You will plan and execute red team operations, penetration tests, and attack simulations across our cloud infrastructure, web and mobile applications, AI/ML pipeline, and corporate environment,finding real vulnerabilities before adversaries do and working directly with engineering teams to drive remediation.

Responsibilities:

• Plan and execute red team and purple team engagements simulating advanced threat actors across cloud infrastructure (AWS, Kubernetes), endpoints, and application surfaces
• Conduct continuous penetration testing of web applications, APIs, mobile clients, browser extensions, cloud infrastructure, and internal services
• Assess AI/ML-specific attack surfaces including prompt injection, model exfiltration, agent abuse, tool-use exploitation, and MCP security boundaries
• Develop and maintain custom offensive tooling, exploits, and automation to improve the efficiency and coverage of security testing
• Perform open-scope adversary simulations that test detection and response capabilities end to end, collaborating closely with the defensive security team
• Drive threat modeling sessions with engineering teams to identify and prioritize attack vectors in new features and architectures
• Deliver clear, actionable findings to both technical and executive audiences; partner with engineering to validate remediations
• Contribute to the security of CI/CD pipelines, supply chain integrity, and secrets management through offensive assessment
• Stay current on emerging attack techniques, vulnerability research, and adversary tradecraft; bring external perspective into Perplexity's security strategy

Qualifications:

• 5+ years of hands-on experience in offensive security, red teaming, or penetration testing
• Deep technical expertise in at least two of: cloud security (AWS/GCP/Azure), web/API application security, Kubernetes and container security, macOS/Linux endpoint security, network penetration testing, or CI/CD pipeline security
• Track record of discovering impactful vulnerabilities or developing novel attack techniques in production environments
• Strong programming and scripting skills in Python, Go, or similar languages; comfortable writing custom tooling and exploits
• Experience with industry-standard offensive tools (Burp Suite, Cobalt Strike / Sliver / Mythic, Metasploit, BloodHound, nuclei, etc.) and ability to operate beyond them
• Excellent written and verbal communication; able to translate complex technical findings into clear risk narratives
• Experience assessing AI/ML systems, LLM applications, or agentic workflows for security vulnerabilities
• Bonus: Published security research, conference talks (DEF CON, Black Hat, BSides), CVE credits, or meaningful bug bounty contributions

XML job scraping automation by YubHub

In this role, you will design, implement, and maintain secure cloud infrastructure and ensure the integrity of our cloud-native applications.

Responsibilities:

• Design and implement secure cloud architectures across multiple cloud platforms (e.g., AWS, GCP, Azure)
• Develop and maintain Infrastructure as Code (IaC) templates with embedded security controls
• Conduct regular security assessments and audits of cloud infrastructure and services
• Implement and manage cloud security tools and services (e.g., CSPM, CWPP, CASB)
• Collaborate with development teams to ensure security best practices are integrated into CI/CD pipelines
• Monitor and respond to security events and incidents in cloud environments
• Develop and maintain cloud security policies, standards, and procedures
• Stay current with emerging cloud security threats and mitigation strategies

Basic Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, or a related field
• 3-5 years of experience in cloud security or related roles
• Strong understanding of cloud security principles, compliance frameworks, and best practices
• Proficiency in at least one cloud platform (AWS, GCP, or Azure) and associated security services
• Experience with Infrastructure as Code tools (e.g., Terraform, CloudFormation)
• Familiarity with containerization technologies and their security implications
• Knowledge of network security concepts and protocols
• Experience with scripting languages (e.g., Python, Bash) for automation and tool development

Preferred Skills and Experience:

• Relevant security certifications (e.g., CCSP, CSSK, AWS Security Specialty)
• Experience with multi-cloud environments and cloud-to-cloud security
• Knowledge of DevSecOps practices and tools
• Experience with Kubernetes and container security
• Experience in building custom cloud security tools or integrations
• Interest in leveraging AI for cloud security monitoring and automation
• Contributions to open-source cloud security projects
• Experience with securing AI/ML workloads in cloud environments

Compensation and Benefits:

$200,000 - $340,000 USD

Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

XML job scraping automation by YubHub