AI Security Researcher (AI Red Teaming)
About the Project:
An international project in the field of AI Security, focused on developing environments that help LLM models undergo reinforcement learning for cybersecurity-related tasks.
These environments will contain tasks in various cybersecurity domains (pentesting, incident response, exploitation, malware, etc.), with the goal of creating sufficiently complex tasks to cause the model to make mistakes, but which remain solvable for professional specialists.
Important: This is not a classic Pentester or Red Team Engineer position. The specialist's primary task is to create complex, yet realistic and verifiable security scenarios in which LLM models make errors specifically due to reasoning flaws, rather than due to ambiguous instructions or environment limitations.
Responsibilities:
- Design security scenarios for evaluating and training LLM models
- Create environments using GitHub, Slack, and other tools found in real development workflows
- Develop tasks requiring complex multi-step reasoning
- Simulate real-world offensive security scenarios (e.g., supply chain attacks, malicious pull requests, exploitation via GitHub Actions, and other modern techniques)
- Test developed scenarios against several frontier models and analyze the causes of their errors
- Formulate expected model behavior and describe why a specific error is considered a reasoning failure
- Automate the creation and testing of tasks using Python and other tools
What We Expect:
- 5+ years of practical experience in Offensive Security, Application Security, or Web Penetration Testing
- Deep understanding of modern attack techniques and the attack surface of web applications, APIs, GitHub, CI/CD, and related ecosystems
- Practical experience in conducting penetration testing and application security research
- Development experience in Python and/or JavaScript
- Skills in static and dynamic code analysis (Python, JavaScript, Java)
- Ability to independently research new areas, design complex scenarios, and explain the results of your work
- Fluent English (Upper-Intermediate / B2+)
- Practical experience working with modern LLM models
- Understanding of their operational specifics, limitations, and typical failure modes
- Interest in AI Security and researching LLM behavior
A Big Plus:
- Practical experience in AI Red Teaming or LLM Security
- Experience with Agentic AI, AI Agents, or Model Evaluation
- Experience in security research of GitHub Actions, CI/CD, Supply Chain Security
- OSWE, eWPTXv2, OWEE, OSWA certifications or similar
- Publications, write-ups, participation in Bug Bounty, HackTheBox, TryHackMe, Pwn2Own, or other research projects
The most valuable competency here is not the ability to exploit the next XSS, but the ability to invent a new, unlike existing scenarios, that will break a strong model.
Here, research mindset, creativity, and the ability to devise new attack scenarios are important, rather than replicating already known techniques.
Conditions:
- B2B contract (with sole proprietorship)
- Payment in US dollars
- Part-time: approximately 5–20 hours per week
- Minimum expected output: 1–2 tasks per week
- Completing one task typically takes 5 to 10 hours, depending on complexity
- Location — strictly outside the Russian Federation (either already residing outside the RF, or willing to relocate independently)
- Start — ASAP