Building the future of security testing.

You have deep expertise in web application security — not just running tools, but understanding why vulnerabilities exist and how to chain them into meaningful impact. You will drive the methodology that powers our AI agents, validate findings, and publish original research.

• —5+ years of hands-on penetration testing or bug bounty hunting
• —Deep knowledge of OWASP Top 10, business logic flaws, and modern web frameworks
• —Experience with manual exploitation — not just automated tooling
• —Strong written communication: you can explain a critical finding to a CISO in two sentences
• —CVEs, published research, or top-10 HackerOne ranking preferred

You will build and maintain the Pentevo platform — from the real-time scan dashboard to the API that coordinates AI agents. You care about correctness, performance, and the details that separate good software from great software.

• —4+ years of production experience with TypeScript/React and Python
• —Experience building real-time systems (WebSockets, SSE, event streaming)
• —Strong opinions about API design, data modeling, and developer experience
• —Comfort working in a fast-moving environment where you own what you ship
• —Security-minded: you think about what an attacker would do with every API you build

You will design and improve the AI systems that power our scanning agents — from prompt architecture and model routing to fine-tuning and evaluation pipelines. You want to apply LLMs to real-world security problems, not benchmarks.

• —3+ years working with large language models in production (not just experimentation)
• —Experience with prompt engineering, RAG, and agentic system design
• —Strong Python — you write code that other engineers want to maintain
• —Familiarity with security concepts is a significant advantage
• —Published work on agentic systems, LLM reasoning, or AI safety is a plus