Security Researcher
Lacework
Software Engineering, Other Engineering
Burnaby, BC, Canada
CAD 119k-136k / year + Equity
Join Fortinet, a cybersecurity pioneer with over two decades of excellence, as we continue to shape the future of cybersecurity and redefine the intersection of networking and security. At Fortinet, our mission is to safeguard people, devices, and data everywhere. We are currently seeking a dynamic Security Researcher/Pentester to contribute to the success of our rapidly growing business. We are looking for a highly motivated individual who can thrive in a fast pace environment and successfully contribute to the team.
You would act as a Security Researcher/Penetration Tester. This is a highly technical role, combining cutting-edge AI and LLM-powered attack techniques with traditional penetration testing skills. You will assist the Information Security leadership on evaluating the security posture of Fortinet Cloud Services. This position will be strongly focusing on AI powered red teaming, cloud security adversarial research and LLM exploitation.
As a Security Researcher/Pentester, your responsibilities will include:
Conduct regularly penetration tests and security evaluations on Fortinet cloud products, covering web applications and server backend under various authentication level to identify vulnerabilities and security risks.
Investigating and Writing POCs for published vulnerabilities and help production team to evaluating the exploitability and risks.
Red team activities, specifically on developing AI-assisted scripts, agents, and programs to penetrate and infiltrate in-scope systems and ICT technologies; this includes leveraging LLMs as autonomous attack agents capable of chaining exploits across cloud environments.
Collecting threat intelligence, evaluating and maintaining traditional Pentest tools, and tracking emerging AI/LLM-based offensive security techniques and tooling.
Conduct AI red team exercises targeting LLM-integrated cloud services and AI APIs,including prompt injection, indirect prompt injection, jailbreaking, and model inversion attacks.
Perform LLM fine-tuning and abliteration research — including training uncensored or capability-unlocked variants of open-source models (LLaMA, Gemma4) via LoRA/QLoRA and representation-engineering techniques
Develop and operate LLM-powered penetration testing pipelines: using AI agents (ReAct, tool-use) to automate reconnaissance, vulnerability enumeration, exploit generation, and post-exploitation chaining against cloud-native targets (Kubernetes clusters, serverless functions, IAM privilege escalation paths, cloud storage misconfigurations).
-
Research and document adversarial attack surfaces unique to AI-powered products: RAG pipeline data poisoning, embedding inversion, model supply-chain compromise, and training data extraction.
We are looking for:
3+ years of dedicated experience in information security role with strong pen-tester practiced background (CVE, Pentest reports, Tech articles may be asked as proofs).
Professional penetration test skills on information technologies including operation systems, software frameworks, database, web applications and networks.
Strong knowledge of the fundamentals of web applications including. authentication, authorization, session management, HTTP protocol, web language, web server and browser architecture and implementation principle.
Proven skills with traditional pen-test tools (Nessus, Burp Suite, Nuclei, SQLmap) .
Demonstrated practices of using Kali Linux / Metasploit to craft POCs for known vulnerabilities; ability to extend and automate these toolchains with LLM co-pilots or autonomous AI agents.
Hands-on experience with LLM fine-tuning frameworks and techniques: LoRA / QLoRA (Unsloth, LLaMA-Factory), supervised fine-tuning on security datasets, and direct preference optimization (DPO) for behavior shaping.
Proficiency in using LLMs and AI agents for offensive cloud security: automated IAM privilege-escalation discovery, cloud misconfiguration enumeration, AI-generated exploit payloads, and natural-language-driven attack orchestration.
Familiarity with AI/ML cloud service attack surfaces: prompt injection against retrieval-augmented generation (RAG) pipelines, embedding space attacks, model API abuse, and inference-time adversarial inputs.
Certifications such as OSCP , OSWE , HTB CPTS, HTB CWEE are highly valued.
About Our Team: Join our team, known for its collaborative ethos, working seamlessly with global customers, internal engineering teams and product development groups. Our team culture emphasizes continuous learning, innovation, and a strong commitment to customer satisfaction. We embrace Fortinet’s core values of openness, teamwork and innovation, fostering an environment where team members support each other, share knowledge, and leverage AI to solve complex technical challenges. Our inclusive and dynamic team thrives on collaboration and is driven by the shared goal of maintaining Fortinet’s high standards of excellence in cybersecurity solutions.
Why Join Us: We encourage candidates from all backgrounds and identities to apply. We offer a supportive work environment and a competitive Total Rewards package to support you with your overall health and financial well-being. Embark on a challenging, enjoyable, and rewarding career journey with Fortinet. Join us in bringing solutions that make a meaningful and lasting impact to our 660,000+ customers around the globe.
The Canada base salary range for this full-time position is expected to be between $119,000 - $136,000 annually. Wage ranges are based on various factors including the labour market, job type, and job level. Exact salary offers will be determined by factors such as the candidate’s subject knowledge, skill level, qualifications, and experience.
Fortinet strives to provide you and your family with a comprehensive benefits package. Benefits eligibility starts on your first day of hire and comprises of 100% company paid medical, dental, and vision coverage, including a Health Spending Account and a Personal Spending Account that gives you flexibility to spend where you need it the most. Our Employee & Family Assistance Plan (EFAP) offers you and your family access to various services like counseling, legal advice, mental health resources etc. We also provide critical illness, disability, and life insurance, as well as a Group Registered Retirement Savings Plan (RRSP) with a company match to help you save faster for retirement. We offer competitive Paid Time Off and flexible leave policies, including paid health days, to help you take care of yourself and your family members.
All roles are eligible to participate in the Fortinet equity program. Bonus eligibility is reviewed at time of hire and annually at the Company’s discretion.
Join Fortinet, a cybersecurity pioneer with over two decades of excellence, as we continue to shape the future of cybersecurity and redefine the intersection of networking and security. At Fortinet, our mission is to safeguard people, devices, and data everywhere. We are currently seeking a dynamic Security Researcher/Pentester to contribute to the success of our rapidly growing business. We are looking for a highly motivated individual who can thrive in a fast pace environment and successfully contribute to the team. You would act as a Security Researcher/Penetration Tester. This is a highly technical role, combining cutting-edge AI and LLM-powered attack techniques with traditional penetration testing skills. You will assist the Information Security leadership on evaluating the security posture of Fortinet Cloud Services. This position will be strongly focusing on AI powered red teaming, cloud security adversarial research and LLM exploitation.