Senior Agentic Security Automation Engineer
Join Our Mission: To Save the World from Unsafe Mobile Apps! NowSecure is the mobile app security software company trusted by the world’s most demanding organizations and most advanced security teams.
As the standards-based mobile app security and privacy company, NowSecure protects the Mobile App Economy. The world’s most demanding organizations, innovative mobile developers and advanced risk managers and compliance teams entrust NowSecure to safeguard millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers the full solution suite of continuous security and compliance assessment with the depth, speed, accuracy, and efficiency to meet modern business demands. Dedicated to the open-source community and standards including OWASP, ioXt and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Deloitte, Gartner and TAG Cyber.www.nowsecure.com
Your Opportunity:
We're looking for a Senior Agentic Security Automation Engineer who thrives on technical challenges, enjoys building things from scratch, and has an insatiable curiosity for how software works, how it breaks, and how it can be analyzed autonomously.
In this role, your goal won't be to perform security assessments by hand. You'll design agentic workflows, build automation frameworks, integrate security tooling (including that built by our world renowned research team; the people behind Frida and radare2), develop evaluation systems, and create the infrastructure that enables autonomous analysis of applications of all kinds, be it computer, phone or IoT.
Success in this role means helping transform security testing from a human-limited activity into a technology-enabled capability that can analyze more applications, execute more test coverage, identify more meaningful security issues, and continuously improve over time. Your first mission is to make our offensive security team faster and more effective in a repeatable way. Where it goes from there is genuinely open, and that's a big part of the appeal. You'll have a hand in shaping it.
What You’ll be Doing:
Build Agentic Security Testing Systems
- Architect, build, and deploy advanced AI agents capable of autonomous reasoning, decision-making, and security analysis.
- Design and implement multi-step agentic workflows that replicate and scale expert security testing methodologies.
- Develop systems capable of analyzing applications on desktop software, IoT devices, APIs, and emerging technology platforms, building off the expertise of our best-of-breed mobile security testing.
- Create autonomous and human-in-the-loop workflows that balance scale, accuracy, and trust.
Design Security Automation Frameworks
- Develop reusable tools, skills, prompts, workflows, MCP servers, and agent orchestration infrastructure.
- Integrate static and dynamic analysis, reverse engineering and decompilation, network analysis, vulnerability intelligence, and custom security tooling into agent workflows, including the kind of instrumentation that powers Frida-style runtime analysis.
- Design systems that allow security expertise to be reused and continuously improved over time.
Research & Innovation
- Stay current on advancements in agentic AI, offensive security, software assurance, and autonomous systems.
- Prototype and evaluate new approaches for increasing the scale and depth of security testing.
- Collaborate with security analysts and researchers to convert offensive security methodologies into scalable automation.
Who You Are:
If you're the kind of person who spends a weekend wiring together a new LangGraph workflow, builds a custom tool because the existing one doesn't quite fit, or finds yourself wondering whether an AI agent could perform a security task faster, better, or at a scale impossible for human teams alone, you'll fit right in.
This is a highly autonomous role. We're looking for someone who can identify opportunities, define milestones, conduct research, and drive projects from concept to production with minimal oversight. You'll have significant freedom to experiment, iterate, and help define the future of AI-driven security testing.
Skills and Experience Needed for Success:
- Coding experience in Python, JavaScript, or TypeScript. You don't need to be an expert. You do need to write clean, production-quality code and reliably pick up what you don't already know.
- A security background. An offensive security background (penetration testing, application security, security consulting, or research) is ideal, but a solid security background of any kind will serve you well here.
- Curiosity and aptitude for AI. Hands-on experience building with LLMs (Claude, GPT, Gemini, or similar), agentic frameworks, or Retrieval-Augmented Generation (RAG) is a real advantage, but the ability and drive to learn it fast matters just as much. We'd rather hire a sharp, motivated builder who's newer to AI than someone who's done with learning.
- U.S. citizenship. This role supports U.S. government work and requires U.S. citizenship.
Bonus Points if You Have Any of the Below:
- Demonstrable experience building agentic workflows with LangGraph, Semantic Kernel, AutoGen, the OpenAI Agents SDK, or similar, including multi-agent systems and autonomous execution pipelines.
- Experience integrating telemetry from multiple security tools (e.g., Zscaler, iVerify, Omnissa) into a unified analysis engine or detection pipeline, and correlating those signals to proactively surface attempted or successful attacks.
- Production experience with tool/function calling, structured outputs, prompt engineering, context management, and evaluation frameworks.
- Experience with Java, Go, or additional languages.
- Production engineering and MLOps: scalable APIs and services, Docker/Kubernetes, CI/CD, observability, and one of AWS, Azure, or GCP.
- Mobile or desktop application security testing experience.
- Reverse engineering experience.
- Experience building MCP servers.
- Experience training or fine-tuning machine learning models.
- A track record of building custom security tools.
- Contributions to open-source security or AI projects.
- Experience supporting both commercial and U.S. government customers (a real plus).
- Published security research, presentations, or conference talks.
We Value Diversity
We believe that the best ideas come from teams where diverse points of view uncover new solutions to hard problems. We welcome and value team members who bring diverse life experiences, educational backgrounds, cultures, and work experiences.
Compensation & Benefits
NowSecure is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $120,000 - $160,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k with company match, paid parental leave, Home Office Stipend, and flexible PTO. In addition to working in a remote-first work environment.