As a specialist in digital networking, you will be responsible for conducting vulnerability tests, supporting penetration tests, and participating in vulnerability management. You will also be involved in adapting and maintaining security guidelines and supporting operational technology security.

We offer a dynamic and innovative work environment, opportunities for professional growth, and a competitive salary.

Key responsibilities:

• Conducting vulnerability tests and penetration tests
• Participating in vulnerability management
• Adapting and maintaining security guidelines
• Supporting operational technology security

Requirements:

• Good academic record
• Proficiency in German language (written and spoken)
• High learning ability and interest in cybersecurity
• Good English language skills
• Team and communication skills
• Sensitive and structured working style
• Strong sense of responsibility

Benefits:

• Competitive salary
• Opportunities for professional growth
• Dynamic and innovative work environment

If you are interested in this opportunity, please submit your application with your resume and cover letter.

Note: This position is also suitable for individuals with disabilities.

XML job scraping automation by YubHub

This is a unique opportunity to shape how frontier AI models handle dual-use cybersecurity knowledge,balancing the tremendous potential of AI to advance legitimate security research and defensive capabilities while preventing misuse by malicious actors.

In this role, you will lead and grow a team of technical specialists focused on cyber threat modeling and evaluation frameworks. You will serve as the primary domain expert on cyber harms, advising cross-functional teams on threat landscapes and mitigation strategies.

You will collaborate closely with internal and external threat modeling experts to develop training data for safety systems, and with ML engineers to train these systems, optimizing for both robustness against adversarial attacks and low false-positive rates for legitimate security researchers.

You will also analyze safety system performance in traffic, identifying gaps and proposing improvements. You will conduct regular reviews of existing policies and enforcement systems to identify and address gaps and ambiguities related to cybersecurity risks.

You will develop rigorous stress-testing of safeguards against evolving cyber threats and product surfaces. You will partner with Research, Product, Policy, Security Team, and Frontier Red Team to ensure cybersecurity safety is embedded throughout the model development lifecycle.

You will translate cybersecurity domain knowledge into actionable safety requirements and clearly articulated policies. You will contribute to external communications, including model cards, blog posts, and policy documents related to cybersecurity safety.

You will monitor emerging technologies and threat landscapes for their potential to contribute to new risks and mitigation strategies, and strategically address these.

You will mentor and develop team members, fostering a culture of technical excellence and responsible AI development.

To be successful in this role, you will need to have:

• An M.S. or PhD in Computer Science, Cybersecurity, or a related technical field, OR equivalent professional experience in offensive or defensive cybersecurity
• 5+ years of hands-on experience in cybersecurity, with deep expertise in areas such as vulnerability research, exploit development, network security, malware analysis, or penetration testing
• 2+ years of experience managing technical teams or leading complex technical projects with multiple stakeholders
• Experience in scientific computing and data analysis, with proficiency in programming (Python preferred)
• Deep expertise in modern cybersecurity, including both offensive techniques (vulnerability research, exploit development, penetration testing, malware analysis) and defensive measures (detection, monitoring, incident response)
• Demonstrated ability to create threat models and translate technical cyber risks into policy frameworks
• Familiarity with responsible disclosure practices, vulnerability coordination, and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, CWE/CVE systems)
• Strong analytical and writing skills, with the ability to navigate ambiguity and explain complex technical concepts to non-technical stakeholders
• Experience developing policies or guidelines at scale, balancing safety concerns with enabling legitimate use cases
• A passion for learning new skills and an ability to rapidly adapt to changing techniques and technologies
• Comfort working in a fast-paced environment where priorities may shift as AI capabilities evolve
• Track record of translating specialized technical knowledge into actionable safety policies or enforcement guidelines

Preferred qualifications include:

• Background in AI/ML systems, particularly experience with large language models
• Experience developing ML-based security systems or adversarial ML research
• Experience working with defense, intelligence, or security organizations (e.g., NSA, CISA, national labs, security contractors)
• Published security research, disclosed vulnerabilities, or participated in bug bounty programs
• Understanding of Trust & Safety operations and content moderation at scale
• Certifications such as OSCP, OSCE, GXPN, or equivalent demonstrating technical depth
• Understanding of dual-use security research concerns and ethical considerations in AI safety

The annual compensation range for this role is $320,000-$405,000 USD.

XML job scraping automation by YubHub

You'll perform penetration testing, conduct threat modeling, and provide guidance to engineering teams on secure design and best practices. This role also involves developing security tooling, researching emerging threats, and contributing to the continuous improvement of CoreWeave's overall security posture.

Some of what you'll work on:

• Perform penetration testing as well as purple and red team exercises.
• Conduct threat modeling, code reviews, and design reviews for development teams.
• Research new attack techniques and develop strategies to counter them.
• Develop and enforce security best practices and standards, maintaining internal compliance.
• Provide solutions to complex security issues, manage multiple tasks, and prioritize effectively in a fast-paced environment.
• Present technical security information to both technical and non-technical audiences.
• Maintain technical documentation, reports, and security tooling with attention to detail.
• Participate in other security-related initiatives as assigned.

Who You Are:

• 5+ years of experience in offensive information security roles.
• Proficiency in at least one programming or scripting language (e.g., Go, Python, C/C++) for automation, code reviews, and tooling.
• Hands-on penetration testing experience and familiarity with offensive security tools.
• Strong technical knowledge of Linux operating systems and containerized environments.
• Experience securing Kubernetes and understanding related security practices.
• Able to navigate ambiguity, identify root causes, and solve complex security problems.
• Excellent written and verbal communication skills with strong technical documentation abilities.
• Capable of working independently while managing multiple priorities in a fast-paced environment.
• Strong desire to continuously learn and adopt new technologies and security techniques.

Preferred:

• Experience with firmware reverse engineering, analyzing binaries, bootloaders, and embedded systems for vulnerabilities.
• Relevant certifications such as Sec+, Net+, OSCP, or equivalent.
• Experience with EDR tuning, detections-as-code, or threat hunting as part of a Blue Team.
• Deep understanding of business-wide security best practices and implementation strategies.

Wondering if you're a good fit?

We believe in investing in our people, and value candidates who can bring their own diversified experiences to our teams – even if you aren't a 100% skill or experience match.

Here are a few qualities we've found compatible with our team.

If some of this describes you, we'd love to talk.

• You love hunting vulnerabilities and proactively improving security.
• You're curious about evolving attack vectors and defense strategies.
• You're an expert in offensive security techniques and tooling, with a passion for safeguarding systems.

Why CoreWeave?

At CoreWeave, we work hard, have fun, and move fast!

We're in an exciting stage of hyper-growth that you will not want to miss out on.

We're not afraid of a little chaos, and we're constantly learning.

Our team cares deeply about how we build our product and how we work together, which is represented through our core values:

• Be Curious at Your Core
• Act Like an Owner
• Empower Employees
• Deliver Best-in-Class Client Experiences
• Achieve More Together

We support and encourage an entrepreneurial outlook and independent thinking.

We foster an environment that encourages collaboration and enables the development of innovative solutions to complex problems.

As we get set for takeoff, the organization's growth opportunities are constantly expanding.

You will be surrounded by some of the best talent in the industry, who will want to learn from you, too.

Come join us!

The base salary range for this role is $165,000 to $242,000.

The starting salary will be determined based on job-related knowledge, skills, experience, and market location.

We strive for both market alignment and internal equity when determining compensation.

In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).

What We Offer

The range we've posted represents the typical compensation range for this role.

To determine actual compensation, we review the market rate for each candidate which can include a variety of factors.

These include qualifications, experience, interview performance, and location.

In addition to a competitive salary, we offer a variety of benefits to support your needs, including:

• Medical, dental, and vision insurance
• 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Ability to Participate in Employee Stock Purchase Program (ESPP)
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption

Our Workplace

While we prioritize a hybrid work environment, remote work may be considered for candidates located more than 30 miles from an office, based on role requirements for specialized skill sets.

New hires will be invited to attend onboarding at one of our hubs within their first month.

Teams also gather quarterly to support collaboration.

California Consumer Privacy Act - California applicants only

CoreWeave is an equal opportunity employer, committed to fostering an inclusive and supportive workplace.

All qualified applicants and candidates will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.

As part of this commitment and consistent with the Americans with Disabilities Act (ADA), CoreWeave will ensure that qualified applicants and candidates with disabilities are provided reasonable accommodations for the hiring process, unless such accommodation would cause an undue hardship.

If reasonable accommodation is needed, please contact: careers@coreweave.com.

Export Control Compliance

This position requires access to export controlled information.

To conform to U.S. Government export regulations applicable to that information, applicant must either be (A) a U.S. person, defined as a (i) U.S. citizen or national, (ii) U.S. lawful permanent resident (green card holder), (iii) refugee under 8 U.S.C. § 1157, or (iv) asylee under 8 U.S.C. § 1158, (B) eligible to access the information under an appropriate export license, or (C) otherwise exempt from the regulations.

Applicant must also comply with all applicable laws and regulations related to the handling and transfer of export-controlled information.

By applying for this position, applicant acknowledges that they have read, understand, and will comply with these requirements.

Failure to comply with these requirements may result in termination of employment, revocation of any security clearances, or other disciplinary action.

Applicant must also agree to undergo a background investigation and obtain any necessary security clearances prior to commencing employment.

Please note that this position is subject to U.S. Government export regulations and may require applicant to sign a non-disclosure agreement (NDA) prior to commencing employment.

Applicant must also agree to comply with all applicable laws and regulations related to the handling and transfer of export-controlled information.

By applying for this position, applicant acknowledges that they have read, understand, and will comply with these requirements.

Failure to comply with these requirements may result in termination of employment, revocation of any security clearances, or other disciplinary action.

Applicant must also agree to undergo a background investigation and obtain any necessary security clearances prior to commencing employment.

Please note that this position is subject to U.S. Government export regulations and may require applicant to sign a non-disclosure agreement (NDA) prior to commencing employment.

XML job scraping automation by YubHub

Responsibilities:

• Certifications like CISA, CRISC, CGEIT, Security+, CASP+, or similar are preferred.
• Drive continual improvement in processes, procedures, and automations to improve the quality and effectiveness of the team.
• Participate in a 24/7 on-call rotation performing security incident response.
• Commandeering security incidents and updating stakeholders.
• Identify and develop new detection use cases and optimize existing detections.
• Collaborate on technical directions and solutions with other teams.
• Research and analyze patterns in security events across X's global infrastructure.
• Identify, design, and lead threat hunting missions to quantify and reduce threats.
• Manage and support the log collection, security scanning, intrusion detection, and other security-related systems.
• Design and assist in the development of automation to reduce false positives and handle events automatically.
• Analyze the security posture of systems via testing and vulnerability impact analysis.

Basic Qualifications:

• 2+ years of relevant information security experience.
• Self-starter, can receive a task and execute with minimal supervision.
• Strong Python scripting skills for implementing security automation.
• Knowledge of networking and macOS, Windows, or Linux operating systems.
• Knowledge of cloud security fundamentals and practices (vendor agnostic).
• Experience managing and/or deploying security technology.
• Experience with building queries and dashboards for security monitoring.
• Knowledge of current threats and techniques and a desire to research and learn more.
• Experience with malware analysis, forensics, or penetration testing.
• Problem-solving skills or experience with troubleshooting.

ITAR Requirements:

To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.

Preferred Skills and Experience:

• Elastic / OpenSearch or similar platforms.
• Open Source security automation tooling.

Compensation and Benefits:

$180,000 - $440,000 USD. Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

XML job scraping automation by YubHub

This role sits at the intersection of research, product, and go-to-market. You'll work closely with research teams to develop new model capabilities for security applications, prototype and iterate quickly to validate ideas, and engage directly with customers and partners to inform what we build.

Responsibilities:

• Prototype and build new AI-powered products for cybersecurity
• Iterate quickly based on customer feedback and what you learn
• Collaborate with research teams to identify and develop new model capabilities for security applications
• Engage directly with customers and partners to understand workflows and inform product direction

You may be a good fit if you:

• Have 7+ years of experience as a software engineer
• Experience developing cybersecurity products
• Enjoy fast iteration and are energized by prototyping new ideas
• Have strong product instincts and enjoy defining what to build, not just how to build it
• Are comfortable working closely with research and go-to-market teams
• Have strong communication skills and can work effectively across functions

Strong candidates may also have:

• Experience in incident response, reverse engineering, network analysis, penetration testing, or similar fields
• Experience working with AI/ML models and building products on top of them
• Experience building agentic applications

The annual compensation range for this role is $320,000-$405,000 USD.

XML job scraping automation by YubHub

In this role, you will:

Perform manual and automated testing of web applications, APIs, and mobile apps (iOS/Android). Conduct network and cloud level assessments with various tooling. Triage and validate reports from automated scanners or bug bounty hunters to eliminate false positives and escalate true positives. Perform initial prompt injection and jailbreak tests on AI prototypes, services, and applications using established checklists (OWASP Top 10 for LLMs). Draft high-quality reports that detail the "path to compromise" with clear, reproducible steps for developers. Manage and update the team's testing infrastructure (e.g., Burp Suite, and basic C2 listeners). Provide direct technical guidance to engineering teams on how to patch vulnerabilities like XSS, SQLi, and IDOR. Design and lead multi-week Red Team operations that mimic specific threat actors (APTs) to test the SIRT detection capabilities. Build custom payloads, droppers, and obfuscated scripts to bypass EDR/AV and maintain stealth. Build automated testing frameworks for AI systems (e.g., using PyRIT, Promptfoo, or Garak) to test for models related to sensitive data leakage. Execute sophisticated attacks against AWS/Azure/K8s, focusing on IAM misconfigurations and container escapes. Collaborate with SIRT and Detection Engineering to tune SIEM alerts based on the techniques used during an engagement. Oversee the organization's bug bounty program, identifying trends in submissions to suggest broad architectural security changes.

Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply.

XML job scraping automation by YubHub

Application Security is part of our wider Financial Scale organization, which means you will work closely with Security Operations, GRC, Product Security, Front End Platform, IT Infrastructure teams.

We’re looking for individuals with a strong background and interest in penetration testing. You should have a demonstrated ability to find vulnerabilities in complex systems and craft exploits to demonstrate business impact.

This role is highly cross-functional and collaborative, you will have the opportunity to work with every engineering team across Brex.

Building a world-class financial service requires world-class security. Brex is pioneering the next wave of AI-driven financial services for dynamic, high-impact companies like Coinbase, Robinhood, and Anthropic. We're at the early stages of integrating AI across our product suite, this role will have the opportunity to influence and secure the future of AI Security at Brex.

You'll be at the forefront of securing our novel AI implementations, identifying attack vectors in agentic-powered features, and partnering with product and engineering teams to build AI capabilities that our customers can trust with their critical financial operations.

Responsibilities: Identifying vulnerabilities, demonstrating business impact, and articulating the risk of specific vulnerabilities to drive prioritization efforts Perform penetration testing and design reviews, looking for vulnerabilities and insecure designs, work with engineering and product to design secure product features Maintain and build internal tools to automate security efforts, perform SAST and DAST testing of the Brex platform, and support secure development practices Build and contribute to a culture of collaborative security excellence through technical leadership, learning sessions, and mentorship within the team and wider organization

Requirements: 5+ years work experience in an Application Security or related role Ability to find vulnerabilities in complex systems, demonstrating business impact through custom attack chains Experience with a wide range of secure development activities including, threat modeling, developer education, and incident response Knowledge of Python, scripting languages, and AI/agentic workflows to automate tasks, build tools and improve productivity Collaborative mindset paired with strong written and verbal communication skills

Bonus points: Proficiency with Kotlin, gRPC, GraphQL, Kubernetes Previous experience as a software engineer Consultancy experience performing web application security reviews Experience with securing distributed systems in AWS and cloud environments Experience with pentesting and securing agentic features and systems Contributions to the wider technical community, open source, public research, mentorship, community organizing, blogging, CVEs, presentations, etc

Compensation: The expected salary range for this role is $192,000 - $240,000. However, the starting base pay will depend on a number of factors including the candidate’s location, skills, experience, market demands, and internal pay parity. Depending on the position offered, equity and other forms of compensation may be provided as part of a total compensation package.

XML job scraping automation by YubHub

Key responsibilities include:

• Defining and executing the strategy for secure frameworks, primitives, and tooling used across Databricks
• Partnering closely with engineering and product leaders across the company to ensure security/compliance by design in all new initiatives
• Driving adoption of security best practices across the organization by building easy-to-use, scalable frameworks and services
• Providing technical oversight for secure system design and guiding efforts to reduce technical debt in core security components
• Representing Databricks and our security practices internally to senior leadership and externally to the industry

Requirements include:

• Strong track record building and managing high-performing teams of engineers, with experience growing organizations through multiple phases of scale
• Deep understanding of the relevant domains and infrastructure
• Demonstrated success driving cross-functional initiatives that require influencing without direct authority
• Ability to provide technical direction at the architecture level while fostering pragmatic, high-quality execution
• Strong communication and leadership skills, with the ability to evangelize security and inspire teams and stakeholders

Preferred qualifications include a BS, MS, or PhD in Computer Science or a related technical field.

XML job scraping automation by YubHub

You will work closely with engineering, product, and operations teams to embed security best practices from design through to deployment.

Key responsibilities include:

Supporting the execution of a comprehensive product security strategy that aligns with the company's goals and risk appetite. Working hands-on across code, infrastructure, and CI/CD to create agents, services, and pipelines that detect, prevent, and remediate risks leveraging AI where it adds value. Designing, building, and operating security automation for the SDLC (code scanning, dependency risk management, secrets detection, policy-as-code) integrated into CI/CD. Performing manual design and implementation reviews of Greenlight products and services from a security perspective. Establishing and enforcing secure development standards (i.e., API security, security patterns, IaC, etc.) and best practices across the organization. Serving as a subject matter expert on the practical security of our AI and LLM ecosystem. Leading threat modeling exercises for novel AI systems applying advanced security and privacy best practices. Leveraging automations and tools to continuously test, fuzz, and validate products and platform components for security issues. Performing penetration testing and retesting to validate fixes. Responsible for triaging findings from security researchers and leading incident response for PSIRT. On-call support for incident response and leading product-related security events and vulnerabilities. Fostering a culture of security awareness and ownership across the Engineering and Product organizations. Staying current with the latest security threats, vulnerabilities, and industry best practices to continuously evolve our security controls and processes.

XML job scraping automation by YubHub

Your day-to-day will involve leading security architecture/design review and threat modeling sessions with product and engineering teams, translating threats into actionable, risk-rated engineering remediations prioritized by severity, conducting hands-on penetration testing and security assessments across our full product stack, and driving PSIRT operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers, and on-call incidents.

You will also shape the posture of our AI-assisted development environment, defining and enforcing enterprise policies for Claude and Cursor, and partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers, and collaborating with the AI team on securing ML pipelines.

As a champion of security culture, you will run developer training on secure coding with AI assistants, evangelize security by design for products, and ensure every engineer understands that product security is an enabler and not a gate.

You will bring 10+ years of product security experience spanning application security, cloud security, and secure SDLC, expert-level threat modeling using STRIDE, PASTA, or equivalent across web, mobile, cloud, embedded, and AI systems, hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware, and deep hands-down AI security expertise and expert-level understanding of OWASP Top 10 for LLM, API, Web, Mobile, and practical experience with MITRE.

You will have strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor, and understand MCP security risks and know how to architect enterprise guardrails that enable safe AI-assisted development.

You will also have strong programming ability and capability to review code, build security tools, automate workflows, and be credible with the engineering teams you partner with.

Preferred experience includes hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience, and experience in the Financial industry, knowledge of PCI DSS, COPPA, or demonstrated ability to learn regulated domains quickly.

Work perks at Greenlight include medical, dental, vision, and HSA match, paid life insurance, AD&D, and disability benefits, traditional 401k with company match, unlimited PTO, paid company holidays and pop-up bonus holidays, professional development stipends, mental health resources, 1:1 financial planners, fertility healthcare, 100% paid parental and caregiving leave, plus cleaning service and meals during your leave, flexible WFH, both remote and in-office opportunities, fully stocked kitchen, catered lunches, and occasional in-office happy hours, and employee resource groups.

XML job scraping automation by YubHub

Responsibilities: Scoping and performing mobile, web application, cloud, and infrastructure penetration tests. Collaborating with engineering teams to facilitate secure development, including reviewing and analysing proposed technical solutions to identify appropriate security controls, conducting code reviews of features and critical security components, and performing in-depth practical security testing. Advising on the remediation of security issues and identifying solutions to address root causes. Automating security testing and developing internal tooling to achieve continuous assurance. Identifying and implementing improvements to the team's internal processes and procedures. Mentoring less-experienced team members, leading by example in technical assessments, and promoting a collaborative approach to security across Starling.

Requirements: 5+ years technical information security experience. Experience in mobile, web application, cloud, and infrastructure penetration testing. Technical knowledge in mobile security (iOS and Android), web application security, networking and associated protocols, cloud security (AWS and GCP), containers and Kubernetes. Penetration testing qualifications (e.g. CREST Certified Tester, OSCP) or equivalent industry experience. Excellent verbal and written communication skills.

XML job scraping automation by YubHub

Key responsibilities include:

• Conducting end-to-end assessments of our core banking platform
• Performing code reviews to identify logic flaws and security anti-patterns
• Participating in threat modelling sessions with different teams
• Contextualising technical vulnerabilities into 'Real-World Risk' scenarios
• Collaborating with Infrastructure teams to audit and secure cloud configurations
• Acting as an independent operator within the team, managing your own testing scope and timelines across different business domains
• Providing clear, actionable remediation advice that balances security requirements with engineering velocity

Requirements include:

• 5+ years experience in penetration testing with a focus on cloud native infrastructure, web applications, APIs
• Expert-level proficiency with industry-standard tools and the ability to 'go manual' when scanners fail
• Experience with Cloud Security, specifically AWS/EKS
• Ability to conduct code reviews in multiple languages, primarily Java and Go
• Proven experience in threat modelling
• SDLC knowledge
• Scripting skills

Soft skills include:

• Exceptional written and spoken communication skills
• Self-starting nature
• Ability to work independently while remaining a collaborative partner to the wider engineering team
• Adaptability

Benefits include:

• 25 days holiday (plus take your public holiday allowance whenever works best for you)
• An extra day's holiday for your birthday
• Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off
• 16 hours paid volunteering time a year
• Salary sacrifice, company enhanced pension scheme
• Life insurance at 4x your salary & group income protection
• Private Medical Insurance with VitalityHealth including mental health support and cancer care

About Us

You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion.

XML job scraping automation by YubHub

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About the Role

We're looking for engineers to join a new effort building AI-powered products and capabilities for cybersecurity. You'll work across the stack to prototype new ideas and build from the ground up.

This role sits at the intersection of research, product, and go-to-market. You'll work closely with research teams to develop new model capabilities for security applications, prototype and iterate quickly to validate ideas, and engage directly with customers and partners to inform what we build. The right candidate has the technical depth to engage with research, the product instincts to know what's worth building, and the drive to move fast.

Responsibilities

• Prototype and build new AI-powered products for cybersecurity

• Iterate quickly based on customer feedback and what you learn

• Collaborate with research teams to identify and develop new model capabilities for security applications

• Engage directly with customers and partners to understand workflows and inform product direction

You may be a good fit if you:

• Have 7+ years of experience as a software engineer

• Experience developing cybersecurity products

• Enjoy fast iteration and are energized by prototyping new ideas

• Have strong product instincts and enjoy defining what to build, not just how to build it

• Are comfortable working closely with research and go-to-market teams

• Have strong communication skills and can work effectively across functions

Strong candidates may also have:

• Experience in incident response, reverse engineering, network analysis, penetration testing, or similar fields

• Experience working with AI/ML models and building products on top of them

• Experience building agentic applications

Deadline to apply:

None. Applications will be reviewed on a rolling basis.

Logistics

Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience. Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.

Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.

How we're different

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills.

The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences.

Come work with us!

Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional equity donation matching, generous vacation and parental leave, flexible working hours, and a lovely office space in which to collaborate with colleagues. Guidance on Candidates' AI Usage: Learn about our policy for using AI in our application process

Interested in building your career at Anthropic? Get future opportunities by following us on LinkedIn and Twitter.

XML job scraping automation by YubHub

We are looking for a cybersecurity expert to lead our efforts to prevent AI misuse in the cyber domain. As a Cyber Harms Technical Policy Manager, you will lead a team applying deep technical expertise to inform the design of safety systems that detect harmful cyber behaviours and prevent misuse by sophisticated threat actors.

In this role, you will:

• Lead and grow a team of technical specialists focused on cyber threat modelling and evaluation frameworks
• Design and oversee execution of capability evaluations ('evals') to assess the cyber-relevant capabilities of new models
• Create comprehensive cyber threat models, including attack vectors, exploit chains, precursor identification, and weaponization techniques
• Develop and iterate on usage policies that govern responsible use of our models for emerging capabilities and use cases related to cyber harms
• Serve as the primary domain expert on cyber harms, advising cross-functional teams on threat landscapes and mitigation strategies
• Collaborate closely with internal and external threat modelling experts to develop training data for safety systems, and with ML engineers to train these systems, optimising for both robustness against adversarial attacks and low false-positive rates for legitimate security researchers
• Analyse safety system performance in traffic, identifying gaps and proposing improvements
• Conduct regular reviews of existing policies and enforcement systems to identify and address gaps and ambiguities related to cybersecurity risks
• Develop rigorous stress-testing of safeguards against evolving cyber threats and product surfaces
• Partner with Research, Product, Policy, Security Team, and Frontier Red Team to ensure cybersecurity safety is embedded throughout the model development lifecycle
• Translate cybersecurity domain knowledge into actionable safety requirements and clearly articulated policies
• Contribute to external communications, including model cards, blog posts, and policy documents related to cybersecurity safety
• Monitor emerging technologies and threat landscapes for their potential to contribute to new risks and mitigation strategies, and strategically address these
• Mentor and develop team members, fostering a culture of technical excellence and responsible AI development

You may be a good fit if you have:

• An M.S. or PhD in Computer Science, Cybersecurity, or a related technical field, OR equivalent professional experience in offensive or defensive cybersecurity
• 5+ years of hands-on experience in cybersecurity, with deep expertise in areas such as vulnerability research, exploit development, network security, malware analysis, or penetration testing
• 2+ years of experience managing technical teams or leading complex technical projects with multiple stakeholders
• Experience in scientific computing and data analysis, with proficiency in programming (Python preferred)
• Deep expertise in modern cybersecurity, including both offensive techniques (vulnerability research, exploit development, penetration testing, malware analysis) and defensive measures (detection, monitoring, incident response)
• Demonstrated ability to create threat models and translate technical cyber risks into policy frameworks
• Familiarity with responsible disclosure practices, vulnerability coordination, and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, CWE/CVE systems)
• Strong analytical and writing skills, with the ability to navigate ambiguity and explain complex technical concepts to non-technical stakeholders
• Experience developing policies or guidelines at scale, balancing safety concerns with enabling legitimate use cases
• A passion for learning new skills and an ability to rapidly adapt to changing techniques and technologies
• Comfort working in a fast-paced environment where priorities may shift as AI capabilities evolve
• Track record of translating specialised technical knowledge into actionable safety policies or enforcement guidelines

Preferred Qualifications:

• Background in AI/ML systems, particularly experience with large language models
• Experience developing ML-based security systems or adversarial ML research
• Experience working with defence, intelligence, or security organisations (e.g., NSA, CISA, national labs, security contractors)
• Published security research, disclosed vulnerabilities, or participated in bug bounty programs
• Understanding of Trust & Safety operations and content moderation at scale
• Certifications such as OSCP, OSCE, GXPN, or equivalent demonstrating technical depth
• Understanding of dual-use security research concerns and ethical considerations in AI safety

XML job scraping automation by YubHub

Product & Solutions Lead, Safety and Security

Location

San Francisco

Employment Type

Full time

Department

Intelligence & Investigations

Compensation

• $288K – $425K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.

About the Team

The Intelligence & Investigations (I2) team detects and disrupts abuse and strategic risks so people can use AI safely. We translate real-world signals, investigations, and external threat intelligence into practical mitigations, operating guidance, and partner-ready support that improves safety outcomes across the AI ecosystem.

About the Role

As a Product & Solutions Lead focused on safety and security, you will build and operate 0–1 products, services, and technical solution packages that help developers and public institutions move from experimentation to durable, trusted outcomes—while maintaining public safety, transparency, and respect for privacy and rights.

This role balances two modes of delivery:

1. Bespoke products and technical solutions for strategic internal and external partners, and

1. Scalable product and solution packages that can be reused broadly across partners and deployments.

Training is a component of scale, but not the center of gravity. You will also ship reference implementations, playbooks, evaluation kits, and repeatable operating models that partners can adopt and operate.

You will work directly with engineers and a multidisciplinary group of safety and geopolitical analysts, and data and quantitative scientists to convert complex, evolving challenges into solutions that teams can adopt in high-stakes environments.

This role is based in San Francisco, CA (hybrid, 3 days/week). Relocation support is available.

In this role, you will:

• Own the 0–1 roadmap for safety and security solution offerings: define the target users, problem statements, tools, operating models, success metrics, and the set of reusable deliverables we ship.

• Design and ship bespoke technical solutions for priority partners (internal and external), then abstract what works into reusable patterns and toolkits.

• Build partner-ready technical artifacts: solution blueprints, reference architectures, evaluation and monitoring guidance, incident/response playbooks, and deployment checklists.

• Package open-source and proprietary capabilities into adoption-ready solutions (e.g., reference implementations, configuration patterns, validated workflows).

• Maintain a consistent delivery model across engagements: intake, scoping, governance alignment, execution cadence, and retrospectives that improve the offering over time.

• Translate evolving threats into actionable guidance and updates for solution packages (e.g., scams/fraud patterns, cyber-enabled threats, ecosystem abuse trends).

• Develop lightweight enablement components as needed: targeted technical modules, hands-on labs, and readiness assessments that accelerate adoption of the solutions.

• Define and instrument impact measurement: adoption milestones, readiness indicators, reliability and safety posture improvements, and partner satisfaction with outputs.

• Partner closely across engineering, safety, geopolitical analysis, and quantitative teams to ensure solutions are technically credible, threat-informed, and measurable.

• Communicate crisply and decision-readily to internal and external stakeholders: progress, trade-offs, risks, and recommendations.

You might thrive in this role if you:

• Have 6+ years in product, technical program leadership, solutions, or platform operations, especially in safety, security, risk, integrity, or enterprise/public-sector contexts.

• Have built 0–1 solution offerings (product plus services or productized services): taking ambiguous needs, shipping something concrete, then scaling it into a repeatable model.

• Have a builder’s mindset: comfortable incubating early-stage ideas, testing them with partners, and evolving them into durable, repeatable safety and security solutions.

• Can go deep with engineers and still produce partner-ready artifacts that are clear

XML job scraping automation by YubHub

Vendor Security Program Manager

Location

San Francisco; New York City; Seattle; Washington, DC

Employment Type

Full time

Location Type

Hybrid

Department

Security

Compensation

• SF, Seattle and NYC: $207K – $335K • Offers Equity
• Zone A: $186K – $301.5K • Offers Equity
• Zone B: $165.6K – $268K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.

About the Team

The Vendor Security team sits at the core of our mission to ensure our technology benefits humanity safely and securely. We provide security assurances and robust compliance frameworks for our technology, people, and products. Our mission is to build trust with the world in our products and company. Our work is technical yet highly operational, strategically aligning with security and engineering teams to navigate and mitigate risks proactively. We prioritize impact, enable innovation, and foster a culture of continuous compliance and security awareness.

About the Role

As a Program Manager within the Vendor Security team, you will play a crucial role in protecting our organisation against external risks posed by suppliers, vendors, partners, and hardware manufacturers. Your responsibilities will include conducting comprehensive security assessments, building a program to manage global supply chain and vendor risks, and driving security initiatives across all of our third-party relationships. You will be analytical, detail-oriented, and proactive, capable of translating complex security evaluations into clear, actionable strategies.

The role is expected to operate with a strong point of view on risk. You will be responsible not only for identifying and documenting vendor and supply-chain risk, but for helping the company make informed trade-offs between speed, scale, and security. This role requires exceptional organisational skills, the ability to effectively communicate across different business functions, and a strong commitment to operational excellence in a dynamic environment.

This role may be based out of one of our US offices (San Francisco, Seattle, NYC or DC.) We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will:

• Be the interface for Security to the rest of the organisation for vendors.

• Own vendor security risk decisions and escalation paths, including clearly documenting risk acceptance, mitigation plans, and executive-level trade-offs when security requirements cannot be fully met.

• Conduct deep, evidence-based security assessments of third parties, including review of architectures, configurations, controls, logs, and operational practices - moving beyond questionnaires and attestations to validate real-world security posture of vendors.

• Assess and manage security risk across a diverse vendor landscape, including SaaS providers, cloud and infrastructure partners, hardware manufacturers, chip suppliers, and other strategic or high-impact suppliers.

• Develop, build, and continuously improve the vendor security program and security supply chain risk management function at OpenAI.

• Develop, propose, and implement effective controls to mitigate identified vendor risks.

• Build and maintain collaborative partnerships with key internal stakeholders including Infrastructure Security, Product, Engineering, Legal, Procurement, and Threat Intelligence to ensure comprehensive security coverage of the vendor and third-party supply chain.

• Streamline and automate vendor and supply chain security processes to increase efficiency and reduce manual overhead.

You might thrive in this role if you have:

• Proven experience conducting third-party or supply chain security assessments, including building and scaling a vendor management security program.

• An in-depth understanding of information security principles and controls, including data protection, access management, proactive and reactive security measures, and application security.

• Comfort operating in ambiguity, with the ability to form defensible security opinions even when information is incomplete or uncertain.

• Strong analytical and problem-solving skills, with the ability to identify and mitigate complex security risks.

• Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and stakeholders.

• Strong organisational and project management skills, with the ability to prioritise tasks and manage multiple projects simultaneously.

• A strong commitment to operational excellence and continuous improvement, with a focus on delivering high-quality results in a dynamic environment.

• A passion for security and a desire to make a meaningful impact in the field.

XML job scraping automation by YubHub

Offensive Security Engineer, Hardware

Location

San Francisco

Employment Type

Full time

Department

Security

Compensation

• San Francisco$293K – $490K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.

About the Team

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture.

About the Role

We're seeking an exceptional Principal-level Offensive Security Engineer to challenge and strengthen OpenAI's security posture. This role isn't your typical red team job - it's an opportunity to engage broadly and deeply, craft innovative attack simulations, collaborate closely with defensive teams, and influence strategic security improvements across the organization.

You'll have the chance to not only find vulnerabilities but actively drive their resolution, automate offensive techniques with cutting-edge technologies, and use your unique attacker perspective to shape our security strategy. This role will be primarily focused on continuously testing our hardware products and related services.

In this role you will:

• Collaborate proactively with engineering teams to enhance security and mitigate risks in hardware, firmware, and software.

• Perform comprehensive penetration testing on our diverse suite of products.

• Leverage advanced automation and OpenAI technologies to optimize your offensive security work.

• Present insightful, actionable findings clearly and compellingly to inspire impactful change.

• Influence security strategy by providing attacker-driven insights into risk and threat modeling.

You might thrive in this role if you have:

• 7+ years of hands-on experience or exceptional accomplishments demonstrating equivalent expertise.

• Exceptional skill in code review, identifying novel and subtle vulnerabilities.

• Demonstrated mastery assessing complex technology stacks, including:

• Proven ability to reverse engineer bootrom images, firmware, or silicon-level components.

• Deep familiarity with low-level kernel operations, secure boot processes, and hardware-software interactions.

• Hands-on experience building and validating secure boot chains and threat models.

• Proficiency with hardware debugging tools (UART, JTAG, SWD, oscilloscopes, logic analyzers).

• Solid programming skills in C/C++, Python, or assembly for embedded systems.

• Industry experience securing consumer hardware (e.g., mobile devices, IoT, chipsets).

• Excellent written and verbal communication skills for technical and non-technical audiences.

• Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts.

• Excellent coding skills, capable of writing robust tools and automation for offensive operations.

• Ability to communicate complex technical concepts effectively through compelling storytelling.

• Proven track record of not just finding vulnerabilities but actively contributing to solutions in complex codebases.

Bonus points:

• Prior experience working in tech startups or fast-paced technology environments.

• Experience in related disciplines such as Software Engineering (SWE), Detection Engineering, Site Reliability Engineering (SRE), Security Engineering, or IT Infrastructure.

About OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass and value the many different perspectives and experiences of our team members.

XML job scraping automation by YubHub

Offensive Security Engineer, Agent Security

Location

San Francisco; New York City; Remote - US; Seattle; Washington, DC

Employment Type

Full time

Department

Security

Compensation

• San Francisco, Seattle, New York$347K – $490K • Offers Equity
• Zone A$312.3K – $490K • Offers Equity
• Zone B$277.6K – $490K • Offers Equity

The base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. If the role is non-exempt, overtime pay will be provided consistent with applicable laws. In addition to the salary range listed above, total compensation also includes generous equity, performance-related bonus(es) for eligible employees, and the following benefits.

• Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts

• Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)

• 401(k) retirement plan with employer match

• Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)

• Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees

• 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)

• Mental health and wellness support

• Employer-paid basic life and disability coverage

• Annual learning and development stipend to fuel your professional growth

• Daily meals in our offices, and meal delivery credits as eligible

• Relocation support for eligible employees

• Additional taxable fringe benefits, such as charitable donation matching and wellness stipends, may also be provided.

More details about our benefits are available to candidates during the hiring process.

This role is at-will and OpenAI reserves the right to modify base pay and other compensation components at any time based on individual performance, team or company results, or market conditions.

About the Team

Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI’s technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture.

About the Role

We're seeking an exceptional Principal-level Offensive Security Engineer to challenge and strengthen OpenAI's security posture. This role isn't your typical red team job - it's an opportunity to engage broadly and deeply, craft innovative attack simulations, collaborate closely with defensive teams, and influence strategic security improvements across the organization.

You'll have the chance to not only find vulnerabilities but actively drive their resolution, automate offensive techniques with cutting-edge technologies, and use your unique attacker perspective to shape our security strategy.

This role will be primarily focused on continuously testing our agent powered products like codex and operator. These systems are uniquely valuable targets because they’re rapidly evolving, have access to perform sensitive actions on behalf of users, and have large, diverse attack surfaces. You will play a crucial role in securing our agents by hunting for realistic vulnerabilities that emerge from the interactions between the applications, infrastructure, and models that power them.

In this role you will:

• Continuously hunt for vulnerabilities in the interactions between the applications, infrastructure, and models that power our agentic products.

• Conduct open-scope red and purple team operations, simulating realistic attack scenarios.

• Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities.

• Perform comprehensive penetration testing on our diverse suite of products.

• Leverage advanced automation and OpenAI technologies to optimize your offensive security work.

• Present insightful, actionable findings clearly and compellingly to inspire impactful change.

• Influence security strategy by providing attacker-driven insights into risk and threat modeling.

You might thrive in this role if you have:

• 7+ years of hands-on red team experience or exceptional accomplishments demonstrating equivalent expertise.

• Deep expertise conducting offensive security operations within modern technology companies.

• Experience designing, developing, or testing assessing the security of AI-powered systems.

• Experience working finding, exploiting and mitigating common vulnerabilities in AI systems like prompt injection, leaking sensitive data, confused deputies, and dynamically generated UI components.

• Exceptional skill in code review, identifying novel and subtle vulnerabilities.

• Proven experience performing offensive security assessments in at least one hyperscaler cloud environment (Azure preferred).

• Demonstrated mastery assessing complex technology stacks, including:

• Highly customized Kubernetes clusters

• Container environments

• CI/CD pipelines

• GitHub security

• macOS and Linux operating systems

• Data science tooling and environments

• Python-based web services

• React-based frontend applications
• Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts.

• Excellent coding skills, capable of writing robust tools and automation for offensive operations.

• Ability to communicate complex technical concepts to both technical and non-technical stakeholders.

Experience Level

Senior

Employment Type

Full-time

Workplace Type

Remote

Category

Engineering

Industry

Technology

Salary Range

$347K – $490K • Offers Equity

Required Skills

• Red team experience
• Offensive security operations
• AI-powered systems security
• Vulnerability assessment
• Penetration testing
• Automation
• Code review
• Cloud security
• Kubernetes
• Container security
• CI/CD pipelines
• GitHub security
• macOS and Linux operating systems
• Data science tooling and environments
• Python-based web services
• React-based frontend applications

Preferred Skills

• Azure cloud security
• Highly customized Kubernetes clusters
• Container environments
• CI/CD pipelines
• GitHub security
• macOS and Linux operating systems
• Data science tooling and environments
• Python-based web services
• React-based frontend applications

XML job scraping automation by YubHub

What you'll do

• Be part of the offense! Find and exploit security vulnerabilities for defensive purposes to help identify risks and lead mitigations
• Perform architecture and threat model reviews to identify security vulnerabilities with a focus on AI applications, agents, and infrastructure

What you need

• 4+ years' experience in penetration testing and/or red team operations

XML job scraping automation by YubHub