Careers

Build the controls every LLM team will need by 2027.

Seccops Cyber Security Technologies Inc. is hiring engineers who have shipped under audit pressure, security researchers who think in attacker chains, and compliance practitioners who can read a control catalog and write production code. Remote-friendly across the European Union.

Why join

A small team. A real product. A regulated market with a hard deadline.

EU AI Act high-risk obligations land on 2 August 2026. ISO/IEC 42001 is moving from pilot to procurement requirement. Banks, hospitals, and insurers are shipping LLM features faster than their security stacks can absorb. We are building the layer that lets them do both.

Ship to actual customers, not slideware

Design-partner pilots are already running against real LLM endpoints. Your code sits between an agent and a frontier model on day one, not in a backlog.

Engineering bar, not headcount theatre

Strict typing, code review by humans, async-first communication, no on-call paging unless a real customer is impacted. Quality of life is a hiring constraint, not a perk.

Equity from day one

Early hires receive meaningful equity grants under a four-year vesting schedule with a one-year cliff. We discuss compensation transparently in the first interview, not the offer call.

Remote across the European Union

Async-first by default. Quarterly team weeks covered by the company. Contractor or local-entity-of-record arrangements across EU.

Deep-work culture

No daily stand-ups. One async written planning round per week. Calendar protected: no meeting before 11:00 local time, no Friday meetings at all.

Health, learning, equipment

Private health insurance, four weeks paid leave plus public holidays, a learning budget for conferences and books, and your choice of work machine on day one.

Open roles

Three positions, hiring in 2026.

Engineering Remote EU Full-time

Senior Software Engineer, Runtime Gateway

Own the self-hosted egress agent that proxies LLM traffic, applies DLP rules on the wire, and ships Ed25519-signed policy blobs to customer VPCs. Cross-compiled binaries (Linux + Windows). Sub-millisecond overhead is a hard requirement.

What you will do

  • Design and implement the request-path filtering pipeline: URL classification, prompt redaction, tool allowlist, six-pass normalization.
  • Build the agent management surface: enrollment, heartbeat, blob versioning, key rotation.
  • Harden the binary against the AI-firewall threat model: SSRF, prompt-injection-via-tool-output, exfiltration channels.
  • Own the gateway's contribution to the customer's audit log: append-only, signed, schema-versioned.

What we look for

  • Five-plus years writing production network code, ideally in a systems-level language.
  • Comfort with cryptographic primitives (Ed25519 signatures, X25519 sealed-box, AEAD constructions) at the API level.
  • Has shipped at least one self-hosted agent or sidecar to customer infrastructure.
  • Read at least one OWASP LLM Top 10 entry recently and had an opinion about the threat model.

Bonus

Experience with eBPF, Envoy filter authoring, or building DLP pipelines under regulatory constraints (PCI, HIPAA, GDPR).

[email protected]
Research Remote EU Full-time

AI Security Research Engineer (Adversarial Testing)

Grow the probe library, calibrate the three-judge plus meta-judge consensus, and translate new attacker techniques into reproducible test families. The output of your work is the catalog every customer's scan run is graded against.

What you will do

  • Author probe families for OWASP LLM Top 10, OWASP Agentic Top 10, MITRE ATLAS, and emerging research papers.
  • Design mutation operators that expand seeded probes into hundreds of variants without losing signal.
  • Calibrate inter-rater agreement between three judges (Anthropic, OpenAI, Google) plus a meta-judge; track and improve consensus quality.
  • Run targeted red-team campaigns against design-partner endpoints and write up findings as control-mapped evidence.

What we look for

  • A track record of public adversarial LLM research, CTF write-ups, or applied red-team engagements.
  • Comfort reading model cards, attention-pattern analyses, and tokenization details without flinching.
  • Strong Python; able to write reproducible experiments with proper statistical controls.
  • Ethics: refuses to ship destructive techniques, mass-targeting payloads, or evasion tooling.

Bonus

Experience with retrieval-augmented generation attacks, agentic tool-poisoning chains, or supply-chain attacks against open-weight models.

[email protected]
Compliance Remote EU Full-time

Senior Compliance Engineer (AI Governance)

Own the control mappings that customers ship to their auditors. Translate ISO/IEC 42001, NIST AI 600-1, EU AI Act high-risk obligations, and OWASP catalogs into code, JSON, and a continuously-updated evidence pipeline.

What you will do

  • Maintain the framework catalogs: control identifiers, cross-framework overlaps, jurisdictional notes.
  • Author and review the audit-grade evidence templates customers download as PDF and JSON.
  • Liaise with design partners on GRC ticketing flows: Jira, ServiceNow GRC, Drata, Vanta, Hyperproof.
  • Track regulatory updates (EU AI Act delegated acts, NIST AI RMF updates, ISO publications) and translate them into product backlog items within a week.

What we look for

  • Hands-on GRC experience at a regulated company or audit firm.
  • Has read and worked with at least three of: ISO 27001, ISO 42001, NIST 800-53, NIST AI 600-1, EU AI Act, SOC 2 TSCs.
  • Comfortable in code: can edit JSON catalogs, propose schema migrations, and review PRs from engineers.
  • Treats auditors as customers, not adversaries.

Bonus

Background as a Lead Auditor (ISO 27001 or ISO 42001), CISA, CISM, or CIPP/E certified, or prior in-house counsel exposure to AI regulation.

[email protected]
How we hire

Four steps, two weeks, written feedback at every stage.

1

Application

Email [email protected] with your CV or LinkedIn, a one-paragraph note on the role you want, and one link to work you are proud of. Form-letter cover letters are not required.

2

Intro conversation

Forty-five minutes with the hiring manager. We cover what you have shipped, what you want to ship next, and answer your questions about Penaxtra. Compensation range disclosed in this call.

3

Work sample

A take-home assignment scoped to four hours. We pay for your time at a contractor day-rate, regardless of outcome. Engineering and research roles get a debugging or attack-write-up exercise; compliance roles get a real catalog gap.

4

Decision + offer

Decision communicated within five working days of the work sample. Reference calls are run by us (you list three), not by an agency. Offers are extended in writing with all material terms; verbal commitments do not bind either side.

Do not see your role above?

If you are an exceptional engineer, researcher, or operator and we are not actively hiring for your title, send us a note anyway. We keep a running file of strong candidates and reach out when the next role opens.

[email protected]

Recruiter outreach is auto-routed to /dev/null. No agencies, no spec resumes, no template cold emails.