• Design vulnerable multi-component applications and security challenge environments across languages such as Go, Python, Node.js, or Rust • Develop realistic exploit chains combining multiple vulnerability categories and attack vectors • Build deterministic evaluation environments using Docker and automated validation tooling • Create security-focused test cases and verification logic for vulnerability detection and remediation workflows • Review and analyze AI-generated outputs to identify gaps in reasoning, security understanding, or exploit detection • Develop adversarial scenarios involving misleading documentation, obfuscated code, edge cases, and hidden attack paths • Model real-world vulnerability classes inspired by CVEs, bug bounty findings, and production security incidents • Ensure evaluation tasks remain scalable, reproducible, and resistant to contamination from public datasets • Collaborate with cross-functional teams working on AI evaluation, benchmarking, and automated testing systems

• Owning the technical relationship with customers from onboarding through renewal • Performing technical presentations and demos for customers and partners • Communicating concepts to audiences, including executive-level decision-makers, and follow up with technical staff in all areas • Adapting to complex, changing business environments to deliver valuable solutions to enterprise customers • Providing updates to customers on requested features, bug fixes, and product roadmaps • Familiarizing yourself with customer environments, requirements, and milestones in order to help drive value

• Review and triage high volumes of test-centre incident reports • Support investigations into potential exam security issues • Manage security-related policy exceptions • Communicate clearly and professionally with candidates and internal stakeholders • Contribute to updates to exam security policies, procedures and guidance • Support initiatives that protect CFA Institute exam content

Role Description We are looking for experienced Cybersecurity Experts to contribute to the development of advanced evaluation environments for frontier AI systems. In this role, you will create realistic security-focused coding scenarios that assess how AI models understand software vulnerabilities, exploit chains, secure coding practices, and complex attack surfaces. The work combines elements of offensive security, application security, software engineering, and AI evaluation. This is a highly technical, hands-on opportunity focused on building reproducible security benchmarks and adversarial testing environments inspired by real-world vulnerability patterns. - Commitments Required: 8 hours per day with an overlap of 4 hours with PST. - Employment type: Contractor assignment (no medical/paid leave) - Duration of contract: 4 weeks+ - Location: Bangladesh, Brazil, Colombia, Egypt, Ghana, India, Pakistan, Indonesia, Kenya, Nigeria, Turkey, Vietnam - Interview: 2x technical interviews Responsibilities - Design vulnerable multi-component applications and security challenge environments across languages such as Go, Python, Node.js, or Rust - Develop realistic exploit chains combining multiple vulnerability categories and attack vectors - Build deterministic evaluation environments using Docker and automated validation tooling - Create security-focused test cases and verification logic for vulnerability detection and remediation workflows - Review and analyze AI-generated outputs to identify gaps in reasoning, security understanding, or exploit detection - Develop adversarial scenarios involving misleading documentation, obfuscated code, edge cases, and hidden attack paths - Model real-world vulnerability classes inspired by CVEs, bug bounty findings, and production security incidents - Ensure evaluation tasks remain scalable, reproducible, and resistant to contamination from public datasets - Collaborate with cross-functional teams working on AI evaluation, benchmarking, and automated testing systems Qualifications - 4+ years of experience in cybersecurity, application security, vulnerability research, or offensive security - Hands-on experience with vulnerability discovery, exploit development, secure code review, or patch validation - Strong understanding of web security, authentication, sessions, OAuth, JWT, SSRF, injection attacks, and access control vulnerabilities - Experience with cryptographic vulnerabilities, filesystem attacks, or privilege escalation scenarios - Experience using security tools such as SAST, fuzzers, IAST, or similar security testing frameworks - Strong coding skills in at least two of the following languages: Go, Python, Node.js, Rust - Experience working with Docker and containerized environments - Familiarity with Linux internals and system-level behavior - Experience with bug bounty programs, CTFs, red teaming, or CVE research is a strong plus