Skip to content
PerplexityPerplexitySan Francisco, CA

Offensive Security Engineer

Offensive Security Engineer conducts red team operations, penetration testing, and AI/ML attack simulations on cloud infrastructure, applications, and pipelines. Requires 5+ years experience in offensive security, expertise in cloud/web/K8s security, and custom tooling in Python/Go.

250k – 350k
Hybrid5+ YOESecurity Engineering

About the role

Responsibilities

  • Plan and execute red team and purple team engagements simulating advanced threat actors across cloud infrastructure (AWS, Kubernetes), endpoints, and application surfaces
  • Conduct continuous penetration testing of web applications, APIs, mobile clients, browser extensions, cloud infrastructure, and internal services
  • Assess AI/ML-specific attack surfaces including prompt injection, model exfiltration, agent abuse, tool-use exploitation, and MCP security boundaries
  • Develop and maintain custom offensive tooling, exploits, and automation to improve the efficiency and coverage of security testing
  • Perform open-scope adversary simulations that test detection and response capabilities end to end, collaborating closely with the defensive security team
  • Drive threat modeling sessions with engineering teams to identify and prioritize attack vectors in new features and architectures
  • Deliver clear, actionable findings to both technical and executive audiences; partner with engineering to validate remediations
  • Contribute to the security of CI/CD pipelines, supply chain integrity, and secrets management through offensive assessment
  • Stay current on emerging attack techniques, vulnerability research, and adversary tradecraft; bring external perspective into Perplexity's security strategy

Qualifications

  • 5+ years of hands-on experience in offensive security, red teaming, or penetration testing
  • Deep technical expertise in at least two of: cloud security (AWS/GCP/Azure), web/API application security, Kubernetes and container security, macOS/Linux endpoint security, network penetration testing, or CI/CD pipeline security
  • Track record of discovering impactful vulnerabilities or developing novel attack techniques in production environments
  • Strong programming and scripting skills in Python, Go, or similar languages; comfortable writing custom tooling and exploits
  • Experience with industry-standard offensive tools (Burp Suite, Cobalt Strike / Sliver / Mythic, Metasploit, BloodHound, nuclei, etc.) and ability to operate beyond them
  • Excellent written and verbal communication; able to translate complex technical findings into clear risk narratives
  • Experience assessing AI/ML systems, LLM applications, or agentic workflows for security vulnerabilities

Bonus

  • Published security research, conference talks (DEF CON, Black Hat, BSides), CVE credits, or meaningful bug bounty contributions

Skills

AWSKubernetesPythonGoBurp SuiteCobalt StrikeMetasploitBloodhoundNucleiAi/Ml SecurityPrompt Injection
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k
HybridSecurity Engineering
Semgrep

Security Research Manager, Coverage Team

SemgrepSan Francisco, CA +4

Leads a team of security researchers to develop high-quality detection rules for secrets, code, and supply chain vulnerabilities. Drives roadmap, automation with AI, and improves coverage accuracy; requires 5+ years security tech lead experience and 2+ years people management.

255k – 319k
Hybrid5+ YOESecurity Engineering
Ramp

Security Engineer, Product

RampNew York, NY +1

Builds security primitives, platform mitigations, and leads vulnerability remediation for Ramp's financial platform. Partners with engineers for secure-by-design solutions. Requires 5+ years software experience, 2+ years in security/infrastructure.

258k – 355k
Hybrid5+ YOESecurity Engineering
OpenAI

Security Engineer, Application Security

OpenAISan Francisco, CA +2

Identifies and mitigates application security vulnerabilities through code reviews, penetration testing, and security assessments. Collaborates with development teams to integrate secure coding practices and provides guidance on threats and remediation.

260k – 385k
HybridSecurity Engineering
Scale AI

Security Engineer, Detection & Response

Scale AINew York, NY +3

Senior Security Engineer focused on building detection systems, incident response automation, and maturing telemetry pipelines across cloud environments. Requires 5+ years in detection engineering or security operations and production-grade coding skills.

238k – 297k
On-site5+ YOESecurity Engineering