Security Researcher

Join Fortinet a cybersecurity pioneer with over two decades of excellence as we continue to shape the future of cybersecurity and redefine the intersection of networking and security. At Fortinet our mission is to safeguard people devices and data everywhere. We are currently seeking a dynamic Security Researcher/Pentester to contribute to the success of our rapidly growing business. We are looking for a highly motivated individual who can thrive in a fast pace environment and successfully contribute to the team.

You would act as a Security Researcher/Penetration Tester. This is a highly technical role combining cutting-edge AI and LLM-powered attack techniques with traditional penetration testing skills. You will assist the Information Security leadership on evaluating the security posture of Fortinet Cloud Services. This position will be strongly focusing on AI powered red teaming cloud security adversarial research and LLM exploitation.

As a Security Researcher/Pentester your responsibilities will include:

• Conduct regularly penetration testsand security evaluations on Fortinet cloud products covering web applications and server backend under various authentication leveltoidentify vulnerabilities and security risks.

• Investigating and Writing POCs for published vulnerabilities and help production team to evaluating the exploitability and risks.

• Red team activities specifically on developing AI-assisted scripts agents and programs to penetrate and infiltrate in-scope systems and ICT technologies; this includes leveraging LLMs as autonomous attack agents capable of chaining exploits across cloud environments.

• Collecting threat intelligence evaluating and maintaining traditional Pentest tools and tracking emerging AI/LLM-based offensive security techniques and tooling.

• Conduct AI red team exercises targeting LLM-integrated cloud services and AI APIsincluding prompt injection indirect prompt injection jailbreaking and model inversion attacks.

• Perform LLM fine-tuning and abliteration research including training uncensored or capability-unlocked variants of open-source models (LLaMA Gemma4) via LoRA/QLoRA and representation-engineering techniques

• Develop and operate LLM-powered penetration testing pipelines: using AI agents (ReAct tool-use) to automate reconnaissance vulnerability enumeration exploit generation and post-exploitation chaining against cloud-native targets (Kubernetes clusters serverless functions IAM privilege escalation paths cloud storage misconfigurations).

• Research and document adversarial attack surfaces unique to AI-powered products: RAG pipeline data poisoning embedding inversion model supply-chain compromise and training data extraction.

We are looking for:

• 3 years ofdedicatedexperience in information security role with strong pen-tester practiced background (CVE Pentest reports Tech articles may be asked as proofs).

• Professionalpenetration test skills on information technologies includingoperation systems software frameworks database web applications and networks.

• Strong knowledge of the fundamentals of web applications including. authentication authorization session management HTTP protocol web language web server and browser architecture and implementation principle.

• Proven skills with traditional pen-test tools (Nessus Burp Suite Nuclei SQLmap) .

• Demonstrated practices of using Kali Linux / Metasploit to craft POCs for known vulnerabilities; ability to extend and automate these toolchains with LLM co-pilots or autonomous AI agents.

• Hands-on experience with LLM fine-tuning frameworks and techniques: LoRA / QLoRA (Unsloth LLaMA-Factory) supervised fine-tuning on security datasets and direct preference optimization (DPO) for behavior shaping.

• Proficiency in using LLMs and AI agents for offensive cloud security: automated IAM privilege-escalation discovery cloud misconfiguration enumeration AI-generated exploit payloads and natural-language-driven attack orchestration.

• Familiarity with AI/ML cloud service attack surfaces: prompt injection against retrieval-augmented generation (RAG) pipelines embedding space attacks model API abuse and inference-time adversarial inputs.

• Certifications such as OSCP OSWE HTB CPTS HTB CWEE are highly valued.

About Our Team:Join our team known for its collaborative ethos working seamlessly with global customers internal engineering teams and product development groups. Our team culture emphasizes continuous learning innovation and a strong commitment to customer satisfaction. We embrace Fortinets core values of openness teamwork and innovation fostering an environment where team members support each other share knowledge and leverage AI to solve complex technical challenges. Our inclusive and dynamic team thrives on collaboration and is driven by the shared goal of maintaining Fortinets high standards of excellence in cybersecurity solutions.

Why Join Us:We encourage candidates from all backgrounds and identities to apply. We offer a supportive work environment and a competitive Total Rewards package to support you with your overall health and financial well-being. Embark on a challenging enjoyable and rewarding career journey with Fortinet. Join us in bringing solutions that make a meaningful and lasting impact to our 660000 customers around the globe.

The Canada base salary range for this full-time position is expected to be between $119000 - $136000 annually. Wage ranges are based on various factors including the labour market job type and job level. Exact salary offers will be determined by factors such as the candidates subject knowledge skill level qualifications and experience.

Fortinet strives to provide you and your family with a comprehensive benefits package. Benefits eligibility starts on your first day of hire and comprises of 100% company paid medical dental and vision coverage including a Health Spending Account and a Personal Spending Account that gives you flexibility to spend where you need it the most. Our Employee & Family Assistance Plan (EFAP) offers you and your family access to various services like counseling legal advice mental health resources etc. We also provide critical illness disability and life insurance as well as a Group Registered Retirement Savings Plan (RRSP) with a company match to help you save faster for retirement. We offer competitive Paid Time Off and flexible leave policies including paid health days to help you take care of yourself and your family members.

All roles are eligible to participate in the Fortinet equity program. Bonus eligibility is reviewed at time of hire and annually at the Companys discretion.