Senior Product Security Engineer - AI Startup

About us

Character’s mission is to empower everyone with AGI. Our vision is to enable people with our technology so that they can use Character.AI any moment of any day.

Achieving our mission will require solving ambitious technical challenges, including engineering, research, and design, and we are assembling a world-class team to do so. Our founding team includes AI pioneers from Google Brain and Meta Research whose research has led to major breakthroughs in natural language understanding and dialog applications such as Transformers and Google LaMDA.

Check out our beta to get a glimpse into the future.

About the Role

Responsibilities:

As a founding member of our Product Security team, you will be responsible for maturing our product development workflows, hardening our service and application architectures, and implementing your vision for a secure software development lifecycle. Our user-facing web applications and services are a primary point of interest for threat actors - you will be in the vanguard, responsible for protecting our cutting-edge large language models, user data, and reputation by denying attackers any foothold in our environment. 

Job responsibilities may include:

• Envisioning and implementing ways to holistically harden our product, including iOS and Android mobile applications, web applications, and the web services that support it all

• Implementing framework-level mitigations for recurrent application vulnerabilities

• Articulating and advocating for a comprehensive secure software development lifecycle

• Integrating tooling into CI/CD pipelines to automate the secure development lifecycle

• Hooking into product design processes to ensure new features are designed with security in mind from the start

• Coordinating security assessments of product features, including regular penetration tests and managing our bug bounty program

Requirements:

Competitive candidates will have:

• At least 5 years of experience in application or product security

• Familiarity with common web application and web service attack vectors and their mitigations

• Ability to understand and contribute code to complex codebases

• Experience articulating and implementing a secure software development lifecycle in a fast-growing and agile startup 

• Familiarity with cloud environments such as GCP or AWS

• Experience with common web application frameworks and system design patterns

• Understanding of common CI/CD-based workflows

• Proficiency in Linux-based server environments with a high degree of comfort on the Linux CLI

• Experience architecting secure system designs to meet product requirements at scale

• Familiarity with Kubernetes concepts

• A demonstrated ability to work autonomously to identify and resolve problems independently

Outstanding candidates will have one or more of the following:

• Experience with bug bounty program management

• Familiarity with common mobile application vulnerabilities

• First-hand experience with product feature development

• Familiarity with React and/or React Native, TypeScript/JavaScript, NextJS, Node.js, Python, Django, Flask, or Golang

  • Our interview process does not require knowledge of any one specific technology or language - these are just some of the key technologies used at Character.ai

• Previous experience in a technology startup

You will be a good fit if you are proactive and have a “get things done” mindset. Given our current pace of growth and load on our systems, most people have had a significant impact during their first week at the company.

Character is an equal opportunity employer and does not discriminate on the basis of race, religion, national origin, gender, sexual orientation, age, veteran status, disability or any other legally protected status. We value diversity and encourage applicants from a range of backgrounds to apply.