Subscribe to the latest remote jobs:

AI Architect (AI for Security)

🌏 Worldwide

Consulting

Python

AWS

Machine Learning

Design

Testing

AI Architect (AI for Security)

from 🌏 Worldwide

About the project(description, duration, stage)

Hands-onAI-for-Security engagement with aregulated iGaming / online-gaming group. The client's security team is genuinely advanced: they already run anAI-driven offensive-security capability — continuous external-perimeter scanning feeding an LLM agent that plans exploitation, sources and validates exploits, and executes them in sandboxed environments — plus aruntime anomaly-detection layer watching for intrusion and privilege-escalation patterns across their products. They built this themselves and have explicitly asked us tochallenge and improve it, not just rubber-stamp it.

This isnot a generalist AI project. Neurons Lab brings the AI-architecture and engagement depth; what's missing is theoffensive-security domain lead who can sit across the table from a hands-on CISO team as a peer, pressure-test their pipeline, and own the methodology.You are that expert. The early work is concrete and consultative: understand what they've built, find where it's wrong or expensive, and propose a better way.

Stage: pre-engagement / discovery (the immediate next step is a joint technical session with the client's CISO / security engineers).Duration: discovery → advisory / PoC, with strong extension probability as the security program scales across the group.

Reporting: Neurons Lab CTO / engagement lead (@Alex Honchar); partners with the Neurons Lab AI Architect on the account. You are the security domain owner for this track.

What you'll actually do(example tasks)

  • Join joint working sessions with the client's hands-on security engineers;challenge and harden their AI-driven offensive pipeline end-to-end (recon → verification → AI-planned exploitation → sandboxed execution).

  • Design and refine the exploitation agent: how the LLM plans attack paths, selects and validates exploits, and orchestrates parallel sandboxes safely and reproducibly.

  • Optimise cost-per-finding of the existing exploitation pipeline: benchmarklocal / sovereign open models (Kimi, GPT-OSS, MiniMax, DeepSeek) against frontier models for the recon, exploitation and analysis loops; quantify accuracy / latency / cost trade-offs and recommend hardware sizing.

  • Shape theruntime anomaly-detection layer: define which intrusion / privilege-escalation precursor patterns are worth collecting (signal over raw-log volume), and design the missing pieces —automated response (kill a malicious process / disable an account on detection) andtriage routing by criticality.

  • Stand up aquick-win PoC to anchor the engagement — e.g. an automated dependency / PR vulnerability-scanning pass, or a head-to-head local-vs-frontier benchmark of the exploitation agent.

  • Turn findings into adefensible technical proposal and roadmap; present methodology and trade-offs to a technical CISO / CTO audience.

  • Keep all sensitive workbuild-time and in-perimeter — no pushing intellectual property, configs, or recon-enabling data to external model providers; respect regulated-gaming certification constraints (no uncertified AI in runtime-critical paths).

Skills(hands-on first)

  • Hands-on offensive security: vulnerability research, exploit development and chaining, web + network penetration testing; fluent with Nmap, Nuclei, Katana, Acunetix, Metasploit, Burp Suite and Kali tooling.

  • Building and operating LLM agents for security work — agentic tool-use, sandbox orchestration, prompt / flow design for recon and exploitation, guardrails for autonomous exploitation.

  • Local / self-hosted open models: running and tuning open weights (Kimi, GPT-OSS, MiniMax, DeepSeek) on rented or private GPU; quantization, throughput and the agentic-performance trade-offs that matter for security automation.

  • Exploit & threat intelligence: sourcing and validating exploits (including from underground / forum sources), CVE triage, exploitability and severity assessment.

  • Runtime detection: designing intrusion / privilege-escalation pattern detection, anomaly detection, and automated response.

  • Cloud security (AWS preferred): sandboxing, container isolation, secure inference hosting.

  • Writes their own code (Python + shell) and canexplain methodology to non-security executives.

Knowledge

  • Modern offensive-security methodology and the current exploit / zero-day landscape.

  • Strengths and limits offrontier vs. local LLMs for security automation (agentic tool-use, reasoning depth, cost-per-task).

  • Data-egress / sovereignty constraints: why IP and recon-enabling data must stay in-perimeter; private-cloud (AWS Bedrock) vs. rented-hardware trade-offs.

  • iGaming / regulated-infrastructure context and certification constraints (build-time vs. run-time AI) —strong plus.

  • Defensive side — SIEM, anomaly detection, incident response —plus.

Experience

Key characteristics (ideally 4/4):

  • Hands-on offensive security

  • Built or operatedAI / LLM-driven security automation (agents, pipelines), not just used a chatbot

  • Cloud hyperscaler experience (AWS preferred)

  • Technology consulting / client-facing delivery — can lead a CISO-level technical conversation

Role-specific characteristics:

  • 3+ years hands-on offensive security / vulnerability research / red-team

  • Demonstrableexploit development and chaining; comfortable with zero-day research and exploit intelligence

  • Haswired LLMs into real security workflows (recon, exploitation, triage)

  • Has runself-hosted / local open models in a real engagement, with a view on cost and hardware

  • Comfortable being thesole domain expert in the room and owning the methodology

Terms & conditions

  • Allocation: ~0.25 – 0.5 FTE initially (discovery/advisory + joint CISO sessions), scaling with the engagement

by @maxrusakovic