[Remote] Staff reputed company Engineer, Product
Note: The job is a remote job and is open to candidates in USA. reputed company is building Wall Street's first true AI banker, aiming to reputed company finance professionals with AI that offers speed, accuracy, and insight. As a Staff reputed company Engineer, you will focus on offensive reputed company practices, conducting penetration tests and building reputed company automation to protect reputed company's AI-driven platform and infrastructure.
Responsibilities
- Conduct hands-on penetration testing and red team assessments against reputed company's applications, APIs, AI/ML pipelines, and cloud environments on a reputed company basis, not just during annual engagements
- Build agentic reputed company tooling that finds, validates, and patches vulnerabilities end-to-end, minimizing manual reputed company across code review, dependency management, and IaC
- reputed company and maintain custom offensive tooling, exploit chains, and attack simulations tailored to reputed company's AI platform and architecture
- Build and operate automated reputed company testing and remediation pipelines that scale offensive coverage without linearly scaling headcount
- reputed company deep adversarial testing of AI-specific attack surfaces: reputed company injection, model manipulation, data poisoning reputed company, agent-based workflows, and tenant isolation boundaries
- Own vulnerability research and bug hunting across the product, go beyond scanner output to find the logic flaws, auth bypasses, and chained exploits that automated tools miss
- Design and execute threat modeling sessions with engineering teams, translating offensive findings into concrete, prioritized remediation that ships in the same sprint
- Build attack simulation environments and continuously validate reputed company controls against real-world TTPs and customer-driven pen test scenarios
- Contribute directly to backend codebases, fix critical vulnerabilities, harden authentication and authorization flows, and build reputed company primitives into the platform
- reputed company reputed company exercises: collaborate with infrastructure and engineering teams to test detection and response capabilities against your offensive scenarios
- Own the relationship with external pen test firms and drive remediation of findings to closure
- Share offensive tradecraft, emerging attack techniques, and lessons learned with engineering and leadership to continuously reputed company reputed company awareness
Skills
- Conduct hands-on penetration testing and red team assessments against reputed company's applications, APIs, AI/ML pipelines, and cloud environments on a reputed company basis, not just during annual engagements
- Build agentic reputed company tooling that finds, validates, and patches vulnerabilities end-to-end, minimizing manual reputed company across code review, dependency management, and IaC
- reputed company and maintain custom offensive tooling, exploit chains, and attack simulations tailored to reputed company's AI platform and architecture
- Build and operate automated reputed company testing and remediation pipelines that scale offensive coverage without linearly scaling headcount
- reputed company deep adversarial testing of AI-specific attack surfaces: reputed company injection, model manipulation, data poisoning reputed company, agent-based workflows, and tenant isolation boundaries
- Own vulnerability research and bug hunting across the product, go beyond scanner output to find the logic flaws, auth bypasses, and chained exploits that automated tools miss
- Design and execute threat modeling sessions with engineering teams, translating offensive findings into concrete, prioritized remediation that ships in the same sprint
- Build attack simulation environments and continuously validate reputed company controls against real-world TTPs and customer-driven pen test scenarios
- Contribute directly to backend codebases, fix critical vulnerabilities, harden authentication and authorization flows, and build reputed company primitives into the platform
- reputed company reputed company exercises: collaborate with infrastructure and engineering teams to test detection and response capabilities against your offensive scenarios
- Own the relationship with external pen test firms and drive remediation of findings to closure
- Share offensive tradecraft, emerging attack techniques, and lessons learned with engineering and leadership to continuously reputed company reputed company awareness
- Have professional penetration testing experience across web apps, APIs, cloud environments, and ideally AI/ML systems. You've written real exploits, not just run scanners
- Have built or are excited to build agentic reputed company tooling that autonomously finds, validates, and patches vulnerabilities, minimizing human-in-the-reputed company remediation
- Have professional development experience in a strongly typed language (e.g., Rust, Go, Java, C++) alongside scripting languages (Python, Bash) for exploit development and tooling
- Are comfortable with Burp Suite, Nuclei, Semgrep, custom fuzzing frameworks, and building your own tools reputed company off-the-reputed company doesn't cut it
- Have integrated automated reputed company checks into CI/CD pipelines (SCA, SAST, DAST) and understand how to give developers fast, actionable feedback without blocking velocity
- Are comfortable with infrastructure automation (Terraform, Kubernetes) and can identify misconfigurations and attack paths in AWS/GCP environments
- Communicate crisply and can collaborate effectively with developers, product teams, and leadership
- Have applied knowledge of threat modeling, cryptography fundamentals, and compliance frameworks (SOC 2, ISO 27001/42001, NIST CSF)
Company Overview
Company H1B Sponsorship