Offensive Security Engineer

About NoScope

NoScope is a new venture from the team behind TryHackMe the worlds largest cyber security training platform used by 7M users and thousands of businesses. Were building an AI-powered pentesting solution.

Attackers are already using AI to launch hundreds of thousands of attacks in minutes and traditional pentesting hasnt kept up - its still manual expensive and time-limited meaning large parts of applications go untested and real vulnerabilities slip through. NoScope solves this with a swarm of AI agents that ethically test applications chaining actions across pages and workflows to find and validate real vulnerabilities with clear evidence. Weve already identified critical vulnerabilities in large-scale platforms widely used open source systems and applications that had decades of traditional pentests from top firms.

With TryHackMes backing deep offensive security expertise and access to large-scale training environments were building a fundamentally better solution for pentesting.

The Role

You will work closely with the core agentic system and help shape how it performs in real environments. This role requires thinking like an attacker challenging assumptions and ensuring that what we identify is genuinely exploitable and meaningful. You will be involved in hands-on testing improving how the system approaches testing and maintaining a high bar for the quality of findings.

This role also has a focus on content creation including clear and detailed blogs technical writeups and breakdowns of vulnerabilities discovered by the agent. The emphasis is on explaining real-world impact how issues could be exploited and how they should be fixed helping build credibility and share useful insights with the broader security community.

What youll do

• Work directly with the AI agent system run it against targets understand where it performs well and where it falls short and provide structured feedback to improve coverage and accuracy

• Validate reproduce and escalate findings writing clear and reliable proof-of-concepts that demonstrate real-world exploitability

• Coordinate disclosures across OSS projects and bug bounty platforms managing timelines and communication effectively

• Contribute to public security research and technical content that is relevant and valuable to the security community

• Research emerging vulnerability classes and attack techniques and translate those insights into improvements in how the system tests

• Build and maintain custom tooling where needed including automation scripts payload lists and testing harnesses tailored to specific targets

What were looking for

• 3-5 years of professional offensive security experience in penetration testing bug bounty or red teaming

• Strong understanding of web application vulnerabilities such as SQLi XSS SSRF IDOR SSTI business logic flaws authentication bypasses and their real-world nuances

• Comfortable reading and writing code in Python Bash and JavaScript with the ability to build custom tooling when needed

• Experience with public disclosures or CVEs

• Clear and effective written communication with the ability to explain complex findings to both engineers and security teams

• Experience working with bug bounty platforms and responsible disclosure processes

• Ability to go beyond automated tools and reason about systems attack paths and edge cases

Bonus points

• Public bug bounty reports or an active HackerOne or Bugcrowd profile

• Experience with TryHackMe or familiarity with its community

• Exposure to AI-assisted security tooling

Why NoScope

• AI is fundamentally changing how the world finds and fixes vulnerabilities - youll be working on systems that represent where the field is going not where it is today

• Backed by TryHackMe with funding distribution and full support from founders who built a $30M ARR cybersecurity company

• Access to a 7M user network and real-world environments that help validate findings at scale

• Be an early hire with real ownership over testing quality exploitability standards and how results are validated

• Work with a strong focused team building at the intersection of AI and offensive security

• Competitive salary

• Fully remote - work from anywhere with a global team

• High trust and autonomy from day one

Please note that we are currently unable to provide sponsorship.

How we work

We operate with intensity. Youll move fast wear multiple hats and get involved in things outside your job title. Theres no playbook no hand-holding and no coasting. If youre looking for a standard 9-5 with clear lanes this isnt the right fit. If you want an environment built to win where your work genuinely matters youll thrive here.