Devoteam Cyber Trust | Autonomous Pentesting Engineer

Mission

Develop and evolve an autonomous pentesting platform based on agentic systems integrated within the Offensive Security domainspecifically the Offensive Engineering and Innovation teamensuring systems are effective controllable and capable of producing relevant and reliable outputs in real-world penetration testing scenarios.

Role Context

• This role sits within the Offensive Engineering and Innovation team responsible for creating new technical capabilities that extend and scale offensive security services.
• The platform aims to automate significant parts of the pentesting lifecycle aligned with methodologies such as the OWASP Web Security Testing Guide (WSTG) leveraging agents LLMs and integrations with existing security tooling.
• This is not an isolated experimental initiative. It is a production-oriented capability with direct application in delivery environments.

Responsibilities

• Define and evolve the architecture of autonomous pentesting agents
• Develop controlled execution pipelines (tasking tool usage feedback loops)
• Design and improve mechanisms for:
  • Planning
  • State management
  • Tool usage orchestration
  • Validation and control of agent execution
• Integrate and optimize LLM-based systems within agent workflows
• Define and validate tool-calling interfaces and integrations with pentesting tools
• Ensure alignment with established methodologies (e.g. OWASP WSTG)
• Test and validate agent behavior in real-world scenarios
• Identify analyze and mitigate system failures and edge cases
• Contribute to internal standards engineering practices and design patterns

Qualifications :

Technical Skills:

Required

• Strong proficiency in Python
• Experience with APIs and distributed systems
• Practical experience with LLMs (usage integration limitations)
• Understanding of agent-based systems

Highly Important

• Ability to design complex non-deterministic systems
• Experience with:
  • Task decomposition and planning
  • State management and execution continuity
  • Tool orchestration
  • Output validation and evidence handling
• Strong debugging capability (deep system-level troubleshooting)
• Ability to validate system behavior not only code correctness

Differentiators

• Experience with agent frameworks
• Background in Application Security (AppSec)
• Experience with security testing automation
• Exposure to multiple LLM models and providers

Soft Skills

• Strong critical thinking
• Ability to operate in imperfect and evolving systems
• Experimental and outcome-driven mindset
• Strong focus on control reliability and predictability
• High autonomy and ownership

Success Metrics

• Agents produce useful actionable outputs
• Execution is predictable and controllable
• Low rate of unexpected or unsafe behaviors
• Effective integration into real pentesting workflows
• Continuous system evolution without uncontrolled complexity growth

Additional Information :

O que oferecemos:

•  Valorização e acompanhamento do talento;
• Aposta no desenvolvimento dos nossos colaboradores;
• Colaboração numa empresa em constante crescimento e evolução;
•  Forte cultura organizacional: colaboração partilha flexibilidade integridade e low ego.

Gostarias de te juntar à nossa equipa Então envia o teu CV.

The Devoteam Group works for equal opportunities promoting its employees based on merit and actively fights against all forms of discrimination. We are convinced that diversity contributes to the creativity dynamism and excellence of our organization. All of our vacancies are open to people with disabilities.

Remote Work :

No

Employment Type :

Full-time