Pentester, Offensive Forward Deployment Engineer

About Mistral

At Mistral AI we believe in the power of AI to simplify tasks, save time and enhance learning and creativity. Our technology integrates seamlessly into daily work life. We democratize AI through high-performance, open-source, cutting-edge models, products and solutions. Our comprehensive platform meets enterprise needs, whether on-premises or in the cloud. We are a dynamic, collaborative team passionate about AI and its potential to transform society, with teams distributed across France, USA, UK, Germany and Singapore.

Role Summary

We are seeking a hands‑on Penetration Tester to join our Offensive Security team. You will run our evolving offensive solution on real client engagements while hunting vulnerabilities in Mistral’s own systems and in the wild. Your work will affect both client security posture and our own defensive capabilities, and help shape how AI transforms penetration testing.

What You Will Do

• Client Engagements: Run our offensive security solution on client engagements: scoping, executing tooling and delivering results. Triage output and kill false positives to ensure high‑quality, actionable findings. Advise clients through deployment and remediation as a trusted security partner. Travel to client premises and switch between engagements in a classic pentest consulting cadence.
• Internal Dogfooding: Pentest Mistral’s own systems, finding vulnerabilities before the solution matures. Hunt for vulnerabilities internally and on open‑source or in‑the‑wild targets between client engagements. Transfer knowledge and findings to the forming internal security team. Act as Mistral’s own first customer for our cyber harnesses.
• Guiding the Harness: Use real offensive expertise to steer the cyber harness: identify vulnerabilities it should catch. Validate and triage the harness output, ensuring it meets the high standards of human pentesters. Benchmark human vs. agent performance, helping close the gap between automated and manual testing. Contribute to the development of AI‑powered offensive security capabilities.

About You

• Current specialty in web / app‑sec + source‑code review; high‑value skills in internal / Active Directory, cloud (AWS/GCP/Azure), CI/CD & supply‑chain.
• Senior enough to run an engagement solo from scoping to delivery.
• Uses AI in your workflow with a nuanced view of its capabilities and limitations.
• Comfortable client‑facing, mobile, and switching between engagements.
• Proven track record delivering high‑quality penetration testing results.
• Strong problem‑solving abilities and attention to detail in vulnerability identification.

Additional Preferred Skills

• Build your own offensive tooling (builder mindset that scales impact).
• Published CVEs / GHSAs or a strong bug‑bounty track record.
• Conference talks, CTF achievements, or other public recognition in the security community.
• Strong code review skills for multiple programming languages.
• Experience with AI/ML systems and their unique security challenges.
• Contributions to open‑source security tools or research.

Location & Remote

This role is open to remote candidates in Europe. Ideally based in one of our European offices (Paris, France or London, UK). We encourage in‑person collaboration at least three days per month. Remote candidates will be asked to visit the local office for the first week of onboarding and then at least three days per month.

What We Offer

• Competitive salary and equity (stock options)
• Health insurance
• Transportation allowance
• Sport allowance
• Meal vouchers
• Private pension plan
• Generous parental leave policy
• Visa sponsorship

By applying you agree to our Applicant Privacy Policy.