Pentester, Offensive Forward Deployment Engineer

At Mistral AI, we believe in the power of AI to simplify tasks, save time, and enhance learning and creativity. Our technology is designed to integrate seamlessly into daily working life.

We democratize AI through high-performance, optimized, open-source and cutting-edge models, products and solutions. Our comprehensive AI platform is designed to meet enterprise needs, whether on-premises or in cloud environments. Our offerings include le Chat, the AI assistant for life and work.

We are a dynamic, collaborative team passionate about AI and its potential to transform society.

Our diverse workforce thrives in competitive environments and is committed to driving innovation. Our teams are distributed between France, USA, UK, Germany and Singapore. We are creative, low-ego and team-spirited.

Join us to be part of a pioneering company shaping the future of AI. Together, we can make a meaningful impact. See more about our culture on https://mistral.ai/careers.

Client Engagements
• Run our offensive security solution on real client engagements: scoping, executing tooling, and delivering results
• Triaging output and killing false positives to ensure high-quality, actionable findings for clients
• Advise clients through deployment and remediation, acting as a trusted security partner
• Travel to client premises and switch between engagements in a classic pentest consulting cadence

Internal Dogfooding
• Pentest Mistral's own systems, finding vulnerabilities before our offensive solution matures
• Hunt for vulnerabilities internally and on open-source/in-the-wild targets between client engagements
• Transfer knowledge and findings to the forming internal security team
• Act as Mistral's own first customer for our cyber harnesses

Guiding the Harness
• Use real offensive expertise to steer the cyber harness: identify vulnerabilities it should catch
• Validate and triage the harness's output, ensuring it meets the high standards of human pentesters
• Benchmark human vs. agent performance, helping to close the gap between automated and manual testing
• Contribute to the development of AI-powered offensive security capabilities

• Current P0 specialty: web / AppSec + source-code review; also high-value: internal / Active Directory, cloud (AWS/GCP/Azure), CI/CD & supply chain
• Senior enough to run an engagement solo from scoping to delivery
• Uses AI in your workflow with a nuanced view of its capabilities and limitations
• Comfortable being client-facing, mobile, and switching between different engagements
• Proven track record of delivering high-quality penetration testing results
• Strong problem-solving abilities and attention to detail in vulnerability identification

It would be ideal if you also have:
• Build your own offensive tooling (builder mindset that scales your impact)
• Published CVEs / GHSAs or a strong bug-bounty track record
• Conference talks, CTF achievements, or other public recognition in the security community
• Strong code review skills for multiple programming languages
• Experience with AI/ML systems and their unique security challenges
• Contributions to open-source security tools or research