Our Product Security team works on secure-by-design and deep product partnership. We build strong relationships with other teams and help them build secure software. This includes reviewing early-stage designs, helping develop threat models.
A World-Changing Company
At Palantir, we’re passionate about building software that solves problems. We partner with the most important institutions in the world to transform how they use data and technology. Our software has been used to stop terrorist attacks, discover new medicines, gain an edge in global financial markets, and more. If these types of projects excite you, we'd love for you to join us.
The Role
Our products support some of the most important and impactful work in the world, including defense, intelligence, and commercial applications. We are trusted by our customers to protect their mission-critical information in the face of advanced persistent threats. The mission of the Application Security Team is to enable developers to be highly productive, agile, and produce the most secure software possible. Given the mission critical work that Palantir does, investments in application security have never been more important.
As an Application Security Engineer, you will be hands-on and have wide-ranging impact for the security of Palantir:
• Product security reviews . You will perform full-scope security reviews of our current and future product and service portfolio. This includes whitebox, greybox, and blackbox assessments. You will work with offensive security teams, engineering teams, and other members of the InfoSec organization to harden our products against our dedicated adversaries.
• Architecture and design . You will be the security subject matter expert for product architects and engineers. You will threat model, assess risks, and help implement security controls and mitigations to address identified issues. You will directly steer the design of our products to ensure we are secure-by-default.
• Strategic security initiatives . You will be empowered to own transformational security initiatives that impact the whole company. Members of the Application Security Team have implemented software supply chain security controls (e.g., in-toto), implemented hardware-backed GPG key signing for commits, developed new security services, implemented security automation, or worked on massive-scale security problems.
• Vulnerability identification and analysis. You will be responsible for finding new and novel ways to identify and resolve security vulnerabilities in our products. This includes static and dynamic code analysis, security scanning, investigation of security reports from InfoSec, our bug bounty program, or other trusted partners, and direct work with our incident response team on product security issues and incidents.
This role has wide-reaching impact, strong autonomy, and the resources and empowerment to make significant security improvements across all Palantir. The skills and background of successful candidates may vary highly, but curiosity, tenacity, and a drive to be a world-class security engineer are the underpinnings of our team.
Our Ideal Candidate
- Self motivated, experience in solving complex problems.
- History and experience designing and shipping production-ready software.
- Strong communication and collaboration skills who feels comfortable working closely with engineering teams.
- Ability to learn and apply new technologies quickly and in complex deployments.
Core Responsibilities
- Perform deep architecture and security reviews on highly complex products to identify vulnerabilities.
- Lead engineering teams in feature design, threat modeling, and security-critical code and architecture.
- Develop and implement automation to eliminate entire classes of weaknesses across the organization.
- Drive decision-making by determining the tradeoffs between security and product design.
- Lead implementation of strategic security initiatives that improve security across Palantir.
What We Value
- Development or software engineering experience and a deep passion for information security.
- Experience with a modern high-level programming language (e.g. Java, Golang, Javascript, Python, etc.)
- Demonstrated experience evaluating code for vulnerabilities and weaknesses.
- Experience with complex architectures and codebases (e.g. SOA or micro-services).
- Experience utilizing/with CodeQL or other static code analysis platforms.
- Experience performing black-box testing of web applications.
Palantir is committed to promoting a culture of diversity, equity, and inclusion and is proud to be an Equal Employment Opportunity and Affirmative Action employer. We believe that all Palantirians share the responsibility of upholding our commitment to these values and encourage candidates from a wide range of backgrounds, perspectives, and lived experiences to join us in solving the world’s hardest problems. Palantir does not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. Palantir is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. Please see the United States Department of Labor’s EEO poster and EEO poster supplement for additional information.
Palantir is committed to making the job application process accessible to everyone. If you are living with a disability (visible or not visible) and need to request a reasonable accommodation for any part of the application or hiring process, please reach out and let us know how we can help.
