AI Architect (AI for Security)
⚲ Madrid, Valencia
Do uzgodnienia
Wymagania
- Python
- LLM
- AWS
- Metasploit
- Burp Suite
Opis stanowiska
About the project
Hands-on AI-for-Security engagement with a regulated iGaming / online-gaming group. The client's security team is genuinely advanced: they already run an AI-driven offensive-security capability — continuous external-perimeter scanning feeding an LLM agent that plans exploitation, sources and validates exploits, and executes them in sandboxed environments — plus a runtime anomaly-detection layer watching for intrusion and privilege-escalation patterns across their products. They built this themselves and have explicitly asked us to challenge and improve it, not just rubber-stamp it.
This is not a generalist AI project. Neurons Lab brings the AI-architecture and engagement depth; what's missing is the offensive-security domain lead who can sit across the table from a hands-on CISO team as a peer, pressure-test their pipeline, and own the methodology. You are that expert. The early work is concrete and consultative: understand what they've built, find where it's wrong or expensive, and propose a better way.
Stage: pre-engagement / discovery (the immediate next step is a joint technical session with the client's CISO / security engineers). Duration: discovery → advisory / PoC, with strong extension probability as the security program scales across the group.
Reporting: Neurons Lab CTO / engagement lead (@Alex Honchar); partners with the Neurons Lab AI Architect on the account. You are the security domain owner for this track.
What you'll actually do
- Join joint working sessions with the client's hands-on security engineers; challenge and harden their AI-driven offensive pipeline end-to-end (recon → verification → AI-planned exploitation → sandboxed execution).
- Design and refine the exploitation agent: how the LLM plans attack paths, selects and validates exploits, and orchestrates parallel sandboxes safely and reproducibly.
- Optimise cost-per-finding of the existing exploitation pipeline: benchmark local / sovereign open models (Kimi, GPT-OSS, MiniMax, DeepSeek) against frontier models for the recon, exploitation and analysis loops; quantify accuracy / latency / cost trade-offs and recommend hardware sizing.
- Shape the runtime anomaly-detection layer: define which intrusion / privilege-escalation precursor patterns are worth collecting (signal over raw-log volume), and design the missing pieces — automated response (kill a malicious process / disable an account on detection) and triage routing by criticality.
- Stand up a quick-win PoC to anchor the engagement — e.g. an automated dependency / PR vulnerability-scanning pass, or a head-to-head local-vs-frontier benchmark of the exploitation agent.
- Turn findings into a defensible technical proposal and roadmap; present methodology and trade-offs to a technical CISO / CTO audience.
- Keep all sensitive work build-time and in-perimeter — no pushing intellectual property, configs, or recon-enabling data to external model providers; respect regulated-gaming certification constraints (no uncertified AI in runtime-critical paths).
Hands-on AI-for-Security engagement with a regulated iGaming / online-gaming group. The client's security team is genuinely advanced: they already run an AI-driven offensive-security capability — continuous external-perimeter scanning feeding an LLM agent that plans exploitation, sources and validates exploits, and executes them in sandboxed environments — plus a runtime anomaly-detection layer watching for intrusion and privilege-escalation patterns across their products. They built this themselves and have explicitly asked us to challenge and improve it, not just rubber-stamp it.
This is not a generalist AI project. Neurons Lab brings the AI-architecture and engagement depth; what's missing is the offensive-security domain lead who can sit across the table from a hands-on CISO team as a peer, pressure-test their pipeline, and own the methodology. You are that expert. The early work is concrete and consultative: understand what they've built, find where it's wrong or expensive, and propose a better way.
Stage: pre-engagement / discovery (the immediate next step is a joint technical session with the client's CISO / security engineers). Duration: discovery → advisory / PoC, with strong extension probability as the security program scales across the group.
Reporting: Neurons Lab CTO / engagement lead (@Alex Honchar); partners with the Neurons Lab AI Architect on the account. You are the security domain owner for this track.
What you'll actually do
- Join joint working sessions with the client's hands-on security engineers; challenge and harden their AI-driven offensive pipeline end-to-end (recon → verification → AI-planned exploitation → sandboxed execution).
- Design and refine the exploitation agent: how the LLM plans attack paths, selects and validates exploits, and orchestrates parallel sandboxes safely and reproducibly.
- Optimise cost-per-finding of the existing exploitation pipeline: benchmark local / sovereign open models (Kimi, GPT-OSS, MiniMax, DeepSeek) against frontier models for the recon, exploitation and analysis loops; quantify accuracy / latency / cost trade-offs and recommend hardware sizing.
- Shape the runtime anomaly-detection layer: define which intrusion / privilege-escalation precursor patterns are worth collecting (signal over raw-log volume), and design the missing pieces — automated response (kill a malicious process / disable an account on detection) and triage routing by criticality.
- Stand up a quick-win PoC to anchor the engagement — e.g. an automated dependency / PR vulnerability-scanning pass, or a head-to-head local-vs-frontier benchmark of the exploitation agent.
- Turn findings into a defensible technical proposal and roadmap; present methodology and trade-offs to a technical CISO / CTO audience.
- Keep all sensitive work build-time and in-perimeter — no pushing intellectual property, configs, or recon-enabling data to external model providers; respect regulated-gaming certification constraints (no uncertified AI in runtime-critical paths).
🔍 Dekoder Ogłoszenia
🔴
genuinely advanced
Zespół klienta jest zaawansowany, ale może to oznaczać, że ich obecne rozwiązania są skomplikowane i trudne do zrozumienia lub modyfikacji.
🔴
challenge and improve it, not just rubber-stamp it
Oczekuje się aktywnego kwestionowania i proponowania zmian, co może oznaczać, że obecne rozwiązania są dalekie od ideału i wymagają gruntownych przeróbek.
🟡
sit across the table from a hands-on CISO team as a peer
Oczekuje się, że będziesz traktowany jako równorzędny partner, co może oznaczać wysokie oczekiwania co do Twojej wiedzy i umiejętności negocjacyjnych.
🔴
own the methodology
Będziesz odpowiedzialny za zaproponowanie i wdrożenie nowej metodologii, co może oznaczać dużą odpowiedzialność i presję.
🟡
strong extension probability
Projekt ma duże szanse na przedłużenie, co może oznaczać stabilność, ale też potencjalnie długoterminowe zaangażowanie w projekt o niepewnym ostatecznym kształcie.