Security Engineer, Application Security

Requirements

• ABOUT MERCOR Mercor's mission is to organize human intelligence to power the AI economy.
• We partner with leading AI labs and enterprises to provide the human intelligence essential to AI development.
• Our vast talent network trains frontier AI models in the same way teachers teach students: by sharing knowledge, experience, and context that can't be captured in code alone.
• Mercor is creating a new category of work where expertise powers AI advancement.
• You’ll work alongside researchers, operators, and AI companies at the forefront of shaping the systems that are redefining society.
• You'll embed in the development lifecycle, review code for exploitable flaws, build security tooling into CI/CD, and drive vulnerability remediation across a platform serving 300K+ experts and enterprise clients processing sensitive AI training data.
• We use AI heavily in our own security work.
• You should be comfortable building alongside AI code-gen tools, using LLMs to accelerate code review and threat modeling, and automating away the repetitive work that slows AppSec programs down.
• If you'd rather write a CodeQL query than file a Jira ticket, you'll fit in here.
• Experience building or tuning SAST/DAST tooling (Semgrep, CodeQL, Snyk, Burp, or similar) - You understand modern web frameworks, APIs, and authentication patterns well enough to threat model them -
• Experience managing a vulnerability pipeline - from discovery through prioritization to verified remediation - 5+ years of professional
• Experience running or triaging a bug bounty program (HackerOne, Bugcrowd) - Offensive security skills - you've done penetration testing and can think like an attacker -
• Experience securing AI/ML applications - model serving APIs, training data pipelines, prompt injection defense - Familiarity with supply chain security - dependency scanning, registry firewalls (Socket, Snyk) - You've built custom security tooling that a team still uses - Contributions to open source security projects or published vulnerability research WHY MERCOR - The problem is real.
• Application security at scale is hard - you'll build defenses that matter across a fast-moving platform. - AI-native AppSec.
• You'll use frontier AI tools daily - for code review, vulnerability analysis, and anything that
• benefits from an AI co-pilot. - Ownership from day one.
• Working alongside AI labs means you'll understand frontier model capabilities months before the market.