• Review and triage high volumes of test-centre incident reports • Support investigations into potential exam security issues • Manage security-related policy exceptions • Communicate clearly and professionally with candidates and internal stakeholders • Contribute to updates to exam security policies, procedures and guidance • Support initiatives that protect CFA Institute exam content

Role Description We are looking for experienced Cybersecurity Experts to contribute to the development of advanced evaluation environments for frontier AI systems. In this role, you will create realistic security-focused coding scenarios that assess how AI models understand software vulnerabilities, exploit chains, secure coding practices, and complex attack surfaces. The work combines elements of offensive security, application security, software engineering, and AI evaluation. This is a highly technical, hands-on opportunity focused on building reproducible security benchmarks and adversarial testing environments inspired by real-world vulnerability patterns. - Commitments Required: 8 hours per day with an overlap of 4 hours with PST. - Employment type: Contractor assignment (no medical/paid leave) - Duration of contract: 4 weeks+ - Location: Bangladesh, Brazil, Colombia, Egypt, Ghana, India, Pakistan, Indonesia, Kenya, Nigeria, Turkey, Vietnam - Interview: 2x technical interviews Responsibilities - Design vulnerable multi-component applications and security challenge environments across languages such as Go, Python, Node.js, or Rust - Develop realistic exploit chains combining multiple vulnerability categories and attack vectors - Build deterministic evaluation environments using Docker and automated validation tooling - Create security-focused test cases and verification logic for vulnerability detection and remediation workflows - Review and analyze AI-generated outputs to identify gaps in reasoning, security understanding, or exploit detection - Develop adversarial scenarios involving misleading documentation, obfuscated code, edge cases, and hidden attack paths - Model real-world vulnerability classes inspired by CVEs, bug bounty findings, and production security incidents - Ensure evaluation tasks remain scalable, reproducible, and resistant to contamination from public datasets - Collaborate with cross-functional teams working on AI evaluation, benchmarking, and automated testing systems Qualifications - 4+ years of experience in cybersecurity, application security, vulnerability research, or offensive security - Hands-on experience with vulnerability discovery, exploit development, secure code review, or patch validation - Strong understanding of web security, authentication, sessions, OAuth, JWT, SSRF, injection attacks, and access control vulnerabilities - Experience with cryptographic vulnerabilities, filesystem attacks, or privilege escalation scenarios - Experience using security tools such as SAST, fuzzers, IAST, or similar security testing frameworks - Strong coding skills in at least two of the following languages: Go, Python, Node.js, Rust - Experience working with Docker and containerized environments - Familiarity with Linux internals and system-level behavior - Experience with bug bounty programs, CTFs, red teaming, or CVE research is a strong plus

• Own and continuously improve Polymarket's AWS security posture across accounts, regions, and services — including IAM policies, SCPs, VPC segmentation, and account-level security baselines • Review and contribute to IaC modules that encode security defaults; integrate automated security checks into the deployment pipeline including policy-as-code validation and misconfiguration scanning • Own cloud-side security telemetry: CloudTrail, GuardDuty, Security Hub, Config Rules, VPC Flow Logs, and S3 access logging • Develop and tune detection logic for cloud-specific threats; partner with the SOC team on alert fidelity, incident response runbooks, and AWS-level investigations • Govern secrets management using AWS Secrets Manager and SSM Parameter Store; manage KMS key policies, rotation, and envelope encryption patterns • Drive remediation of findings from AWS Inspector, Security Hub, and third-party CSPM tooling; maintain benchmarks aligned to CIS AWS Foundations • Support audit and compliance activities (SOC 2, PCI-DSS, or similar) and conduct regular access reviews to identify and remediate privilege creep

• Primarily, develop thought-leading advice on the emergence, adoption and disruptions that emerging technologies bring to bear on the AI data security and AI ecosystem data management across the world. • Work with Gartner clients and their teams while reflecting the research in meeting conversations, and as a speaker, either face-to-face, or via videoconference. • Grow the ETT team’s network of thought leaders (academics, investors, etc.), startups, and vendors that the research team can draw on for interviews, case-based research and emergent disruptive security technologies and trends. • Provide tailored inquiries and briefings for Gartner clients on Emerging Technologies in the Security Markets; specifically AI data security and AI ecosystem data management. • Ensure integrity of research & analysis of the team.