Devoteam Cyber Trust | Autonomous Pentesting Engineer

Description

Summary: This role involves developing and evolving an autonomous pentesting platform based on agentic systems, integrated within the Offensive Security domain to ensure effective and reliable outputs. Highlights: 1. Develop autonomous pentesting platform with agentic systems 2. Design and improve mechanisms for planning, state management, tool orchestration 3. Contribute to internal standards, engineering practices, and design patterns - Devoteam Cyber Trust is the cybersecurity specialist unit of the Devoteam Group. With over 800 specialists located across the EMEA region, our goal is to establish cybersecurity as an enabler of business success, rather than an obstacle. We adopt a comprehensive approach to Cyber Resilience, Applied Security, and Security Services Management to protect the technology journey of large and mid-sized enterprises across all sectors and industries. Since 2009, previously operating under the name INTEGRITY, our team based in Portugal specializes in delivering cutting-edge Managed Security Services, combining its expertise and proprietary technology to consistently and effectively reduce our clients' cyber risk. Our broad portfolio includes Persistent Penetration Testing, ISO 27001, PCI\-DSS, Consulting and GRC Solutions, and Third-Party Risk Management. Certified in ISO 27001 (Information Security) and ISO 9001 (Quality), PCI\-QSA, and members of CREST and CIS \- Internet Security Center, we serve a substantial number of clients operating in more than 20 countries. **Mission** Develop and evolve an autonomous pentesting platform based on agentic systems, integrated within the Offensive Security domain—specifically the Offensive Engineering and Innovation team—ensuring systems are effective, controllable, and capable of producing relevant and reliable outputs in real\-world penetration testing scenarios. **Role Context** * This role sits within the Offensive Engineering and Innovation team, responsible for creating new technical capabilities that extend and scale offensive security services. * The platform aims to automate significant parts of the pentesting lifecycle, aligned with methodologies such as the OWASP Web Security Testing Guide (WSTG), leveraging agents, LLMs, and integrations with existing security tooling. * This is not an isolated experimental initiative. It is a production\-oriented capability with direct application in delivery environments. **Responsibilities** * Define and evolve the architecture of autonomous pentesting agents * Develop controlled execution pipelines (tasking, tool usage, feedback loops) * Design and improve mechanisms for: + Planning + State management + Tool usage orchestration + Validation and control of agent execution * Integrate and optimize LLM\-based systems within agent workflows * Define and validate tool\-calling interfaces and integrations with pentesting tools * Ensure alignment with established methodologies (e.g., OWASP WSTG) * Test and validate agent behavior in real\-world scenarios * Identify, analyze, and mitigate system failures and edge cases * Contribute to internal standards, engineering practices, and design patterns **Technical Skills:** **Required** * Strong proficiency in Python * Experience with APIs and distributed systems * Practical experience with LLMs (usage, integration, limitations) * Understanding of agent\-based systems **Highly Important** * Ability to design complex, non\-deterministic systems * Experience with: + Task decomposition and planning + State management and execution continuity + Tool orchestration + Output validation and evidence handling * Strong debugging capability (deep system\-level troubleshooting) * Ability to validate system behavior, not only code correctness **Differentiators** * Experience with agent frameworks * Background in Application Security (AppSec) * Experience with security testing automation * Exposure to multiple LLM models and providers **Soft Skills** * Strong critical thinking * Ability to operate in imperfect and evolving systems * Experimental and outcome\-driven mindset * Strong focus on control, reliability, and predictability * High autonomy and ownership **Success Metrics** * Agents produce useful, actionable outputs * Execution is predictable and controllable * Low rate of unexpected or unsafe behaviors * Effective integration into real pentesting workflows * Continuous system evolution without uncontrolled complexity growth - What we offer: * Recognition and support for talent; * Investment in our employees' development; * Collaboration within a company in constant growth and evolution; * Strong organizational culture: collaboration, knowledge sharing, flexibility, integrity, and low ego. Would you like to join our team? Then send us your CV. The Devoteam Group works for equal opportunities, promoting its employees based on merit and actively fights against all forms of discrimination. We are convinced that diversity contributes to the creativity, dynamism and excellence of our organization. All of our vacancies are open to people with disabilities.