We're building the agent runtime that finds, proves, and fixes vulnerabilities without a human in the loop for the easy 90%. That means solving real distributed-systems and reasoning problems, not gluing together prompts.
What you'll do
- Build and harden Nullify's multi-provider agent runtime — turn loops, structured output, budget governance, checkpoint/resume for multi-hour runs.
- Design agents that reason about business logic and real application behavior, not just pattern-match against known signatures.
- Build and grow our evaluation harness — labelled test cases, scoring, regression tracking — so we can measure whether an agent got better or just got different.
- Own agents end-to-end: detection, validation, fix generation, and the judgment calls in between.
What you bring
- Strong software engineering fundamentals — Go or Python, comfortable in production systems, not just notebooks.
- Experience building or operating LLM-based agents beyond a single prompt-response call: tool use, multi-step reasoning, retries, evals.
- A scientist's instinct for measuring whether something actually works before shipping it.
- Genuine interest in security — you don't need to be an expert yet, but you need to want to become one.