Senior Applied ML Research Engineer, Agentic Security

About Dynamo AI Dynamo AI is building the future of trustworthy AI for the enterprise. Our platform provides real-time guardrails, red-teaming, and observability for generative AI systems-ensuring safe, compliant, and reliable deployments across regulated sectors such as financial services, insurance, healthcare and government. We’re backed by leading partners and rapidly expanding with some of the world’s most sophisticated enterprises. Our products are in production at some of the largest institutions in the world (including Intel, Lenovo, Experian, and the US Army), actively unlocking AI deployments. We're well recognized and well funded ($30M raised), with offices in NYC, SF, and a European office planned to open soon. The Applied Research Team builds zero-to-one security capabilities with fast iteration cycles. We live at the boundary between research and product: inventing what "agentic security" should mean, proving it through experiments, and turning it into systems customers can rely on. Right now, we're building Agent Warden: a security layer that finds systematic attack patterns in agentic systems, localizes risk through static and dynamic analysis, and turns that into surgical, automated defenses. About the Role You'll help define an emerging area: how to find and neutralize the security risks that emerge when agents act, plan, and use tools autonomously. This role is research-heavy and engineering-heavy: you'll design experiments, build prototypes, fine-tune models, and pressure-test systems against adversarial behavior. You'll iterate quickly, learn from failures, and scale what works, while building the monitoring and evaluation infrastructure that makes progress measurable. You can see what we're building https://www.dynamo.ai/agentwarden. In this role you will: Define and validate threat models for agentic systems, identifying which tool characteristics must co-exist to enable data exfiltration and malicious state change, and how to break those combinationsDesign and run experiments: create synthetic environments like file systems and tools, create task distributions that have attack paths and apply different attack strategiesBreak (manually and using optimization algorithms such as RL) agentic systems inDesign and improve static and dynamic analysis methods that automatically map tool capabilities to risk across diverse tool ecosystems, and make those methods scaleTurn research insights into product-facing capabilities: risk classification, automated guardrail generation, and quantitative threat measurementBuild measurement tools: eval harnesses, monitoring, dashboards, and feedback loops that quantify security outcomesBuild capability and regression evalsOptimize systems for real-world constraints (latency, cost, reliability) without losing scientific rigor You might thrive in this role if: You have an MS or PhD in CS/ML (or equivalent research experience) and enjoy working under uncertaintyYou've fine-tuned and evaluated models in practice and can reason about data quality, overfitting, evals, and deployment constraintsYou can write strong production code, and you're comfortable owning the infrastructure that makes agentic evals run end-to-end. You care about reproducibility and instrumentation. No AI slop.You're motivated by security problems and enjoy thinking like both builder and attackerYou reason about how capabilities combine into risk: not just individual vulnerabilities, but system-level attack surfaces across tool ecosystemsYou communicate clearly, iterate fast, and can hold a technical narrative from "hypothesis" to "shipped" What we offer Competitive salary + equity, so you share in the company's upsideWork at the forefront of AI security, helping define a new categoryRemote-friendly, with a preference for candidates based in Amsterdam, Paris, Poland, New York, or San FranciscoFully funded team retreats every 8 weeksHealth insurance allowance for you and your dependentsWellbeing, learning, and home office allowances (to support health, growth, and your setup) Locations: London, United Kingdom; San Francisco, CA; New York, NY; Amsterdam, Netherlands; Paris, France