← Back to list
Job

Member of Technical Staff (Offensive Security Engineer)

Security Engineer • Remote • Full-time • 📍 San Francisco

Lead red team operations, penetration tests, and attack simulations across Perplexity's cloud infrastructure, applications, and AI systems to find real vulnerabilities before adversaries do.

Responsibilities

  • Plan and execute red team and purple team engagements simulating advanced threat actors across cloud infrastructure (AWS, Kubernetes), endpoints, and application surfaces
  • Conduct continuous penetration testing of web applications, APIs, mobile clients, browser extensions, cloud infrastructure, and internal services
  • Assess AI/ML-specific attack surfaces including prompt injection, model exfiltration, agent abuse, tool-use exploitation, and MCP security boundaries
  • Develop and maintain custom offensive tooling, exploits, and automation
  • Perform open-scope adversary simulations testing detection and response end to end, working closely with the defensive security team
  • Drive threat modeling sessions with engineering teams to prioritize attack vectors in new features and architectures
  • Deliver clear, actionable findings to technical and executive audiences, and validate remediations with engineering
  • Contribute to the security of CI/CD pipelines, supply chain integrity, and secrets management through offensive assessment

Requirements

  • 5+ years of hands-on experience in offensive security, red teaming, or penetration testing
  • Deep technical expertise in at least two of: cloud security (AWS/GCP/Azure), web/API application security, Kubernetes and container security, macOS/Linux endpoint security, network penetration testing, or CI/CD pipeline security
  • Track record of discovering impactful vulnerabilities or developing novel attack techniques in production environments
  • Strong programming and scripting skills in Python, Go, or similar languages, writing custom tooling and exploits
  • Experience with industry-standard offensive tools (Burp Suite, Cobalt Strike / Sliver / Mythic, Metasploit, BloodHound, nuclei, etc.) and the ability to go beyond them
  • Excellent written and verbal communication, translating complex findings into clear risk narratives
  • Experience assessing AI/ML systems, LLM applications, or agentic workflows for security vulnerabilities

Nice to have

  • Published security research, conference talks (DEF CON, Black Hat, BSides), CVE credits, or meaningful bug bounty contributions

Soft skills

Adversarial mindset applied to hardening the company's own systemsExcellent communication to both technical and executive audiencesClose collaboration with the defensive security and engineering teams

About the company

Perplexity's security team hardens its infrastructure, applications, and AI systems with an adversarial approach, finding real vulnerabilities before attackers do.

Similar jobs