Our Product Security team works on secure-by-design & deep product partnership. We build strong relationships with other teams & help them build secure software. This includes reviewing early-stage designs, helping develop threat models.

At Palantir, we're passionate about building software that solves problems. We partner with the most important institutions in the world to transform how they use data & technology. Our software has been used to stop terrorist attacks, discover new medicines, gain an edge in global financial markets, & more. If these types of projects excite you, we'd love for you to join us.

Our products support some of the most important & impactful work in the world, including defense, intelligence, & commercial applications. We are trusted by our customers to protect their mission-critical information in the face of advanced persistent threats. The mission of the Application Security Team is to enable developers to be highly productive, agile, & produce the most secure software possible. Given the mission critical work that Palantir does, investments in application security have never been more important.

As an Application Security Engineer, you will be hands-on & have wide-ranging impact for the security of Palantir:

• Product security reviews. You will perform full-scope security reviews of our current & future product & service portfolio. This includes whitebox, greybox, & blackbox assessments. You will work with offensive security teams, engineering teams, & other members of the InfoSec organization to harden our products against our dedicated adversaries.

• Architecture & design. You will be the security subject matter expert for product architects & engineers. You will threat model, assess risks, & help implement security controls & mitigations to address identified issues. You will directly steer the design of our products to ensure we are secure-by-default.

• Strategic security initiatives. You will be empowered to own transformational security initiatives that impact the whole company. Members of the Application Security Team have implemented software supply chain security controls (e.g., in-toto), implemented hardware-backed GPG key signing for commits, developed new security services, implemented security automation, or worked on massive-scale security problems.

• Vulnerability identification & analysis. You will be responsible for finding new & novel ways to identify & resolve security vulnerabilities in our products. This includes static & dynamic code analysis, security scanning, investigation of security reports from InfoSec, our bug bounty program, or other trusted partners, & direct work with our incident response team on product security issues & incidents. 

This role has wide-reaching impact, strong autonomy, & the resources & empowerment to make significant security improvements across all Palantir. The skills & background of successful candidates may vary highly, but curiosity, tenacity, & a drive to be a world-class security engineer are the underpinnings of our team.