeking accurate, verifiable answers instead of traditional link lists.

View Company Profile