Offensive Security Engineer

Requirements

• 5+ years of experience performing offensive security testing on web applications, cloud environments, and highly scaled architectures (e.g. SOA or micro-services)
• Experience testing and exploiting a variety of services and bug types including authentication and authorization, multi-tenancy, and cloud environment misconfigurations
• Ability to write code to automate aspects of offensive testing, familiarity with Python, Java, Go are preferred
• Ability to evaluate code for vulnerabilities and weaknesses
• Strong communication and collaboration skills, comfortableness working closely with engineering and defensive security teams

Nice to Haves

• Self-motivated, experience in solving complex problems
• Experience performing offensive security testing on software supply chains including CI/CD systems, source control, and dependency based attack vectors
• Participation in bug bounties, CTFs, vulnerability research, open source tool development, and security presentations
• Ability to learn and apply new technologies quickly and in complex deployments
• Experience testing AI-related vulnerabilities and architectures.
• Willingness or eligibility to obtain a UK security clearance

What You'll Be Doing

• Perform offensive security assessments on highly complex products to identify vulnerabilities
• Perform offensive security assessments within our software supply chain
• Collaborate with engineering teams on security controls, threat modeling, and security-critical code and architecture
• Develop and implement offensive tooling and automation to scale your capabilities and knowledge
• Operate as an offensive security expert for our products to inform risk assessments during product design
• Enable other security teams to focus on defending and improving critical areas of our product

Perks and Benefits

• Contribute to impactful and important work in defence, intelligence, and commercial applications
• Hands-on role in understanding micro-service architecture, multi-tenancy vulnerabilities, cloud security, and web application security
• Opportunity to work with cutting-edge technology, software, and AI to defend against advanced persistent threats
• Collaborate with other Palantir security teams and contribute to improving detection and response capabilities
• Think like an attacker and provide innovative solutions to protect against threats