About the Role

As a founding member of our Product Security team, you will be responsible for maturing our product development workflows, hardening our service and application architectures, and implementing your vision for a secure software development lifecycle. Our user-facing web applications and services are a primary point of interest for threat actors - you will be in the vanguard, responsible for protecting our cutting-edge large language models, user data, and reputation by denying attackers any foothold in our environment.

Responsibilities:

• Envisioning and implementing ways to holistically harden our product, including iOS and Android mobile applications, web applications, and the web services that support it all
• Implementing framework-level mitigations for recurrent application vulnerabilities
• Articulating and advocating for a comprehensive secure software development lifecycle
• Integrating tooling into CI/CD pipelines to automate the secure development lifecycle
• Hooking into product design processes to ensure new features are designed with security in mind from the start
• Coordinating security assessments of product features, including regular penetration tests and managing our bug bounty program

Requirements:

• At least 5 years of experience in application or product security
• Familiarity with common web application and web service attack vectors and their mitigations
• Ability to understand and contribute code to complex codebases
• Experience articulating and implementing a secure software development lifecycle in a fast-growing and agile startup
• Familiarity with cloud environments such as GCP or AWS
• Experience with common web application frameworks and system design patterns
• Understanding of common CI/CD-based workflows
• Proficiency in Linux-based server environments with a high degree of comfort on the Linux CLI
• Experience architecting secure system designs to meet product requirements at scale
• Familiarity with Kubernetes concepts
• A demonstrated ability to work autonomously to identify and resolve problems independently

Preferred Qualifications:

• Experience with bug bounty program management
• Familiarity with common mobile application vulnerabilities
• First-hand experience with product feature development
• Familiarity with React and/or React Native, TypeScript/JavaScript, NextJS, Node.js, Python, Django, Flask, TypeScript, or Golang
• Previous experience in a technology startup

About Character.AI

Founded in 2021, Character is a leading AI company offering personalized experiences through customizable AI 'Characters.' As one of the most widely used AI platforms worldwide, Character enables users to interact with AI tailored to their unique needs and preferences. In just two years, we achieved unicorn status and were named Google Play's AI App of the Year – a testament to our groundbreaking technology and vision.

We value diversity and welcome applicants from all backgrounds. As an equal opportunity employer, we firmly uphold a non-discrimination policy based on race, religion, national origin, gender, sexual orientation, age, veteran status, or disability. Your unique perspectives are vital to our success.