Basan
Log inSign up
All roles
Engineering, foundingEngineeringPre-Seed

Founding Security Engineer

You have actually broken into things. Now you get to bottle that craft and ship it as a continuous, agent-driven product. The quality of what Basan finds in production traces back to you.

Apply via email
Stage
Pre-Seed, early stage
Compensation
Salary + meaningful early-stage equity
Location
Remote first, async friendly
Time off
Real, taken, no theatre
About the role

The shape of the work.

Basan is an agentic pentesting platform. The agent runs continuously against a customer's app, behaves like a careful operator, and reports findings a developer can act on. Whether the agent is genuinely useful or just generates noise depends on the people who shape its tools, prompts, and validation logic.

That is this role. You will spend most of your time deciding what the agent should try, what counts as a real finding, and how to keep false positives close to zero. You are the bridge between offensive-security expertise and a system that runs that expertise at scale.

What you would own

Four things that matter on day one.

01

Author the agent's playbooks

Translate the techniques you actually use during an engagement into prompts, tools, and validation steps the agent can execute reliably.

02

Run the false-positive loop

Review live findings from early customers, decide what is real, and feed that judgement back into the agent so the next run is sharper.

03

Shape what the agent can do safely

Define guardrails and scoping behaviour. Continuous testing only works if the agent stays inside the lines, every time.

04

Be the credible voice in the room

On customer calls, in writing, on the marketing site. You get to define how Basan talks about offensive security.

What we are looking for

Must-haves

  • Real engagement experience: web app, API, or cloud pentests where you owned the work end to end.
  • Comfortable shipping code. You will edit Python, Go, and TypeScript across the agent and the SaaS surface.
  • Strong written communication. Findings, playbooks, customer notes, internal decisions all live in writing here.
  • Judgement about what is worth automating and what should stay manual.
Bonus points

Nice to have

  • OSCP, OSWE, or equivalent hands-on credentials.
  • Public security research, CTF history, or open-source security tooling.
  • Prior experience tuning an LLM agent or building security tooling on top of one.
  • Background as an in-house security engineer at a fast-moving company.
From the founder
If you have ever read a SaaS pentest report and thought ‘this could be ten times more useful and a tenth the price,’ that is the company. I want to build it with someone who has felt that frustration from the inside.
John Ramsey, founder of Basan

Sound like the role you have been looking for?

Send a short note about what you have built, what you are working on now, and why this caught your eye. No cover letter theatre.

Apply for this roleBack to roles