You will plan and execute red team operations, penetration tests, and attack simulations across our cloud infrastructure, web and mobile applications, AI/ML pipeline, and corporate environment,finding real vulnerabilities before adversaries do and working directly with engineering teams to drive remediation.

Responsibilities:

• Plan and execute red team and purple team engagements simulating advanced threat actors across cloud infrastructure (AWS, Kubernetes), endpoints, and application surfaces
• Conduct continuous penetration testing of web applications, APIs, mobile clients, browser extensions, cloud infrastructure, and internal services
• Assess AI/ML-specific attack surfaces including prompt injection, model exfiltration, agent abuse, tool-use exploitation, and MCP security boundaries
• Develop and maintain custom offensive tooling, exploits, and automation to improve the efficiency and coverage of security testing
• Perform open-scope adversary simulations that test detection and response capabilities end to end, collaborating closely with the defensive security team
• Drive threat modeling sessions with engineering teams to identify and prioritize attack vectors in new features and architectures
• Deliver clear, actionable findings to both technical and executive audiences; partner with engineering to validate remediations
• Contribute to the security of CI/CD pipelines, supply chain integrity, and secrets management through offensive assessment
• Stay current on emerging attack techniques, vulnerability research, and adversary tradecraft; bring external perspective into Perplexity's security strategy

Qualifications:

• 5+ years of hands-on experience in offensive security, red teaming, or penetration testing
• Deep technical expertise in at least two of: cloud security (AWS/GCP/Azure), web/API application security, Kubernetes and container security, macOS/Linux endpoint security, network penetration testing, or CI/CD pipeline security
• Track record of discovering impactful vulnerabilities or developing novel attack techniques in production environments
• Strong programming and scripting skills in Python, Go, or similar languages; comfortable writing custom tooling and exploits
• Experience with industry-standard offensive tools (Burp Suite, Cobalt Strike / Sliver / Mythic, Metasploit, BloodHound, nuclei, etc.) and ability to operate beyond them
• Excellent written and verbal communication; able to translate complex technical findings into clear risk narratives
• Experience assessing AI/ML systems, LLM applications, or agentic workflows for security vulnerabilities
• Bonus: Published security research, conference talks (DEF CON, Black Hat, BSides), CVE credits, or meaningful bug bounty contributions

XML job scraping automation by YubHub