Role Description We’re looking for a Junior Security Operations Engineer who is AI-Forward to help scale and modernize our SecOps program. This is a hands-on, builder role for someone who will design and ship the security tooling that powers our triage, investigations, and response workflows. You’ll report to the Technical Operations Director and work alongside our GRC lead to improve our: - Vulnerability intake - Threat response - Darkweb posture - Internal security tooling A core part of this role is building AI-assisted security tooling: - Triage agents that pre-classify bug bounty reports - Investigation copilots that pull context from logs and SIEM data - Response workflows that draft remediation steps and track them to closure You’ll spend as much time wiring up that tooling as you will reproducing vulnerabilities and working incidents. This role suits someone who thrives in a lean, high-impact environment, has strong opinions on where humans add value versus where tooling should take over, and wants to shape how a modern security team operates. Qualifications - Previous experience in a SecOps, Security Analyst, or Threat Response role - Proven ability to understand and reproduce technical vulnerabilities - Experience with bug bounty triage (HackerOne, Bugcrowd, or similar) - Hands-on exposure to SIEM, EDR, and DLP tools in production environments - A genuine, demonstrated interest in applying AI/LLMs to security work - Scripting and automation skills in Python, Bash, or similar - Comfort working autonomously across time zones and asynchronously - Strong written communication skills Requirements - Triage & Vulnerability Management - Review incoming vulnerability reports from our bug bounty intake; reproduce and document valid issues for engineering teams - Build the tooling that improves signal-to-noise: automate duplicate detection, spam filtering, and abuse flagging - Act on DAST findings: coordinate remediation, verify fixes, and re-test - Track remediation timelines for critical vulnerabilities and keep stakeholders honest on SLAs - Threat Response & Monitoring - Monitor and respond to EDR and cloud security alerts; investigate, contain, and document - Analyze darkweb findings and credential exposures; shape our darkweb monitoring practices and tooling over time - Improve detection coverage: tune noisy rules, close gaps, and enrich alerts with context - Help configure and tune DLP, SIEM, and AI security tooling - Security Tooling (core to this role) - Build AI-assisted triage tooling that pre-classifies bug bounty reports - Build investigation tooling: LLM-backed copilots and Slack bots - Build response tooling: workflows that draft remediation steps and track issues to closure - Evaluate emerging AI security tooling and bring what’s genuinely useful into the stack - Apply a security-minded lens to our own AI usage - Compliance & Cross-Functional - Support audit evidence collection for SOC 2, ISO 27001, and PCI DSS - Partner with ITOps to verify patches, endpoint coverage, and access hygiene Benefits - Full-time contract - Remote-first and async-friendly - Potential to extend or convert based on fit - Reports to the Technical Operations Director; works closely with the GRC lead and IT Operations How We Work We’re a lean, high-trust team. We value people who ship, who can operate independently, and who treat security as an engineering problem rather than a checklist. If you’re someone who sees a repetitive task and immediately thinks “this should be a script, or better yet, an agent,” you’ll fit in here. To Apply Tell us about a time you used AI, automation, or custom tooling to meaningfully change how a security workflow ran. What was manual before, what it looked like after, and what you learned. Links to code, writeups, or demos are welcome.

• You'll own Prolific's application security strategy and be the most senior security engineering voice in the organisation. • Define and drive our Secure Software Development Lifecycle (SSDLC). • Set the standard for how security is embedded into engineering. • Get hands-on with code review, threat modelling, and security testing when it matters. • Manage our Senior Application Security Engineer and continue to own our compliance programme alongside these responsibilities. • Act as the go-to expert for application security, partnering with engineering leadership to balance risk and velocity. • Build the tooling, processes, and culture needed to embed security into how we ship.

Role Description - Innovate with the Customer in Mind: Partner with product owners, stakeholders, and engineers to understand customer needs, translating complex technical risks into actionable, scalable solutions that solidify Prowler's position at the forefront of the industry and drive our mission to become the standard for cloud protection. - Team Leadership & Execution: Lead, mentor, and grow a team of cloud security engineers and researchers, owning the end-to-end planning, execution, and delivery of cutting-edge research and team projects. - Pioneer Cloud Threat Research: Conduct comprehensive architectural reviews of major cloud ecosystems (AWS, GCP, Azure, OCI), their telemetry data, and Kubernetes to uncover hidden threat vectors, evasion techniques, and structural vulnerabilities. Naturally adopt an adversarial mindset, constantly evaluating new cloud deployments to identify architectural flaws, blind spots, and potential abuse vectors. - Develop Scalable Security Controls: Pioneer new methodologies for threat identification, engineering advanced security rules and automated safeguards from the ground up. Transform experimental security research into robust, enterprise-grade detection features integrated into the Prowler product. - Advanced Threat Modeling: Conduct deep-dive analysis and advanced threat modeling on complex cloud architectures and emerging AI/LLM infrastructures to preemptively identify and mitigate risks. - Drive the Security Roadmap: Contribute to strategic architecture decisions, collaborating closely with world-class engineering and research teams to define and execute the security product roadmap. - Champion Engineering Excellence: Drive high-quality code standards by leading code reviews, automated testing, and CI/CD workflows. Provide constructive feedback and mentor fellow engineers on best practices. - Elevate Industry Standards: Continuously update knowledge and push the continuous improvement of internal practices, introducing the latest industry standards and emerging trends to keep the team at the forefront of cloud security. - Community & Thought Leadership: Actively engage with and support the Prowler community, implement customer-driven requests, represent the team externally, and guide others in the open-source cloud security ecosystem. Qualifications - Cloud Security Expertise: 6+ years of extensive experience in Cybersecurity, with at least 3 years explicitly focused on Cloud Security ecosystems (CSPM, CWPP, CNAPP). - Technical Leadership: Proven experience (2-3+ years) leading engineering or research teams, driving collaborative development workflows, conducting rigorous code reviews, and managing agile security projects. - Cloud Architecture & IAM Mastery: Expert, deep-dive understanding of CSP APIs, internal services, and complex permission models (IAM) across at least one major cloud provider (AWS, GCP, Azure), alongside strong networking fundamentals (including cross-network routing, micro-segmentation, and advanced network topologies). - Attacker/Defender Mindset: A proven ability to evaluate any cloud architecture with an adversarial mindset, identifying structural flaws and potential abuse vectors before they are weaponized, backed by a solid foundation in cloud attack methodologies, vulnerability research, and penetration testing. - Coding Excellence: Advanced proficiency in Python, with a strong ability to write clean, efficient, scalable code. You are a strong advocate for maintaining high standards of detection quality and thorough documentation. - Cloud-Native & Infrastructure: Hands-on experience with containers and orchestration tools (Docker, Kubernetes), and a deep understanding of operating system architectures. - Automation & CI/CD: Practical experience with Git, collaborative workflows, Infrastructure as Code (leveraging the HashiCorp ecosystem or native cloud templates), and deployment automation within CI/CD pipelines. - Communication Skills: Adept at translating intricate security threats into actionable business insights for leadership, while providing deep, actionable context for our engineering squads. - Startup DNA: Driven by a strong sense of ownership, you excel in self-directed remote work while remaining deeply engaged and highly communicative within our distributed engineering culture. Working fluency in English is required. Requirements - AI & LLM Security Vanguard: Pioneering knowledge of emerging threat landscapes, attack vectors, and security best practices within Artificial Intelligence infrastructures, LLM security, and MLOps environments. - Open-Source Champion: A strong background with active, hands-on contributions to open-source security projects and a visible presence in the collaborative security ecosystem. - Industry Thought Leadership: A proven track record of sharing research and knowledge. This includes speaking engagements at top-tier conferences (e.g., DEF CON, Black Hat, fwd:cloudsec, BSides) or impactful research publications, CVE discoveries, and technical blog posts. - Advanced Certifications: Holding industry-recognized certifications that validate your deep technical expertise, such as AWS Certified Security - Specialty, GCP Professional Cloud Security Engineer, OSCP, OSWE, or equivalent. Benefits - Opportunity to work with a rapidly growing and innovative company in the cloud security industry. - Fully remote work, allowing for a flexible and collaborative environment. - Competitive compensation package. - Continuous learning and professional development opportunities. - Be part of a dynamic team that values creativity and innovation. - This is a full time, salaried position writing, testing, reviewing, and operating code at scale. - Prowler is fully remote and distributed, spanning all U.S. time zones and several in E.U. - Mandatory minimum PTO (shoot for ~5 weeks; anything less than 4 weeks/year is unacceptable). - Workstation/home office stipend per year, flexible working hours, and stock options. Hiring Process - Intro & Technical Screen (30 minutes): We want to get to know the person behind the profile. You'll jump on a quick call with one of our founders or tech leads to discuss your background, your proudest achievements, and the complex security or engineering challenges you’ve tackled so far. - Culture & Alignment Interview (1 hour): We thrive on a generative, diversity-first culture that champions context over control. This conversation is a two-way street to ensure you resonate with the high degree of autonomy, freedom, and ownership we expect, and to confirm that our environment is the right place for you to grow and succeed. - Technical Team Dynamic (1 hour 30 minutes): No take-home assignments here—we want to see how we build together. You will join a live, collaborative session with your future teammates to tackle a real-world cloud security scenario. Rather than answering trick questions in isolation, this interactive exercise focuses on your technical reasoning, solution architecture, and how effectively you communicate and problem-solve within a team setting.

Title: Cybersecurity And IoT Research Analyst Location: Tysons Corner United States Job Description: LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed. Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors-helping agencies navigate complexity and outpace change. The Opportunity We're hiring a Cybersecurity & IoT Research Analyst to support ongoing R&D efforts while contributing directly to production-bound DoD systems. This is a hybrid R&D + implementation role. You'll take hands-on research-like IoT protocol vulnerability testing, wireless security analysis, and device-level exploitation-and translate it into actionable security improvements, RMF artifacts, and deployable solutions. You'll work across the full lifecycle: from lab-based vulnerability testing (e.g., replay attacks, packet injection, device compromise) to supporting accreditation (RMF/ATO) and hardening real-world systems. Responsibilities Cybersecurity & RMF Support - Support Risk Management Framework (RMF) activities including control implementation, documentation, POA&Ms, and ATO readiness. - Assist in system security architecture development, aligning IoT/embedded systems with DoD cybersecurity requirements. - Conduct security assessments and support vulnerability management processes across hardware and software systems. - Collaborate with ISSOs, ISSMs, and engineering teams to ensure compliance with NIST and DoD standards. Vulnerability Testing & Security Research - Design and execute vulnerability testing across IoT and RF protocols (e.g., ZigBee, LoRaWAN, NB-IoT, Mist). - Perform packet analysis, traffic inspection, and exploitation testing using tools like Wireshark, Kali Linux, and SDR frameworks. - Simulate real-world attack vectors such as replay attacks, packet injection, device cloning, and resource exhaustion. - Analyze protocol weaknesses such as centralized trust models, insecure key exchange, and lack of rate limiting. R&D and Innovation - Support ongoing R&D efforts focused on IoT protocol security, wireless communications, and system resilience. - Contribute to development of testbeds and experimental environments to simulate real-world deployments. - Evaluate emerging technologies and security approaches to improve system architecture and defense-in-depth strategies. - Document findings and translate research into engineering recommendations and product improvements. Secure System Development - Support development of secure update mechanisms, device authentication workflows, and trust validation systems. - Contribute to secure software and firmware design, including integrity validation and access control mechanisms. - Assist in implementing protections against unauthorized access, tampering, and compromised device participation. - Collaborate with DevSecOps and platform teams to integrate security into CI/CD pipelines and deployment workflows. Data Analysis & Reporting - Analyze quantitative and qualitative security data to assess system resilience and risk posture. - Develop technical reports, briefings, and executive summaries to communicate findings and recommendations. - Support customer-facing deliverables and contribute to proposal or R&D documentation efforts. Qualifications What We're Looking For - Bachelor's degree in Cybersecurity, Computer Engineering, Computer Science, or related field (or equivalent experience). - Strong foundation in cybersecurity principles, including network security, cryptography, and secure system design. - Experience or coursework in wireless communications, RF systems, or IoT protocols. - Hands-on experience with tools such as Wireshark, Kali Linux, Metasploit, or similar security testing frameworks. - Familiarity with programming/scripting (Python, C/C++, or Java). - Understanding of networking fundamentals and packet-level analysis. - U.S. Citizenship required; ability to obtain a Secret clearance. Bonus Points For - Experience with RMF, ATO processes, or NIST 800-53 controls. - Exposure to IoT security testing, embedded systems, or RF communications. - Experience building or working with testbeds (e.g., Raspberry Pi, wireless mesh networks). - Familiarity with cloud platforms (GCP, AWS) and containerization (Docker). - Participation in cybersecurity competitions, research programs, or technical R&D initiatives. - Experience analyzing attack vectors like replay attacks, packet injection, or unauthorized access in IoT systems. Why This Role Matters Modern IoT systems are expanding the attack surface across critical defense infrastructure. Research has shown that protocols can be vulnerable to attacks like replay, injection, and unauthorized access depending on implementation and architecture . In this role, you won't just study those vulnerabilities-you'll help eliminate them. Your work will directly influence how secure, resilient, and mission-ready next-generation DoD systems become. Target salary range: $69265.76 - $118424.66 Disclaimer: The salary range displayed represents the typical salary range for this position and is not a guarantee of compensation. Individual salaries are determined by various factors including, but not limited to location, internal equity, business considerations, client contract requirements, and candidate qualifications, such as education, experience, skills, and security clearances. #LI-SH1