AI Engineer - Pentesting Agent

About TryHackMe

TryHackMe is the fastest-growing online cyber security training platform. Having only been around for a handful of years, we've grown to more than 6 million users and are used by >1000 businesses (including governments and Fortune 500 companies like Google and Microsoft). With a $1M starting budget, we're developing a fully autonomous AI pentester that can plan, exploit, adapt, and report with the speed and precision required for modern offensive security. We’re looking for an engineer to join our small talented team to test and develop our agent.

You must have an interest in cyber security, be deeply curious, and passionate about AI agents.

The Role: AI Engineer - Pentesting Agent

You’ll be designing the system’s core logic, shaping its reasoning, decision paths, memory, and execution flow so it can handle complex offensive tasks reliably. Your day-to-day involves collaborating closely with an offensive security researcher to align the agent with real attacker workflows and improve how it identifies and exploits vulnerabilities.

What you’ll do

• Contribute to the development and optimisation of our autonomous AI pentesting agent.
• Build and maintain safe environments to run, test, and benchmark agent behaviours.
• Implement core agent capabilities such as reasoning, decision-making, planning, and tool orchestration.
• Assist in evaluating and comparing large language models (Claude, OpenAI models, Mistral, Llama, etc.) for agent tasks.
• Build UI components and dashboards using React and support browser automation workflows using Playwright for agent evaluation.
• Support continuous refinement of the agent through experimentation, observability, and lab testing.

What we’re looking for

• 2+ years software development experience with strong Python skills.
• Experience building AI agents (LangChain, CrewAI, Strands SDK, etc.).
• Hands-on with agent design: reasoning, memory, tool orchestration, structured outputs.
• Prompt engineering, RAG, chain-of-thought, few-shot learning, agent evaluation.
• SQL/NoSQL databases and basic data modeling.
• Docker, AWS, cloud deployment, shell scripting.
• React for frontend/dashboards.

Bonus points

• Familiarity with OWASP Top 10.
• Model training and fine-tuning (LoRA, PEFT) with evaluation experience.
• Cyber security expertise: OWASP attacks, pentesting methodologies.
• Experience with TryHackMe or other CTF platforms.
• Playwright for browser automation in agent workflows.

Benefits

• Competitive salary.
• Equity in the AI pentesting venture.
• Early-stage role with real ownership and autonomy.

Hiring Process

You can apply through LinkedIn or by emailing ben@tryhackme.com

Stage 1: Introductory call with TryHackMe founder and AI agent team (30m)

Stage 2: Technical exercise and live discussion about your past work building AI agents (1h)

If you’re applying through email, please answer the following:

Do you have 2+ years of software development experience with Python?

Have you built AI agents using frameworks like LangChain, CrewAI, or similar?

Tell us about your interest in cyber security (e.g., experience, CTF platform, passion projects).

What is your expected salary?

What exceptional work are you most proud of?

Please note that we are currently unable to provide sponsorship.

Key skills/competency

• Python programming
• AI Agent development
• Offensive Security
• Penetration Testing
• Prompt Engineering
• Large Language Models
• AWS/Cloud Deployment
• React.js
• Vulnerability Exploitation
• Docker