[Remote] Staff Security Engineer, Product

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. Rogo is building Wall Street's first true AI banker, aiming to empower finance professionals with AI that offers speed, accuracy, and insight. As a Staff Security Engineer, you will focus on offensive security practices, conducting penetration tests and building security automation to protect Rogo's AI-driven platform and infrastructure.ResponsibilitiesConduct hands-on penetration testing and red team assessments against Rogo's applications, APIs, AI/ML pipelines, and cloud environments on a continuous basis, not just during annual engagementsBuild agentic security tooling that finds, validates, and patches vulnerabilities end-to-end, minimizing manual intervention across code review, dependency management, and IaCDevelop and maintain custom offensive tooling, exploit chains, and attack simulations tailored to Rogo's AI platform and architectureBuild and operate automated security testing and remediation pipelines that scale offensive coverage without linearly scaling headcountPerform deep adversarial testing of AI-specific attack surfaces: prompt injection, model manipulation, data poisoning vectors, agent-based workflows, and tenant isolation boundariesOwn vulnerability research and bug hunting across the product, go beyond scanner output to find the logic flaws, auth bypasses, and chained exploits that automated tools missDesign and execute threat modeling sessions with engineering teams, translating offensive findings into concrete, prioritized remediation that ships in the same sprintBuild attack simulation environments and continuously validate security controls against real-world TTPs and customer-driven pen test scenariosContribute directly to backend codebases, fix critical vulnerabilities, harden authentication and authorization flows, and build security primitives into the platformLead purple team exercises: collaborate with infrastructure and engineering teams to test detection and response capabilities against your offensive scenariosOwn the relationship with external pen test firms and drive remediation of findings to closureShare offensive tradecraft, emerging attack techniques, and lessons learned with engineering and leadership to continuously raise security awarenessSkillsConduct hands-on penetration testing and red team assessments against Rogo's applications, APIs, AI/ML pipelines, and cloud environments on a continuous basis, not just during annual engagementsBuild agentic security tooling that finds, validates, and patches vulnerabilities end-to-end, minimizing manual intervention across code review, dependency management, and IaCDevelop and maintain custom offensive tooling, exploit chains, and attack simulations tailored to Rogo's AI platform and architectureBuild and operate automated security testing and remediation pipelines that scale offensive coverage without linearly scaling headcountPerform deep adversarial testing of AI-specific attack surfaces: prompt injection, model manipulation, data poisoning vectors, agent-based workflows, and tenant isolation boundariesOwn vulnerability research and bug hunting across the product, go beyond scanner output to find the logic flaws, auth bypasses, and chained exploits that automated tools missDesign and execute threat modeling sessions with engineering teams, translating offensive findings into concrete, prioritized remediation that ships in the same sprintBuild attack simulation environments and continuously validate security controls against real-world TTPs and customer-driven pen test scenariosContribute directly to backend codebases, fix critical vulnerabilities, harden authentication and authorization flows, and build security primitives into the platformLead purple team exercises: collaborate with infrastructure and engineering teams to test detection and response capabilities against your offensive scenariosOwn the relationship with external pen test firms and drive remediation of findings to closureShare offensive tradecraft, emerging attack techniques, and lessons learned with engineering and leadership to continuously raise security awarenessHave professional penetration testing experience across web apps, APIs, cloud environments, and ideally AI/ML systems. You've written real exploits, not just run scannersHave built or are excited to build agentic security tooling that autonomously finds, validates, and patches vulnerabilities, minimizing human-in-the-loop remediationHave professional development experience in a strongly typed language (e.g., Rust, Go, Java, C++) alongside scripting languages (Python, Bash) for exploit development and toolingAre comfortable with Burp Suite, Nuclei, Semgrep, custom fuzzing frameworks, and building your own tools when off-the-shelf doesn't cut itHave integrated automated security checks into CI/CD pipelines (SCA, SAST, DAST) and understand how to give developers fast, actionable feedback without blocking velocityAre comfortable with infrastructure automation (Terraform, Kubernetes) and can identify misconfigurations and attack paths in AWS/GCP environmentsCommunicate crisply and can collaborate effectively with developers, product teams, and leadershipHave applied knowledge of threat modeling, cryptography fundamentals, and compliance frameworks (SOC 2, ISO 27001/42001, NIST CSF)Company OverviewRogo.ai is an AI platform for finance that automates research, analysis, and financial workflows for investment banks and investors. It was founded in 2022, and is headquartered in New York, New York, USA, with a workforce of 51-200 employees. Its website is https://rogo.ai.Company H1B SponsorshipRogo has a track record of offering H1B sponsorships, with 1 in 2025, 2 in 2024. Please note that this does not guarantee sponsorship for this specific role.

Apply Now โ†’

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Enterprise Support Specialist, Japanese Speaking

Remote

VP of Operationsโ€‹/Chief Operating Officer; COO

Remote

Analyst SIU Certified Coder

Remote

Outcomes Manager/Utilization Review, RN, Full Time

Remote

**Experienced Customer Solutions Specialist โ€“ Global Customer Experience (Remote) โ€“ US**

Remote

Experienced Remote Data Entry Specialist โ€“ Flexible Day & Night Shifts with Competitive Hourly Rates at arenaflex

Remote

Remote Jobs That Pay $30 an Hour with No Experience โ€“ Launch Your Career as a Remote Chat Support Agent Earning $30/Hour from Home

Remote

QA Clinical Supplies Specialist

Remote

AI Service Analyst | SoundHound AI | $55k โ€“ $65k | Remote (North America)

Remote

Customer Service Position (Remote)

Remote
โ† Back