Cyber Security Engineer

Role Overview

We are looking for highly skilled Cybersecurity Experts to design and develop advanced evaluation tasks for frontier AI models. In this role, you will create realistic, adversarial security scenarios that test an AI models ability to understand code, detect vulnerabilities, and reason about complex software security problems.

This is not a traditional security role you will work at the intersection of offensive security, defensive engineering, and AI evaluation, building reproducible environments and deterministic benchmarks grounded in real-world vulnerability classes.

What does day-to-day look like

• Design and develop multi-vulnerability (multi-CWE) codebases across languages such as Go, Python, Node.js, or Rust
• Create multi-stage attack chains by combining multiple vulnerability classes into realistic exploit scenarios
• Build deterministic evaluation frameworks using containerized environments and automated verification systems
• Write security test cases and exploit checks to ensure vulnerabilities are properly detected and mitigated
• Analyze AI model outputs and reasoning traces to identify failure points in security understanding
• Craft adversarial scenarios including misleading documentation, obfuscated code, and edge-case logic
• Balance between real-world CVE-based scenarios and synthetic vulnerability classes to ensure robust evaluation
• Ensure evaluation tasks are reproducible, scalable, and resistant to data contamination

Requirements

• 4+ years of experience in cybersecurity, application security, or vulnerability research
• Hands-on experience with:Vulnerability discovery (CVE exposure, bug bounty, red teaming, or CTFs)
• Secure code review and production-grade patching
• Deep understanding of:Web security (authentication, sessions, OAuth, JWT vulnerabilities)
• SSRF, injection attacks (command, template, environment), and access control issues
• Cryptographic vulnerabilities (timing attacks, padding oracles, misuse patterns)
• Filesystem vulnerabilities (TOCTOU, symlink attacks, path traversal)
• Experience building or using security tools (SAST, fuzzing, IAST, etc.)
• Proficiency in at least two of the following languages: Go, Python, Node.js, Rust
• Familiarity with:Docker and containerized environments
• Linux internals and system-level behavior
• Writing automated tests (e.g., pytest or similar frameworks)
• Ability to read and analyze obfuscated or minified code
• Strong problem-solving and analytical skills, especially in attack chain reasoning

Evaluation Process

• Round 1: Technical Interview (60 mins)
• Round 2: Delivery interview (30-45 mins)