About the Role
As a founding member of our security team, you will lead broad-scope initiatives to protect some of the most valuable intellectual property in the world—including our large language models, user data, and reputation. You will be responsible for both hardening our core infrastructure (Kubernetes, cloud compute, and LLM pipelines) and maturing our product development workflows and application architectures. You will ensure our systems and user-facing applications remain secure against sophisticated adversaries in a fast-paced environment.
What You’ll Do
Infrastructure Hardening: Envision, design, and implement hardened infrastructure, ensuring Kubernetes clusters and cloud compute environments (GCP/AWS) are configured to prevent unauthorized access.
Application & Product Security: Holistically harden web and mobile applications (iOS/Android) and the web services that support them.
Secure Development Lifecycle: Articulate and advocate for a comprehensive secure software development lifecycle (SDLC) and integrate security tooling into CI/CD pipelines to automate secure deployments.
Architectural Design: Hook into product design processes to ensure new features and systems are designed with security and zero-trust concepts in mind from the start.
Vulnerability Mitigation: Implement framework-level mitigations for recurrent application vulnerabilities and coordinate security assessments, including penetration tests and bug bounty programs.
Developer Enablement: Design workflows and develop tooling that enables developers to securely utilize infrastructure and build artifacts while maintaining high velocity.
Who You Are
Competitive candidates will have:
Experience: 3–5+ years of experience in infrastructure, application, or product security.
Cloud & Orchestration: Hands-on experience with Kubernetes, Docker, and cloud environments such as GCP or AWS.
Technical Proficiency: Proficiency in Linux-based server environments and a high degree of comfort with the Linux CLI.
Security Domain Knowledge: A deep understanding of web application attack vectors, secure system design at scale, and various SSH key management approaches.
Engineering Skills: The ability to understand and contribute code to complex codebases and familiarity with common CI/CD-based workflows.
Mindset: A demonstrated ability to work autonomously to identify and resolve problems independently with a proactive "get things done" mindset.
Outstanding candidates will have:
Specialized Knowledge: Familiarity with service mesh technologies (Istio, Linkerd), Helm for Kubernetes management, or mobile application vulnerabilities.
Program Management: Experience managing bug bounty programs or first-hand experience with product feature development.
Language Familiarity: Experience with React, TypeScript, Python, Go, or other key technologies in our stack.
Startup Background: Previous experience in a fast-growing technology startup.
About Character.AI
Character.AI empowers people to connect, learn and tell stories through interactive entertainment. Over 20 million people visit Character.AI every month, using our technology to supercharge their creativity and imagination. Our platform lets users engage with tens of millions of characters, enjoy unlimited conversations, and embark on infinite adventures.
In just two years, we achieved unicorn status and were honored as Google Play's AI App of the Year—a testament to our innovative technology and visionary approach.
Join us and be a part of establishing this new entertainment paradigm while shaping the future of Consumer AI!
At Character, we value diversity and welcome applicants from all backgrounds. As an equal opportunity employer, we firmly uphold a non-discrimination policy based on race, religion, national origin, gender, sexual orientation, age, veteran status, or disability. Your unique perspectives are vital to our success.
