Join the team

Work with operators who ship

We hire obsessive practitioners — people who read CVE write-ups for fun and would rather build a tool than file another ticket. Four open roles, a clear hiring process, and a documented growth path for each.

Remote-first · IST-anchoredNo leetcode, no ghostingDocumented growth path

Senior Red Team Operator

Full-time·Remote / India
OSCP/CRTO required3+ yrs red teamC2 experience
Apply →

Lead full-scope adversary simulation engagements against banks, fintechs, and SaaS. You own the kill chain end to end — from initial access through objective completion and the debrief.

What you'll do
  • +Plan and execute multi-week red team engagements aligned to MITRE ATT&CK and TIBER-EU style frameworks.
  • +Build and operate C2 infrastructure (Cobalt Strike, Sliver, Mythic) with realistic OPSEC for the target environment.
  • +Develop custom tooling, payloads, and evasion techniques against modern EDR / XDR stacks.
  • +Run purple-team workshops and write operator-grade reports that detection engineers can actually action.
  • +Mentor junior operators on tradecraft, scoping discipline, and report storytelling.
What we need
  • ·OSCP, CRTO, OSEP, or equivalent demonstrable experience; 3+ years in offensive security with at least one in red team operations.
  • ·Hands-on with at least one mature C2 framework, plus comfort writing loaders and bypassing common EDR controls.
  • ·Strong scoping, threat-modelling, and rules-of-engagement discipline — this is regulated work.
  • ·Clear written and spoken English; comfort presenting to a CISO and a SOC lead in the same meeting.
What we offer
  • ·Remote-first work with flexible hours anchored to IST.
  • ·Annual training and conference budget (DEF CON, BlackHat, Nullcon, OffSec courses).
  • ·Quarterly research time set aside for tool building, CVE research, and conference talk prep.
Growth path

Operator → Senior Operator → Lead Operator → Head of Red Team. Lead-track owns engagement portfolio and reports into the Head of Offensive Security within 18–24 months.

Web Application Security Researcher

Full-time·Remote / India
OSWE preferredBug bounty experienceAPI security
Apply →

Find and weaponise novel web and API vulnerabilities for client engagements and our internal Nuclei template library. Equal parts manual hunting, code review, and template authoring.

What you'll do
  • +Manually test web applications and APIs (REST, GraphQL, gRPC) for OWASP Top 10 and business-logic flaws.
  • +Read source code (Node, Python, Go, Java, PHP) to identify vulnerabilities pre-deployment for client SDLC engagements.
  • +Write and maintain custom Nuclei templates for high-value CVEs and recurring misconfigurations seen in the field.
  • +Build proof-of-concept exploits and remediation guidance written for engineers, not auditors.
  • +Publish public research — blog posts, advisories, and conference talks — that builds the AxVeil brand.
What we need
  • ·OSWE, BSCP, or 2+ years of demonstrable bug bounty / pentest output (HackerOne, Bugcrowd, Intigriti profile or write-ups).
  • ·Fluency reading and writing in at least two backend languages and one frontend framework.
  • ·Working knowledge of Burp Suite Pro, custom extensions, and at least one fuzzer.
  • ·A portfolio of write-ups, CVEs, or templates we can read.
What we offer
  • ·Remote-first with a learning budget for courses, books, and lab subscriptions (HackTheBox, PortSwigger).
  • ·Bounty bonus pool — meaningful share of any client-disclosed CVE you find on engagements.
  • ·Dedicated research Fridays once per month for personal CVE / template work.
Growth path

Researcher → Senior Researcher → Principal Researcher / Research Lead. Principal track leads our public research output and owns the internal template library.

AI/ML Security Engineer

Full-time·Remote
LLM securityPythonPrompt injection research
Apply →

Test client AI systems — RAG pipelines, agentic workflows, fine-tuned models, MCP servers — for prompt injection, data exfiltration, jailbreaks, and supply-chain risk. We test AI for clients; this role is not 'we are AI'.

What you'll do
  • +Run structured AI red-team engagements against client LLM applications, agents, and RAG systems using OWASP LLM Top 10 and MITRE ATLAS.
  • +Develop and maintain a library of prompt-injection, jailbreak, and data-exfiltration payloads tuned to current model families.
  • +Audit MCP servers, tool definitions, and agent orchestration code for confused-deputy and over-privileged-tool issues.
  • +Build automation in Python to scale common AI security checks across many endpoints and models.
  • +Write client-facing reports and threat models that translate AI-specific findings into business risk and concrete fixes.
What we need
  • ·Strong Python plus working knowledge of at least one LLM framework (LangChain, LlamaIndex, DSPy, or direct provider SDKs).
  • ·Familiarity with OWASP LLM Top 10, MITRE ATLAS, and current academic prompt-injection / jailbreak literature.
  • ·Background in either (a) traditional AppSec / pentesting, or (b) ML engineering with a security mindset.
  • ·Comfort communicating about AI risk with both ML engineers and non-technical stakeholders.
What we offer
  • ·Remote-first with paid access to frontier model APIs and GPU credits for research.
  • ·Conference and training budget weighted toward AI security venues (DEF CON AI Village, AIxCC, SaTML).
  • ·Direct line into our public research output — your work ships under your byline.
Growth path

AI/ML Security Engineer → Senior → Practice Lead for AI Security. Practice lead defines our AI red-team methodology and owns engagement quality across the team.

GRC & Compliance Consultant

Contract·Remote / India
ISO 27001 LADPDP ActSOC 2 experience
Apply →

Translate technical findings into audit-ready evidence and run readiness engagements for SOC 2, ISO 27001, PCI-DSS, and India's DPDP Act. The bridge between our offensive findings and our clients' compliance programmes.

What you'll do
  • +Lead SOC 2 Type I/II, ISO 27001, and PCI-DSS readiness engagements end to end — gap assessment, control design, evidence collection, audit support.
  • +Map AxVeil scan output and pentest findings to specific control evidence requirements for each framework.
  • +Run DPDP Act readiness reviews for Indian clients — data inventory, consent flows, data principal rights, breach response.
  • +Author client policies, procedures, and internal control documentation that auditors actually accept.
  • +Sit in on auditor calls as the client's technical translator and defend evidence on their behalf.
What we need
  • ·ISO 27001 Lead Auditor / Lead Implementer certification, plus hands-on experience taking at least two organisations through SOC 2.
  • ·Working knowledge of India's DPDP Act 2023 and at least one of PCI-DSS, HIPAA, or GDPR.
  • ·Ability to read a pentest or VA report and produce control-mapped evidence without hand-holding.
  • ·Excellent written English — most of this work is documents auditors will read.
What we offer
  • ·Project-based engagements with predictable per-engagement compensation, billed monthly.
  • ·Remote work with travel only when an audit truly demands it.
  • ·Direct access to our offensive team — your evidence packs are backed by real test data, not hand-waving.
Growth path

Contract consultant → preferred panel → option to convert to full-time as Head of GRC Practice as the book of business grows.

Hiring process

Four steps, roughly three weeks end to end

No leetcode, no surprise rounds, no ghosting. We tell you where you stand at each step.

01

Application & screening

Within 5 business days

Send your CV and a short note on why this specific role to careers@axveil.com. We read every application. If there's a match, we reply with a 30-minute screening call.

02

Technical exercise

Take-home, ~4–6 hours over a week

A take-home rooted in real work: a small CTF chain, a code-review snippet, a prompt-injection scenario, or a mock SOC 2 evidence pack — depending on the role. We pay for take-homes longer than 4 hours.

03

Technical deep-dive

90 minutes, video

A working session with 2 of our practitioners — we walk through your take-home, swap war stories, and probe how you reason through unfamiliar problems. No leetcode, no whiteboard puzzles.

04

Founder conversation & offer

Within 1 week of the deep-dive

A final conversation with the founder on values, growth path, and any open questions. References checked in parallel. Offer letter and start-date confirmation typically follow within a week.

What we offer

Real benefits, set up for an Indian LLP

Remote-first, IST-anchored

Work from anywhere with overlap on Indian Standard Time. Quarterly optional in-person offsites for the team.

Learning budget

Annual budget for training, certifications, lab subscriptions, and books — used by the team, not the finance department.

Conference budget

Sponsored attendance at one major security conference per year (DEF CON, BlackHat, Nullcon, c0c0n, OWASP Global) plus local meetups.

Research time

Dedicated time each month for personal research — CVE hunting, tool building, conference talk prep — that ships under your byline.

Indian LLP, transparent comp

Full-time roles are with AxVeil LLP in India: provident fund, gratuity, paid leave, and statutory benefits as per Indian law. Compensation bands are openly discussed in the offer conversation.

Equity (full-time roles)

Full-time hires are eligible for an equity grant under our partner-track scheme. Vesting follows a four-year schedule with a one-year cliff. Contract roles are paid per engagement and do not include equity.

Real growth path

Each role has a documented progression — from operator to lead — with quarterly check-ins on what's needed to move up.

Don't see your role?

We're always interested in exceptional talent. Send us your CV and a write-up of your favourite vulnerability research, novel exploit, or audit defence — whatever best represents your craft.

careers@axveil.com →