All roles

Open role

[Remote] Staff Security Engineer, Product

Remote · Kenya Full-time

Note: The job is a remote job and is open to candidates in USA. Rogo is building Wall Street's first true AI banker, aiming to empower finance professionals with AI that offers speed, accuracy, and insight. As a Staff Security Engineer, you will focus on offensive security practices, conducting penetration tests and building security automation to protect Rogo's AI-driven platform and infrastructure.

Responsibilities

  • Conduct hands-on penetration testing and red team assessments against Rogo's applications, APIs, AI/ML pipelines, and cloud environments on a continuous basis, not just during annual engagements
  • Build agentic security tooling that finds, validates, and patches vulnerabilities end-to-end, minimizing manual intervention across code review, dependency management, and IaC
  • Develop and maintain custom offensive tooling, exploit chains, and attack simulations tailored to Rogo's AI platform and architecture
  • Build and operate automated security testing and remediation pipelines that scale offensive coverage without linearly scaling headcount
  • Perform deep adversarial testing of AI-specific attack surfaces: prompt injection, model manipulation, data poisoning vectors, agent-based workflows, and tenant isolation boundaries
  • Own vulnerability research and bug hunting across the product, go beyond scanner output to find the logic flaws, auth bypasses, and chained exploits that automated tools miss
  • Design and execute threat modeling sessions with engineering teams, translating offensive findings into concrete, prioritized remediation that ships in the same sprint
  • Build attack simulation environments and continuously validate security controls against real-world TTPs and customer-driven pen test scenarios
  • Contribute directly to backend codebases, fix critical vulnerabilities, harden authentication and authorization flows, and build security primitives into the platform
  • Lead purple team exercises: collaborate with infrastructure and engineering teams to test detection and response capabilities against your offensive scenarios
  • Own the relationship with external pen test firms and drive remediation of findings to closure
  • Share offensive tradecraft, emerging attack techniques, and lessons learned with engineering and leadership to continuously raise security awareness

Skills

  • Conduct hands-on penetration testing and red team assessments against Rogo's applications, APIs, AI/ML pipelines, and cloud environments on a continuous basis, not just during annual engagements
  • Build agentic security tooling that finds, validates, and patches vulnerabilities end-to-end, minimizing manual intervention across code review, dependency management, and IaC
  • Develop and maintain custom offensive tooling, exploit chains, and attack simulations tailored to Rogo's AI platform and architecture
  • Build and operate automated security testing and remediation pipelines that scale offensive coverage without linearly scaling headcount
  • Perform deep adversarial testing of AI-specific attack surfaces: prompt injection, model manipulation, data poisoning vectors, agent-based workflows, and tenant isolation boundaries
  • Own vulnerability research and bug hunting across the product, go beyond scanner output to find the logic flaws, auth bypasses, and chained exploits that automated tools miss
  • Design and execute threat modeling sessions with engineering teams, translating offensive findings into concrete, prioritized remediation that ships in the same sprint
  • Build attack simulation environments and continuously validate security controls against real-world TTPs and customer-driven pen test scenarios
  • Contribute directly to backend codebases, fix critical vulnerabilities, harden authentication and authorization flows, and build security primitives into the platform
  • Lead purple team exercises: collaborate with infrastructure and engineering teams to test detection and response capabilities against your offensive scenarios
  • Own the relationship with external pen test firms and drive remediation of findings to closure
  • Share offensive tradecraft, emerging attack techniques, and lessons learned with engineering and leadership to continuously raise security awareness
  • Have professional penetration testing experience across web apps, APIs, cloud environments, and ideally AI/ML systems. You've written real exploits, not just run scanners
  • Have built or are excited to build agentic security tooling that autonomously finds, validates, and patches vulnerabilities, minimizing human-in-the-loop remediation
  • Have professional development experience in a strongly typed language (e.g., Rust, Go, Java, C++) alongside scripting languages (Python, Bash) for exploit development and tooling
  • Are comfortable with Burp Suite, Nuclei, Semgrep, custom fuzzing frameworks, and building your own tools when off-the-shelf doesn't cut it
  • Have integrated automated security checks into CI/CD pipelines (SCA, SAST, DAST) and understand how to give developers fast, actionable feedback without blocking velocity
  • Are comfortable with infrastructure automation (Terraform, Kubernetes) and can identify misconfigurations and attack paths in AWS/GCP environments
  • Communicate crisply and can collaborate effectively with developers, product teams, and leadership
  • Have applied knowledge of threat modeling, cryptography fundamentals, and compliance frameworks (SOC 2, ISO 27001/42001, NIST CSF)

Company Overview

  • Rogo.ai is an AI platform for finance that automates research, analysis, and financial workflows for investment banks and investors. It was founded in 2022, and is headquartered in New York, New York, USA, with a workforce of 51-200 employees. Its website is https://rogo.ai.
  • Company H1B Sponsorship

  • Rogo has a track record of offering H1B sponsorships, with 1 in 2025, 2 in 2024. Please note that this does not guarantee sponsorship for this specific role.
  • More open positions

    [Remote] Strategic Client Partner – Billing Operations

    Work from home Full-time role

    [Remote] Clinical Pharmacology Director

    Work from home Full-time role

    [Remote] Task Order Project Manager (59968)

    Work from home Full-time role

    [Remote] Salesforce Engineer Manager

    Work from home Full-time role

    [Remote] Staff ML/AI Platform Engineer

    Work from home Full-time role

    Power BI Developer - 100% Remote

    Work from home Full-time role

    Underwriting Specialist – Inland Marine (Remote - Texas)

    Work from home Full-time role

    Remote Payroll Specialist (US Payroll & Tax Compliance)

    Work from home Full-time role

    UN Women: International Consultant on Essential Social Services in EVAW Context, Home-based, Turkiye

    Work from home Full-time role

    Fullstack: Frontend Backend CAD AI IoT Engineer – Coding Wizard ( 70% - 100% ) (remote/onsite)

    Work from home Full-time role

    Data Entry Remote Specialist – Flexible Work‑From‑Home Opportunity at careerzynith

    Work from home Full-time role

    Software Engineer III, Backend - Account Exprerience

    Work from home Full-time role

    [Remote] Project Manager, Cosmetic Product Development

    Work from home Full-time role

    Medical Account Specialist II - PHOENIX N, AZ

    Work from home Full-time role

    Short-Form Video Editor (Freelance) - Remote

    Work from home Full-time role

    Copywriting Jobs No Experience – Become a Remote Copywriter and Earn $25-$35/hr

    Work from home Full-time role

    IT Administrator

    Work from home Full-time role

    Ecommerce Coordinator

    Work from home Full-time role

    [Remote] Controller or Senior Healthcare Financial Consultant CFO Consultant) – Healthcare Sector $83K - $140K

    Work from home Full-time role

    Sales Rep (Remote) - Luxury Women's Photography

    Work from home Full-time role

    Clinical Adjunct Faculty, Instructor - College of Health Sciences, Physician Assistant Program

    Work from home Full-time role