Offensive Security Enginee
Are you an elite Offensive Security Engineer driven by the thrill of discovering and neutralizing threats before they impact real users? Perplexity is searching for a highly skilled, hands-on adversarial expert to join our dynamic security team. This isn't just about finding bugs; it's about systematically challenging our entire security posture—from cloud infrastructure to cutting-edge AI systems—and collaborating directly with engineering to build truly resilient solutions.
If you live to emulate advanced threat actors and relentlessly harden complex environments, then this role at Perplexity is for you. You'll plan and execute red team operations, penetration tests, and attack simulations across our cloud infrastructure, web and mobile applications, AI/ML pipeline, and corporate environment—finding real vulnerabilities before adversaries do and working directly with engineering teams to drive remediation.
What You'll Do: Lead sophisticated red and purple team operations, mimicking advanced threat actors across critical cloud infrastructure (AWS, Kubernetes), diverse endpoints, and expansive application surfaces. What You'll Bring: A minimum of 5 years of dedicated, hands-on experience in offensive security, red teaming, or penetration testing.
Continuously probe and penetrate our attack surface, including web applications, APIs, mobile clients, browser extensions, cloud environments, and internal services, ensuring no stone is left unturned.
Pioneer security assessments of our AI/ML-specific attack surfaces, tackling challenges like prompt injection, model exfiltration, agent abuse, tool-use exploitation, and novel MCP security boundaries.
Innovate by developing and maintaining bespoke offensive tooling, powerful exploits, and efficient automation to elevate our security testing capabilities and coverage.
Orchestrate comprehensive, open-scope adversary simulations, rigorously testing our detection and response capabilities end-to-end in close partnership with our defensive security team.
Proactively engage with engineering teams to lead threat modeling sessions, identifying and prioritizing potential attack vectors within new features and architectural designs.
Articulate complex technical findings into clear, actionable risk narratives for both technical peers and executive leadership, then partner with engineering to validate effective remediations.
Strengthen our foundational security by offensively assessing CI/CD pipelines, supply chain integrity, and secrets management processes.
Champion continuous learning: stay at the forefront of emerging attack techniques, vulnerability research, and adversary tradecraft, enriching Perplexity's security strategy with external insights.
Demonstrated deep technical mastery in at least two of the following critical domains: cloud security (AWS/GCP/Azure), web/API application security, Kubernetes and container security, macOS/Linux endpoint security, network penetration testing, or CI/CD pipeline security.
A proven track record of discovering impactful vulnerabilities and/or developing novel attack techniques within live production environments.
Exceptional programming and scripting prowess in languages such as Python, Go, or similar, with a strong ability to develop custom tooling and exploits from scratch.
Proficiency with industry-standard offensive security tools (e.g., Burp Suite, Cobalt Strike / Sliver / Mythic, Metasploit, BloodHound, nuclei), coupled with the creativity and skill to operate effectively beyond their limitations.
Outstanding written and verbal communication skills, with the ability to distill complex technical issues into compelling, clear risk narratives for diverse audiences.
Direct experience assessing the unique security challenges of AI/ML systems, Large Language Model (LLM) applications, or agentic workflows.
Bonus Points: Publicly published security research, presentations at leading conferences (DEF CON, Black Hat, BSides), CVE credits, or significant contributions to bug bounty programs.