Offensive Security Engineer

We're looking for an Offensive Security Engineer who can bridge the gap between manual penetration testing and our autonomous AI agents. You'll conduct hands-on security assessments across web applications, APIs, and cloud infrastructure while also working to improve the agents that scale that work. You'll review and validate agent findings, develop custom exploits and tooling, and contribute directly to the platform as an engineer.

What you'll do:

Execute penetration tests across web applications, APIs, and cloud environments. Review, validate, and enhance findings generated by our autonomous agents. Develop custom exploits, tools, and methodologies for complex vulnerabilities. Contribute production code to improve agent capabilities and coverage. Produce actionable security assessment reports with clear remediation guidance. Work with customer engineering teams to walk through findings and fixes.

What we're looking for:

3+ years of professional penetration testing or offensive security experience with a track record of identifying critical vulnerabilities. Strong software engineering skills in Python and/or TypeScript. Deep understanding of web application security, including injection flaws, broken access control, authentication bypasses, and SSRF. Experience with common offensive tooling (Burp Suite, Nuclei, custom scripts) and comfort building your own. Familiarity with cloud security across at least one major provider (AWS, GCP, Azure).

Nice to have:

Experience with AI/LLM security, including prompt injection and agent manipulation. Bug bounty track record or published CVEs. Familiarity with OAuth/OIDC and SCIM attack surfaces. Relevant certifications (OSCP, OSWE, OSEP), though we care more about what you can do.

Interview Process

Step 1: Intro call with a founder (30 minutes)

A quick conversation to get to know each other. We'll talk about your background, what you're looking for, and give you a better sense of what we're building and how you'd fit in.

Step 2: Technical challenge (1-2 hours, on your own time)

A practical security assessment. We want to see how you actually approach a target.

Step 3: Paid work trial (1 week)

You'll work alongside us on real tasks. This is the best way for both sides to figure out if it's a good fit.