Cyber Security Experts

Mercor is recruiting on behalf of a cutting-edge AI research lab building advanced AI systems for cybersecurity applications. We are seeking senior cybersecurity professionals with deep hands-on experience across both defensive (Blue Team) and offensive (Red Team) security disciplines. In this role, you will apply real-world adversarial and defensive expertise to evaluate, stress-test, and improve AI models designed to assist with threat detection, incident response, and attack simulation. Your insights will directly inform how AI systems reason about attacks, evasions, detection logic, and response workflows. This is a flexible, remote engagement ideal for experienced practitioners who have operated in enterprise, consulting, or high-security environments.

Investigate and analyse real or simulated security incidents (e.g., phishing, lateral movement, ransomware, privilege escalation).

defensive (Blue Team)

offensive (Red Team)

Key Responsibilities

Defensive (Blue Team) Contributions

MITRE ATTACK

Offensive (Red Team) Contributions

AI Evaluation & Feedback

Requirements

Experience

Technical Skills – Blue Team

Technical Skills – Red Team

Analytical & Communication Skills

Preferred Qualifications

Why Join

Mercor is recruiting on behalf of a cutting-edge AI research lab building advanced AI systems for cybersecurity applications. We are seeking senior cybersecurity professionals with deep hands-on experience across both defensive (Blue Team) and offensive (Red Team) security disciplines. In this role, you will apply real-world adversarial and defensive expertise to evaluate, stress-test, and improve AI models designed to assist with threat detection, incident response, and attack simulation. Your insights will directly inform how AI systems reason about attacks, evasions, detection logic, and response workflows. This is a flexible, remote engagement ideal for experienced practitioners who have operated in enterprise, consulting, or high-security environments. Investigate and analyse real or simulated security incidents (e.g., phishing, lateral movement, ransomware, privilege escalation). Review logs and telemetry from SIEM, EDR/XDR, firewall, cloud, and identity systems. Apply frameworks such as MITRE ATTACK to classify adversary behavior. Evaluate alert quality, detection rules, triage decisions, and response workflows. Assess AI-generated investigations for technical correctness and operational realism. Analyse attack chains including initial access, persistence, privilege escalation, lateral movement, and data exfiltration. Simulate adversarial thinking to evaluate detection gaps and bypass techniques. Review exploit techniques, payload behaviors, and evasion strategies. Provide insights into attack surface analysis and real-world adversary tactics. Stress-test AI systems against realistic red-team scenarios. Provide structured reasoning explaining investigative and adversarial decisions. Identify weaknesses in AI threat analysis and suggest improvements. Help refine benchmarks for detection, triage, and attack simulation accuracy. 5+ years in cybersecurity with experience in one or more of: SOC Analyst (Level II/III) Incident Responder Detection Engineer Threat Hunter Red Team Operator / Penetration Tester Security Consultant (Offensive Security) Hands-on experience conducting or responding to real-world security incidents. Strong experience with: SIEM platforms (Splunk, Sentinel, QRadar, Elastic) EDR/XDR tools (CrowdStrike, Defender, Carbon Black) Log analysis and event correlation Network traffic analysis (Wireshark, Zeek, tcpdump) Cloud security and IAM investigation experience preferred. Familiarity with MITRE ATT&CK mapping and detection engineering. Experience with: Penetration testing methodologies Adversary emulation and attack simulation Exploitation frameworks (e.g., Metasploit, Cobalt Strike or equivalents) Privilege escalation techniques Lateral movement techniques Evasion and obfuscation methods Understanding of Active Directory attacks, phishing frameworks, and payload development is a plus. Strong written documentation skills explaining technical reasoning. Ability to think from both attacker and defender perspectives. Structured, logical analysis of complex security scenarios. Certifications such as: OSCP, OSEP, CRTO (Red Team) GCIA, GCFA, GCIH (Blue Team) Experience mentoring junior analysts or red team members. Scripting proficiency (Python, PowerShell, Bash). Contribute to next-generation AI systems for cybersecurity. Work at the intersection of offensive and defensive security research. High-impact role shaping AI reasoning about real-world cyber threats. Flexible engagement suited for senior practitioners. Collaborate with leading AI researchers and security experts. We consider all qualified applicants without regard to legally protected characteristics and provide reasonable accommodations upon request.

• Investigate and analyse real or simulated security incidents (e.g., phishing, lateral movement, ransomware, privilege escalation).
• Review logs and telemetry from SIEM, EDR/XDR, firewall, cloud, and identity systems.
• Apply frameworks such as MITRE ATTACK to classify adversary behavior.
• Evaluate alert quality, detection rules, triage decisions, and response workflows.
• Assess AI-generated investigations for technical correctness and operational realism.
• Analyse attack chains including initial access, persistence, privilege escalation, lateral movement, and data exfiltration.
• Simulate adversarial thinking to evaluate detection gaps and bypass techniques.
• Review exploit techniques, payload behaviors, and evasion strategies.
• Provide insights into attack surface analysis and real-world adversary tactics.
• Stress-test AI systems against realistic red-team scenarios.
• Provide structured reasoning explaining investigative and adversarial decisions.
• Identify weaknesses in AI threat analysis and suggest improvements.
• Help refine benchmarks for detection, triage, and attack simulation accuracy.
• 5+ years in cybersecurity with experience in one or more of:

SOC Analyst (Level II/III)

Incident Responder

Detection Engineer

Threat Hunter

Red Team Operator / Penetration Tester

Security Consultant (Offensive Security)

• SOC Analyst (Level II/III)
• Incident Responder
• Detection Engineer
• Threat Hunter
• Red Team Operator / Penetration Tester
• Security Consultant (Offensive Security)
• Hands-on experience conducting or responding to real-world security incidents.
• SOC Analyst (Level II/III)
• Incident Responder
• Detection Engineer
• Threat Hunter
• Red Team Operator / Penetration Tester
• Security Consultant (Offensive Security)
• Strong experience with:

SIEM platforms (Splunk, Sentinel, QRadar, Elastic)

EDR/XDR tools (CrowdStrike, Defender, Carbon Black)

Log analysis and event correlation

Network traffic analysis (Wireshark, Zeek, tcpdump)

• SIEM platforms (Splunk, Sentinel, QRadar, Elastic)
• EDR/XDR tools (CrowdStrike, Defender, Carbon Black)
• Log analysis and event correlation
• Network traffic analysis (Wireshark, Zeek, tcpdump)
• Cloud security and IAM investigation experience preferred.
• Familiarity with MITRE ATT&CK mapping and detection engineering.
• SIEM platforms (Splunk, Sentinel, QRadar, Elastic)
• EDR/XDR tools (CrowdStrike, Defender, Carbon Black)
• Log analysis and event correlation
• Network traffic analysis (Wireshark, Zeek, tcpdump)
• Experience with:

Penetration testing methodologies

Adversary emulation and attack simulation

Exploitation frameworks (e.g., Metasploit, Cobalt Strike or equivalents)

Privilege escalation techniques

Lateral movement techniques

Evasion and obfuscation methods

• Penetration testing methodologies
• Adversary emulation and attack simulation
• Exploitation frameworks (e.g., Metasploit, Cobalt Strike or equivalents)
• Privilege escalation techniques
• Lateral movement techniques
• Evasion and obfuscation methods
• Understanding of Active Directory attacks, phishing frameworks, and payload development is a plus.
• Penetration testing methodologies
• Adversary emulation and attack simulation
• Exploitation frameworks (e.g., Metasploit, Cobalt Strike or equivalents)
• Privilege escalation techniques
• Lateral movement techniques
• Evasion and obfuscation methods
• Strong written documentation skills explaining technical reasoning.
• Ability to think from both attacker and defender perspectives.
• Structured, logical analysis of complex security scenarios.
• Certifications such as:

OSCP, OSEP, CRTO (Red Team)

GCIA, GCFA, GCIH (Blue Team)

CISSP

• OSCP, OSEP, CRTO (Red Team)
• GCIA, GCFA, GCIH (Blue Team)
• CISSP
• Experience mentoring junior analysts or red team members.
• Scripting proficiency (Python, PowerShell, Bash).
• OSCP, OSEP, CRTO (Red Team)
• GCIA, GCFA, GCIH (Blue Team)
• CISSP
• Contribute to next-generation AI systems for cybersecurity.
• Work at the intersection of offensive and defensive security research.
• High-impact role shaping AI reasoning about real-world cyber threats.
• Flexible engagement suited for senior practitioners.
• Collaborate with leading AI researchers and security experts.