Security Engineer, Product Security

About the Role

As a founding member of our Product Security team, you will be responsible for maturing our product development workflows, hardening our service and application architectures, and implementing your vision for a secure software development lifecycle. Our user-facing web applications and services are a primary point of interest for threat actors - you will be in the vanguard, responsible for protecting our cutting-edge large language models, user data, and reputation by denying attackers any foothold in our environment. 

What you’ll do

• Envisioning and implementing ways to holistically harden our product, including iOS and Android mobile applications, web applications, and the web services that support it all

• Implementing framework-level mitigations for recurrent application vulnerabilities

• Articulating and advocating for a comprehensive secure software development lifecycle

• Integrating tooling into CI/CD pipelines to automate the secure development lifecycle

• Hooking into product design processes to ensure new features are designed with security in mind from the start

• Coordinating security assessments of product features, including regular penetration tests and managing our bug bounty program
  

Who you are

Competitive candidates will have:

• At least 5 years of experience in application or product security

• Familiarity with common web application and web service attack vectors and their mitigations

• Ability to understand and contribute code to complex codebases

• Experience articulating and implementing a secure software development lifecycle in a fast-growing and agile startup 

• Familiarity with cloud environments such as GCP or AWS

• Experience with common web application frameworks and system design patterns

• Understanding of common CI/CD-based workflows

• Proficiency in Linux-based server environments with a high degree of comfort on the Linux CLI

• Experience architecting secure system designs to meet product requirements at scale

• Familiarity with Kubernetes concepts

• A demonstrated ability to work autonomously to identify and resolve problems independently
  

Outstanding candidates will have one or more of the following:

• Experience with bug bounty program management

• Familiarity with common mobile application vulnerabilities

• First-hand experience with product feature development

• Familiarity with React and/or React Native, TypeScript/JavaScript, NextJS, Node.js, Python, Django, Flask, TypeScript, or Golang

• Our interview process does not require knowledge of any one specific technology or language - these are just some of the key technologies used at Character.ai

• Previous experience in a technology startup

• You will be a good fit if you are proactive and have a “get things done” mindset. Given our current pace of growth and load on our systems, most people have had a significant impact during their first week at the company.

About Character.AI

Founded in 2021, Character is a leading AI company offering personalized experiences through customizable AI 'Characters.' As one of the most widely used AI platforms worldwide, Character enables users to interact with AI tailored to their unique needs and preferences.

In just two years, we achieved unicorn status and were named Google Play's AI App of the Year – a testament to our groundbreaking technology and vision.

Ready to shape the future of Consumer AI? 🚀

At Character, we value diversity and welcome applicants from all backgrounds. As an equal opportunity employer, we firmly uphold a non-discrimination policy based on race, religion, national origin, gender, sexual orientation, age, veteran status, or disability. Your unique perspectives are vital to our success.

Compensation Range: $150K - $300K