Senior Agentic Security Automation Engineer

Remote
Full Time
Experienced

Join Our Mission: To Save the World from Unsafe Mobile Apps! NowSecure is the mobile app security software company trusted by the world’s most demanding organizations and most advanced security teams. 

As the standards-based mobile app security and privacy company, NowSecure protects the Mobile App Economy. The world’s most demanding organizations, innovative mobile developers and advanced risk managers and compliance teams entrust NowSecure to safeguard millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers the full solution suite of continuous security and compliance assessment with the depth, speed, accuracy, and efficiency to meet modern business demands. Dedicated to the open-source community and standards including OWASP, ioXt and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Deloitte, Gartner and TAG Cyber.www.nowsecure.com

Your Opportunity:

We're looking for a Senior Agentic Security Automation Engineer who thrives on technical challenges, enjoys building things from scratch, and has an insatiable curiosity for how software works, how it breaks, and how it can be analyzed autonomously.

In this role, your goal won't be to perform security assessments by hand. You'll design agentic workflows, build automation frameworks, integrate security tooling (including that built by our world renowned research team; the people behind Frida and radare2), develop evaluation systems, and create the infrastructure that enables autonomous analysis of applications of all kinds, be it computer, phone or IoT.

Success in this role means helping transform security testing from a human-limited activity into a technology-enabled capability that can analyze more applications, execute more test coverage, identify more meaningful security issues, and continuously improve over time. Your first mission is to make our offensive security team faster and more effective in a repeatable way. Where it goes from there is genuinely open, and that's a big part of the appeal. You'll have a hand in shaping it.

What You’ll be Doing: 

Build Agentic Security Testing Systems

  • Architect, build, and deploy advanced AI agents capable of autonomous reasoning, decision-making, and security analysis.
  • Design and implement multi-step agentic workflows that replicate and scale expert security testing methodologies.
  • Develop systems capable of analyzing applications on desktop software, IoT devices, APIs, and emerging technology platforms, building off the expertise of our best-of-breed mobile security testing.
  • Create autonomous and human-in-the-loop workflows that balance scale, accuracy, and trust.

Design Security Automation Frameworks

  • Develop reusable tools, skills, prompts, workflows, MCP servers, and agent orchestration infrastructure.
  • Integrate static and dynamic analysis, reverse engineering and decompilation, network analysis, vulnerability intelligence, and custom security tooling into agent workflows, including the kind of instrumentation that powers Frida-style runtime analysis.
  • Design systems that allow security expertise to be reused and continuously improved over time.

Research & Innovation

  • Stay current on advancements in agentic AI, offensive security, software assurance, and autonomous systems.
  • Prototype and evaluate new approaches for increasing the scale and depth of security testing.
  • Collaborate with security analysts and researchers to convert offensive security methodologies into scalable automation.

Who You Are:

If you're the kind of person who spends a weekend wiring together a new LangGraph workflow, builds a custom tool because the existing one doesn't quite fit, or finds yourself wondering whether an AI agent could perform a security task faster, better, or at a scale impossible for human teams alone, you'll fit right in.

This is a highly autonomous role. We're looking for someone who can identify opportunities, define milestones, conduct research, and drive projects from concept to production with minimal oversight. You'll have significant freedom to experiment, iterate, and help define the future of AI-driven security testing.

Skills and Experience Needed for Success:

  • Coding experience in Python, JavaScript, or TypeScript. You don't need to be an expert. You do need to write clean, production-quality code and reliably pick up what you don't already know.
  • A security background. An offensive security background (penetration testing, application security, security consulting, or research) is ideal, but a solid security background of any kind will serve you well here.
  • Curiosity and aptitude for AI. Hands-on experience building with LLMs (Claude, GPT, Gemini, or similar), agentic frameworks, or Retrieval-Augmented Generation (RAG) is a real advantage, but the ability and drive to learn it fast matters just as much. We'd rather hire a sharp, motivated builder who's newer to AI than someone who's done with learning.
  • U.S. citizenship. This role supports U.S. government work and requires U.S. citizenship.

Bonus Points if You Have Any of the Below:

  • Demonstrable experience building agentic workflows with LangGraph, Semantic Kernel, AutoGen, the OpenAI Agents SDK, or similar, including multi-agent systems and autonomous execution pipelines.
  • Experience integrating telemetry from multiple security tools (e.g., Zscaler, iVerify, Omnissa) into a unified analysis engine or detection pipeline, and correlating those signals to proactively surface attempted or successful attacks.
  • Production experience with tool/function calling, structured outputs, prompt engineering, context management, and evaluation frameworks.
  • Experience with Java, Go, or additional languages.
  • Production engineering and MLOps: scalable APIs and services, Docker/Kubernetes, CI/CD, observability, and one of AWS, Azure, or GCP.
  • Mobile or desktop application security testing experience.
  • Reverse engineering experience.
  • Experience building MCP servers.
  • Experience training or fine-tuning machine learning models.
  • A track record of building custom security tools.
  • Contributions to open-source security or AI projects.
  • Experience supporting both commercial and U.S. government customers (a real plus).
  • Published security research, presentations, or conference talks.

We Value Diversity

We believe that the best ideas come from teams where diverse points of view uncover new solutions to hard problems. We welcome and value team members who bring diverse life experiences, educational backgrounds, cultures, and work experiences.

Compensation & Benefits

NowSecure is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $120,000 - $160,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k with company match, paid parental leave, Home Office Stipend, and flexible PTO. In addition to working in a remote-first work environment. 


 
Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.

Voluntary Self-Identification of Disability
Voluntary Self-Identification of Disability Form CC-305
OMB Control Number 1250-0005
Expires 05/31/2026
Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Please check one of the boxes below:

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

You must enter your name and date
Human Check*