Staff Security Engineer, Product

Why Rogo Our mission is to transform global finance by empowering professionals at the world's top investment banks, private equity funds, and investment firms with AI that delivers unparalleled speed, accuracy, and insight. We're not just improving financial workflows; we're redefining them. This is a unique opportunity to join a generational company driving transformation in one of the most important industries in the world. . With a rapidly growing, global client base, proven product-market fit, and backing from world-class investors, we are scaling quickly and defining a new category of enterprise AI. Our team is sharp, motivated, and deeply committed to Rogo’s mission. We take ownership of complex problems and stay relentlessly focused on our users. If you thrive in a fast-paced environment, demand excellence, and want to help build the future of finance, we invite you to join us. The Role As a Staff Security Engineer at Rogo, you'll be our hands-on offensive security practitioner, focused on breaking our products before adversaries do. You'll conduct deep-dive penetration testing, red team exercises, and adversarial security assessments against our AI-driven platform, APIs, and cloud infrastructure, then turn those findings into engineering solutions that harden the product at its core. Rather than gatekeeping releases through manual AppSec reviews, you'll build intelligent security automation to scale offensive testing, triage findings, and embed continuous security validation directly into the engineering workflow. You'll partner with development teams not just as a reviewer, but as a security engineer who contributes to the codebase, improves our systems, and raises the bar for what "secure by default" means at Rogo. What You Will Own You will be Rogo's primary offensive security capability, finding, exploiting, and eliminating vulnerabilities across our products, APIs, and infrastructure before external attackers or penetration testers do. Conduct hands-on penetration testing and red team assessments against Rogo's applications, APIs, AI/ML pipelines, and cloud environments on a continuous basis, not just during annual engagements. Build agentic security tooling that finds, validates, and patches vulnerabilities end-to-end, minimizing manual intervention across code review, dependency management, and IaC. Develop and maintain custom offensive tooling, exploit chains, and attack simulations tailored to Rogo's AI platform and architecture. Build and operate automated security testing and remediation pipelines that scale offensive coverage without linearly scaling headcount. Perform deep adversarial testing of AI-specific attack surfaces: prompt injection, model manipulation, data poisoning vectors, agent-based workflows, and tenant isolation boundaries. Own vulnerability research and bug hunting across the product, go beyond scanner output to find the logic flaws, auth bypasses, and chained exploits that automated tools miss. Design and execute threat modeling sessions with engineering teams, translating offensive findings into concrete, prioritized remediation that ships in the same sprint. Build attack simulation environments and continuously validate security controls against real-world TTPs and customer-driven pen test scenarios. Contribute directly to backend codebases, fix critical vulnerabilities, harden authentication and authorization flows, and build security primitives into the platform. Lead purple team exercises: collaborate with infrastructure and engineering teams to test detection and response capabilities against your offensive scenarios. Own the relationship with external pen test firms and drive remediation of findings to closure. Share offensive tradecraft, emerging attack techniques, and lessons learned with engineering and leadership to continuously raise security awareness. Great Candidates Often: Have professional penetration testing experience across web apps, APIs, cloud environments, and ideally AI/ML systems. You've written real exploits, not just run scanners. Have built or are excited to build agentic security tooling that autonomously finds, validates, and patches vulnerabilities, minimizing human-in-the-loop remediation. Have professional development experience in a strongly typed language (e.g., Rust, Go, Java, C++) alongside scripting languages (Python, Bash) for exploit development and tooling. Are comfortable with Burp Suite, Nuclei, Semgrep, custom fuzzing frameworks, and building your own tools when off-the-shelf doesn't cut it. Have integrated automated security checks into CI/CD pipelines (SCA, SAST, DAST) and understand how to give developers fast, actionable feedback without blocking velocity. Are comfortable with infrastructure automation (Terraform, Kubernetes) and can identify misconfigurations and attack paths in AWS/GCP environments. Communicate crisply and can collaborate effectively with developers, product teams, and leadership. Have applied knowledge of threat modeling, cryptography fundamentals, and compliance frameworks (SOC 2, ISO 27001/42001, NIST CSF). Bonus: OSCP, OSWE, GXPN, GWAPT, CPTS, or similar offensive security certifications. Experience testing multi-tenant SaaS platforms serving regulated industries (financial services is a strong plus). Hands-on cloud penetration testing experience in AWS or GCP (privilege escalation, cross-account attacks, metadata abuse). Kubernetes security testing (RBAC abuse, container escapes, admission controller bypasses, network policy evasion). Bug bounty track record or published CVEs / security research. Experience in customer-facing security conversations, deep-dive technical sessions, pen test debrief calls, and security architecture reviews. Who You Are You thrive in fast-paced environments. You are high-intensity and care a lot about what you do, and you're ecstatic to work at a startup. You are ambitious. You have fun solving problems that others think are impossible. You are curious. You find joy in learning about AI, technology, and finance. You are an owner. You are autonomous, self-directed, and comfortable working with ambiguity. You are collaborative, organized, thoughtful, and kind . Why Join Rogo? Up and to the right: Rogo has strong product adoption with the world's leading financial institutions, and we are still early. The upside is enormous. Extraordinary team: we take talent density seriously. You'll do the best work of your career alongside some of the sharpest people in AI and finance. A one-of-one problem: bringing AI to the core of how Wall Street works is one of the most ambitious, technically demanding, and consequential problems today. There is nowhere else you can work on it at this scale. Real ownership : You'll own real surface area and watch the world's most sophisticated users rely on your work. Always at the frontier: we work at the edge of what the best models can do and turn it into products people trust. If you're obsessed with AI, this is where it's happening.

{
  "content_hash": "fa747dffac08ed783748de8b8c51fb7fbe92bc387458ba3109676a0a7d96dd0a",
  "source_hash": "15a7ad62e383f84ef81b105ec3948df589d1615b8316a7742bb694d03ca5f099",
  "last_changed_at": "2026-06-06T09:14:29.237Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "New York City",
    "city": "New York City",
    "region": "NY",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.75
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-06T20:38:24.791Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "New York City",
      "city": "New York City",
      "region": "NY",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.75
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": null,
  "salary_period": null,
  "workplace_type": "on_site",
  "salary_currency": null
}

{}

{
  "id": "2f189f8e-4d3b-40bc-bf01-bdb01865e88f",
  "team": "Security",
  "title": "Staff Security Engineer, Product",
  "jobUrl": "https://jobs.ashbyhq.com/rogo/2f189f8e-4d3b-40bc-bf01-bdb01865e88f",
  "address": null,
  "applyUrl": "https://jobs.ashbyhq.com/rogo/2f189f8e-4d3b-40bc-bf01-bdb01865e88f/application",
  "isListed": true,
  "isRemote": false,
  "location": "New York City",
  "updatedAt": null,
  "apiVersion": "ashby-non-user-graphql-v1",
  "department": "Security",
  "publishedAt": null,
  "workplaceType": "OnSite",
  "employmentType": "FullTime",
  "secondaryLocations": []
}