Offensive Security Engineer

About NoScope

NoScope is a new venture from the team behind TryHackMe, the world's largest cyber security training platform used by 7M+ users and thousands of businesses. We're building an AI-powered pentesting solution.

Attackers are already using AI to launch hundreds of thousands of attacks in minutes, and traditional pentesting hasn't kept up - it's still manual, expensive, and time-limited, meaning large parts of applications go untested and real vulnerabilities slip through. NoScope solves this with a swarm of AI agents that ethically test applications, chaining actions across pages and workflows to find and validate real vulnerabilities with clear evidence. We've already identified critical vulnerabilities in large-scale platforms, widely used open source systems, and applications that had decades of traditional pentests from top firms.

With TryHackMe's backing, deep offensive security expertise, and access to large-scale training environments, we're building a fundamentally better solution for pentesting.

The Role

You will work closely with the core agentic system and help shape how it performs in real environments. This role requires thinking like an attacker, challenging assumptions, and ensuring that what we identify is genuinely exploitable and meaningful. You will be involved in hands-on testing, improving how the system approaches testing, and maintaining a high bar for the quality of findings.

This role also has a focus on content creation, including clear and detailed blogs, technical writeups, and breakdowns of vulnerabilities discovered by the agent. The emphasis is on explaining real-world impact, how issues could be exploited, and how they should be fixed, helping build credibility and share useful insights with the broader security community.

What you’ll do

• Work directly with the AI agent system, run it against targets, understand where it performs well and where it falls short, and provide structured feedback to improve coverage and accuracy

• Validate, reproduce, and escalate findings, writing clear and reliable proof-of-concepts that demonstrate real-world exploitability

• Coordinate disclosures across OSS projects and bug bounty platforms, managing timelines and communication effectively

• Contribute to public security research and technical content that is relevant and valuable to the security community

• Research emerging vulnerability classes and attack techniques, and translate those insights into improvements in how the system tests

• Build and maintain custom tooling where needed, including automation scripts, payload lists, and testing harnesses tailored to specific targets

What we’re looking for

• 3-5+ years of professional offensive security experience in penetration testing, bug bounty, or red teaming

• Strong understanding of web application vulnerabilities such as SQLi, XSS, SSRF, IDOR, SSTI, business logic flaws, authentication bypasses, and their real-world nuances

• Comfortable reading and writing code in Python, Bash, and JavaScript, with the ability to build custom tooling when needed

• Experience with public disclosures or CVEs

• Clear and effective written communication, with the ability to explain complex findings to both engineers and security teams

• Experience working with bug bounty platforms and responsible disclosure processes

• Ability to go beyond automated tools and reason about systems, attack paths, and edge cases

Bonus points

• Public bug bounty reports or an active HackerOne or Bugcrowd profile

• Experience with TryHackMe or familiarity with its community

• Exposure to AI-assisted security tooling

Why NoScope

• AI is fundamentally changing how the world finds and fixes vulnerabilities - you’ll be working on systems that represent where the field is going, not where it is today

• Backed by TryHackMe, with funding, distribution, and full support from founders who built a $30M+ ARR cybersecurity company

• Access to a 7M+ user network and real-world environments that help validate findings at scale

• Be an early hire with real ownership over testing quality, exploitability standards, and how results are validated

• Work with a strong, focused team building at the intersection of AI and offensive security

• Competitive salary

• Fully remote - work from anywhere with a global team

• High trust and autonomy from day one

Please note that we are currently unable to provide sponsorship.

How we work

We operate with intensity. You'll move fast, wear multiple hats, and get involved in things outside your job title. There's no playbook, no hand-holding, and no coasting. If you're looking for a standard 9-5 with clear lanes, this isn't the right fit. If you want an environment built to win where your work genuinely matters, you'll thrive here.