Security Researcher

About The Position

Requirements

• 3+ years of dedicated experience in information security role with strong pen-tester practiced background (CVE, Pentest reports, Tech articles may be asked as proofs).
• Professional penetration test skills on information technologies including operation systems, software frameworks, database, web applications and networks.
• Strong knowledge of the fundamentals of web applications including. authentication, authorization, session management, HTTP protocol, web language, web server and browser architecture and implementation principle.
• Proven skills with traditional pen-test tools (Nessus, Burp Suite, Nuclei, SQLmap).
• Demonstrated practices of using Kali Linux / Metasploit to craft POCs for known vulnerabilities; ability to extend and automate these toolchains with LLM co-pilots or autonomous AI agents.
• Hands-on experience with LLM fine-tuning frameworks and techniques: LoRA / QLoRA (Unsloth, LLaMA-Factory), supervised fine-tuning on security datasets, and direct preference optimization (DPO) for behavior shaping.
• Proficiency in using LLMs and AI agents for offensive cloud security: automated IAM privilege-escalation discovery, cloud misconfiguration enumeration, AI-generated exploit payloads, and natural-language-driven attack orchestration.
• Familiarity with AI/ML cloud service attack surfaces: prompt injection against retrieval-augmented generation (RAG) pipelines, embedding space attacks, model API abuse, and inference-time adversarial inputs.

Nice To Haves

• Certifications such as OSCP , OSWE , HTB CPTS, HTB CWEE are highly valued.

Responsibilities

• Conduct regularly penetration tests and security evaluations on Fortinet cloud products, covering web applications and server backend under various authentication level to identify vulnerabilities and security risks.
• Investigating and Writing POCs for published vulnerabilities and help production team to evaluating the exploitability and risks.
• Red team activities, specifically on developing AI-assisted scripts, agents, and programs to penetrate and infiltrate in-scope systems and ICT technologies; this includes leveraging LLMs as autonomous attack agents capable of chaining exploits across cloud environments.
• Collecting threat intelligence, evaluating and maintaining traditional Pentest tools, and tracking emerging AI/LLM-based offensive security techniques and tooling.
• Conduct AI red team exercises targeting LLM-integrated cloud services and AI APIs, including prompt injection, indirect prompt injection, jailbreaking, and model inversion attacks.
• Perform LLM fine-tuning and abliteration research — including training uncensored or capability-unlocked variants of open-source models (LLaMA, Gemma4) via LoRA/QLoRA and representation-engineering techniques.
• Develop and operate LLM-powered penetration testing pipelines: using AI agents (ReAct, tool-use) to automate reconnaissance, vulnerability enumeration, exploit generation, and post-exploitation chaining against cloud-native targets (Kubernetes clusters, serverless functions, IAM privilege escalation paths, cloud storage misconfigurations).
• Research and document adversarial attack surfaces unique to AI-powered products: RAG pipeline data poisoning, embedding inversion, model supply-chain compromise, and training data extraction.

Benefits

• 100% company paid medical, dental, and vision coverage
• Health Spending Account
• Personal Spending Account
• Employee & Family Assistance Plan (EFAP)
• critical illness insurance
• disability insurance
• life insurance
• Group Registered Retirement Savings Plan (RRSP) with a company match
• competitive Paid Time Off
• flexible leave policies
• paid health days
• Fortinet equity program
• Bonus eligibility