AI Engineer

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• You will develop and take charge of the AI systems that transform Live Breach into an authentic incident experience rather than just a scripted drill.

• The AI attacker agent - an independent LLM-powered entity that receives a threat actor profile, a network briefing, and a configured attack chain, then executes it in a live environment.

• The exercise orchestration layer - a concurrent system that observes the network during a live exercise, identifies executed attack techniques, listens for proper containment and eradication actions from participants, and presents investigation tasks linked to genuine attacker behavior.

• Prompt engineering for both red and blue team agent components, working closely with our content engineering team.

• Integration with adversary emulation tools for realistic technique execution.

• User emulation and noise generation — creating realistic background activities so participants can differentiate actual attacker behavior from normal log volume.

• Documentation and architecture that enable the wider engineering team to operate and troubleshoot the AI layer without relying on any single individual.

⛳️ Requirements

• Practical experience in building LLM-powered agents — including planning loops, tool usage, memory, and state management.

• Proficient in Python engineering; capable of delivering production-quality agent systems, not merely prototypes.

• Expertise in designing prompts and agent architectures that are dependable and predictable under adversarial scenarios.

• Ability to work independently on undefined problems — you will need to make sound technical decisions with minimal guidance.

• Strong asynchronous communication skills; the team is distributed and proper documentation is essential.

• Familiarity with cybersecurity concepts — including attack techniques, MITRE ATT&CK, and network fundamentals (Active Directory, lateral movement, persistence).

• Experience with adversary emulation frameworks (such as MITRE CALDERA or equivalent).

• Background in developing event-driven systems that monitor and respond to real-time state changes.

• Knowledge of cloud infrastructure (as we dynamically provision VMs and networks for each exercise).

• Previous experience in the cyber range, red team tools, or security simulation domains.

• Familiarity with multi-agent architectures where agents observe and respond to each other.

🏝️ Benefits

• Remote work options.

• Professional development opportunities.