Staff Security Engineer, Product

As a Staff Security Engineer at Rogo, you'll be our hands-on offensive security practitioner, focused on breaking our products before adversaries do. You'll conduct deep-dive penetration testing, red team exercises, and adversarial security assessments against our AI-driven platform, APIs, and cloud infrastructure, then turn those findings into engineering solutions that harden the product at its core.

Rather than gatekeeping releases through manual AppSec reviews, you'll build intelligent security automation to scale offensive testing, triage findings, and embed continuous security validation directly into the engineering workflow. You'll partner with development teams not just as a reviewer, but as a security engineer who contributes to the codebase, improves our systems, and raises the bar for what "secure by default" means at Rogo.

You will be Rogo's primary offensive security capability, finding, exploiting, and eliminating vulnerabilities across our products, APIs, and infrastructure before external attackers or penetration testers do.

• Conduct hands-on penetration testing and red team assessments against Rogo's applications, APIs, AI/ML pipelines, and cloud environments on a continuous basis, not just during annual engagements.
• Build agentic security tooling that finds, validates, and patches vulnerabilities end-to-end, minimizing manual intervention across code review, dependency management, and IaC.
• Develop and maintain custom offensive tooling, exploit chains, and attack simulations tailored to Rogo's AI platform and architecture.
• Build and operate automated security testing and remediation pipelines that scale offensive coverage without linearly scaling headcount.
• Perform deep adversarial testing of AI-specific attack surfaces: prompt injection, model manipulation, data poisoning vectors, agent-based workflows, and tenant isolation boundaries.
• Own vulnerability research and bug hunting across the product, go beyond scanner output to find the logic flaws, auth bypasses, and chained exploits that automated tools miss.
• Design and execute threat modeling sessions with engineering teams, translating offensive findings into concrete, prioritized remediation that ships in the same sprint.
• Build attack simulation environments and continuously validate security controls against real-world TTPs and customer-driven pen test scenarios.
• Contribute directly to backend codebases, fix critical vulnerabilities, harden authentication and authorization flows, and build security primitives into the platform.
• Lead purple team exercises: collaborate with infrastructure and engineering teams to test detection and response capabilities against your offensive scenarios.
• Own the relationship with external pen test firms and drive remediation of findings to closure.
• Share offensive tradecraft, emerging attack techniques, and lessons learned with engineering and leadership to continuously raise security awareness.