MidFull TimeEN
NoScope is a new venture from the team behind TryHackMe, the world's largest cyber security training platform used by 7M+ users and thousands of businesses. We're building an AI-powered pentesting solution.
Attackers are already using AI to launch hundreds of thousands of attacks in minutes, and traditional pentesting hasn't kept up - it's still manual, expensive, and time-limited, meaning large parts of applications go untested and real vulnerabilities slip through. NoScope solves this with a swarm of AI agents that ethically test applications, chaining actions across pages and workflows to find and validate real vulnerabilities with clear evidence. We've already identified critical vulnerabilities in large-scale platforms, widely used open source systems, and applications that had decades of traditional pentests from top firms.
With TryHackMe's backing, deep offensive security expertise, and access to large-scale training environments, we're building a fundamentally better solution for pentesting.
You will work closely with the core agentic system and help shape how it performs in real environments. This role requires thinking like an attacker, challenging assumptions, and ensuring that what we identify is genuinely exploitable and meaningful. You will be involved in hands-on testing, improving how the system approaches testing, and maintaining a high bar for the quality of findings.
This role also has a focus on content creation, including clear and detailed blogs, technical writeups, and breakdowns of vulnerabilities discovered by the agent. The emphasis is on explaining real-world impact, how issues could be exploited, and how they should be fixed, helping build credibility and share useful insights with the broader security community.
Work directly with the AI agent system, run it against targets, understand where it performs well and where it falls short, and provide structured feedback to improve coverage and accuracy
Validate, reproduce, and escalate findings, writing clear and reliable proof-of-concepts that demonstrate real-world exploitability
Coordinate disclosures across OSS projects and bug bounty platforms, managing timelines and communication effectively
Contribute to public security research and technical content that is relevant and valuable to the security community
Research emerging vulnerability classes and attack techniques, and translate those insights into improvements in how the system tests
Build and maintain custom tooling where needed, including automation scripts, payload lists, and testing harnesses tailored to specific targets
3-5+ years of professional offensive security experience in penetration testing, bug bounty, or red teaming
Strong understanding of web application vulnerabilities such as SQLi, XSS, SSRF, IDOR, SSTI, business logic flaws, authentication bypasses, and their real-world nuances
Comfortable reading and writing code in Python, Bash, and JavaScript, with the ability to build custom tooling when needed
Experience with public disclosures or CVEs
Clear and effective written communication, with the ability to explain complex findings to both engineers and security teams
Experience working with bug bounty platforms and responsible disclosure processes
Ability to go beyond automated tools and reason about systems, attack paths, and edge cases
Public bug bounty reports or an active HackerOne or Bugcrowd profile
Experience with TryHackMe or familiarity with its community
Exposure to AI-assisted security tooling
AI is fundamentally changing how the world finds and fixes vulnerabilities - you’ll be working on systems that represent where the field is going, not where it is today
Backed by TryHackMe, with funding, distribution, and full support from founders who built a $30M+ ARR cybersecurity company
Access to a 7M+ user network and real-world environments that help validate findings at scale
Be an early hire with real ownership over testing quality, exploitability standards, and how results are validated
Work with a strong, focused team building at the intersection of AI and offensive security
Competitive salary
Fully remote - work from anywhere with a global team
High trust and autonomy from day one
Please note that we are currently unable to provide sponsorship.
We operate with intensity. You'll move fast, wear multiple hats, and get involved in things outside your job title. There's no playbook, no hand-holding, and no coasting. If you're looking for a standard 9-5 with clear lanes, this isn't the right fit. If you want an environment built to win where your work genuinely matters, you'll thrive here.
