Skip To Main Content
backBack to Search

Senior Security & Test Engineer - A2A

Remote in Poland
Security.Testing& 5 others
hot
Looking for something else?

Find a vacancy that works for you. Send us your CV to receive a personalized offer.

Find me a job

We are looking for a Senior Security & Test Engineer to join our team building an Enterprise Agent Development Platform, a production-grade cloud-native ecosystem that enables engineering teams to define, orchestrate, deploy and observe AI agents at scale. This role focuses on securing the A2A gateway within a platform that standardizes agent development using LangGraph and Strands Agents on AWS AgentCore Runtime, reducing agent development time from months to days while enforcing consistent security, quality and governance standards.

Responsibilities
  • Own security, functional and performance test suites for the A2A gateway
  • Test Cedar policy enforcement correctness across LOG_ONLY and ENFORCE modes
  • Conduct trust model gap analysis for non-AgentCore A2A agents
  • Design and execute functional and security test plans for agentic AI systems
  • Validate authentication and authorization flows across agent communication channels
  • Identify and mitigate security risks specific to agentic AI and LLM-based systems
  • Collaborate with engineering teams to strengthen the platform's overall security posture
  • Report and track defects, vulnerabilities and performance bottlenecks uncovered during testing
Requirements
  • 5+ years of experience in security engineering or quality assurance
  • Knowledge of the A2A trust model including OAuth 2.0 signed Agent Cards and JWT validation with token scope enforcement for agent channels
  • Proficiency in Python for security test automation
  • Skills in functional and security test design
  • Experience in performance testing using k6 and Locust along with performance benchmarking for cloud APIs
  • Expertise in Cedar policy testing including permit/deny correctness forbid-overrides-permit logic and LOG_ONLY vs ENFORCE mode
  • Background in agentic AI/LLM threat modeling covering OWASP Top 10 for LLMs excessive agency and tool parameter exfiltration
  • Expertise in API security testing
  • Background in security test design for AI/agent systems beyond REST APIs
  • Experience in enforcement mechanism design or implementation
Nice to have
  • Familiarity with multi-agent communication security patterns
  • Background in trust model gap analysis for non-AgentCore A2A agents