Senior Security & Test Software Engineer
Find a vacancy that works for you. Send us your CV to receive a personalized offer.
Find me a jobWe are looking for a Senior Security & Test Software Engineer to join our team building an Enterprise Agent Development Platform — a production-grade, cloud-native ecosystem that enables engineering teams to define, orchestrate, deploy and observe AI agents at scale. The platform standardizes agent development across the organization using LangGraph and Strands Agents on AWS AgentCore Runtime, providing a single-file developer experience where the platform handles runtime, tooling, observability and deployment automatically. In this role, you will own security, functional and performance testing for the A2A gateway and help enforce consistent security, quality and governance standards across the platform.
- Own security, functional and performance test suites for the A2A gateway
- Test Cedar policy enforcement correctness across LOG_ONLY and ENFORCE modes
- Conduct trust model gap analysis for non-AgentCore A2A agents
- Design and automate security and functional test suites using Python
- Perform performance testing and benchmarking of cloud APIs using k6 and Locust
- Validate Cedar policy correctness including permit/deny logic and forbid-overrides-permit behavior
- Apply agentic AI and LLM threat modeling practices to identify risks such as excessive agency and tool parameter exfiltration
- Enforce OAuth 2.0 and JWT validation mechanisms for agent channel token scope
- Partner with engineering teams to embed consistent security and quality standards across the Agent Development Platform
- 3+ years of experience in security engineering or QA
- Expertise in API security testing and performance benchmarking for cloud APIs
- Background in security test design for AI and agent systems beyond REST APIs
- Skills in enforcement mechanism design or implementation
- Knowledge of A2A trust model including OAuth 2.0, signed Agent Cards, JWT validation and token scope enforcement for agent channels
- Proficiency in Python for security test automation
- Competency in functional and security test design
- Familiarity with performance testing tools such as k6 and Locust
- Understanding of Cedar policy testing including permit/deny correctness, forbid-overrides-permit and LOG_ONLY vs ENFORCE mode
- Knowledge of agentic AI / LLM threat modeling including OWASP Top 10 for LLMs, excessive agency and tool parameter exfiltration
- Familiarity with multi-agent communication security patterns
- Background in trust model gap analysis for non-AgentCore A2A agents
