Devoteam Cyber Trust | Autonomous Pentesting Engineer

Mission Develop and evolve an autonomous pentesting platform based on agentic systems, integrated within the Offensive Security domain—specifically the Offensive Engineering and Innovation team—ensuring systems are effective, controllable, and capable of producing relevant and reliable outputs in real-world penetration testing scenarios. Role Context This role sits within the Offensive Engineering and Innovation team, responsible for creating new technical capabilities that extend and scale offensive security services. The platform aims to automate significant parts of the pentesting lifecycle, aligned with methodologies such as the OWASP Web Security Testing Guide (WSTG), leveraging agents, LLMs, and integrations with existing security tooling. This is not an isolated experimental initiative. It is a production-oriented capability with direct application in delivery environments. Responsibilities Define and evolve the architecture of autonomous pentesting agents Develop controlled execution pipelines (tasking, tool usage, feedback loops) Design and improve mechanisms for: Planning State management Tool usage orchestration Validation and control of agent execution Integrate and optimize LLM-based systems within agent workflows Define and validate tool-calling interfaces and integrations with pentesting tools Ensure alignment with established methodologies (e.g., OWASP WSTG) Test and validate agent behavior in real-world scenarios Identify, analyze, and mitigate system failures and edge cases Contribute to internal standards, engineering practices, and design patterns Technical Skills: Required Strong proficiency in Python Experience with APIs and distributed systems Practical experience with LLMs (usage, integration, limitations) Understanding of agent-based systems Highly Important Ability to design complex, non-deterministic systems Experience with: Task decomposition and planning State management and execution continuity Tool orchestration Output validation and evidence handling Strong debugging capability (deep system-level troubleshooting) Ability to validate system behavior, not only code correctness Differentiators Experience with agent frameworks Background in Application Security (AppSec) Experience with security testing automation Exposure to multiple LLM models and providers Soft Skills Strong critical thinking Ability to operate in imperfect and evolving systems Experimental and outcome-driven mindset Strong focus on control, reliability, and predictability High autonomy and ownership Success Metrics Agents produce useful, actionable outputs Execution is predictable and controllable Low rate of unexpected or unsafe behaviors Effective integration into real pentesting workflows Continuous system evolution without uncontrolled complexity growth O que oferecemos: Valorização e acompanhamento do talento; Aposta no desenvolvimento dos nossos colaboradores; Colaboração numa empresa em constante crescimento e evolução; Forte cultura organizacional: colaboração, partilha, flexibilidade, integridade e low ego. Gostarias de te juntar à nossa equipa? Então envia o teu CV. The Devoteam Group works for equal opportunities, promoting its employees based on merit and actively fights against all forms of discrimination. We are convinced that diversity contributes to the creativity, dynamism and excellence of our organization. All of our vacancies are open to people with disabilities. A Devoteam Cyber Trust é a unidade especializada em cibersegurança do Grupo Devoteam. Com mais de 800 especialistas localizados na região EMEA, o nosso objetivo é estabelecer a cibersegurança como um facilitador do sucesso dos negócios, em vez de um obstáculo. Utilizamos uma abordagem abrangente de Resiliência Cibernética, Segurança Aplicada e Gestão de Serviços de Segurança para proteger a jornada tecnológica de empresas de grande e média dimensão de todos os setores e indústrias. Desde 2009, anteriormente com a denominação INTEGRITY, a nossa equipa sediada em Portugal é especializada em fornecer Serviços Geridos de Segurança de ponta, que combina a sua expertise e tecnologia proprietária para reduzir de forma consistente e eficaz o risco cibernético dos nossos clientes. A ampla gama de serviços abrange Testes Persistentes de Intrusão, ISO 27001, PCI-DSS, Consultoria e Soluções de GRC e Gestão de Riscos de Terceiras Partes. Certificados em ISO 27001 (Segurança da Informação) e ISO 9001 (Qualidade), PCI-QSA e membros da CREST e CIS - Centro de Segurança na Internet, prestamos serviços a um número considerável de clientes, operando em mais de 20 países.