
Apollo Research · London & San Francisco
THE OPPORTUNITY We are building Watcher, a coding agent security product. We are looking for a security & control expert to help us design better threat models...
We are building Watcher, a coding agent security product. We are looking for a security & control expert to help us design better threat models and control protocols against AI adversaries, and improve the effectiveness and security of Watcher.
A security & control expert embedded in the product team with three functions:
Research: Supporting Apollo's monitoring research with threat modeling, attack design, red-teaming, and trajectory analysis (~50%),
Expert view: Bring a security expert’s view of what security buyers need to make Watcher a better product (~25%),
Product security: Improve the security posture of Watcher and Apollo's product infrastructure (~25%).
This is truly a “start-up role” in the sense that you have many responsibilities and have significant say in shaping the direction of the role. This is an individual contributor role but could lead to management responsibilities eventually, if desired.
Application deadline: We are conducting interviews actively and aim to fill this role as soon as we find someone suitable. THE OPPORTUNITY Join our new AGI safety product team and help transform AI control research into practical tools that directly reduce risks from AI. As an Research Scientist (Control), you’ll work closely with Marius (CEO & currently leads the monitoring efforts), other control researchers and product engineers. We are currently building Watcher, a monitoring tool for coding agents. Our monitoring research agenda attempts to translate compute into safety at scale. You will join a small team and will have significant ability to shape the team & tech, and have the ability to earn responsibility quickly. You will like this opportunity if you're passionate about using empirical research to make AI systems safer in practice. You enjoy the challenge of translating theoretical AI risks into concrete detection mechanisms. You thrive on rapid iteration and learning from data. You want your research to directly impact real-world AI safety. KEY RESPONSIBILITIES TLDR: you will design & implement control protocols (see e.g. [Greenblatt et al, 2023]) and test them on real-world production systems at scale. Research & Development - Systematically collect and catalog coding agent failure modes from real-world instances, our internal deployments, public examples, research literature, and theoretical predictions - Design and conduct experiments to test monitor effectiveness across different failure modes and agent behaviors - Build and maintain evaluation frameworks to measure progress on monitoring capabilities - Build and maintain high-quality datasets to train and test monitors on - Iterate on monitoring approaches based on empirical results, balancing detection accuracy with computational efficiency - Stay current with research on AI safety, agent failures, and detection methodologies - Stay current with research into coding security and safety vulnerabilities Monitor Design & Optimization - Develop & maintain a comprehensive library of monitoring prompts tailored to specific failure modes (e.g., security vulnerabilities, goal misalignment, deceptive behaviors) - Experiment with different reasoning strategies and output formats to improve monitor reliability - Design and test hierarchical monitoring architectures and ensemble approaches - Optimize log pre-processing pipelines to extract relevant signals while minimizing latency and computational costs - Implement and evaluate different scaffolding approaches for monitors, including chain-of-thought reasoning, structured outputs, and multi-step verification Fine-tuning & Red-teaming - Fine-tune open-source models to create efficient monitors for high-volume production environments - Design and build agentic monitoring systems that autonomously investigate logs to identify both known and novel failure modes - Build automated red-teaming pipelines that attack monitors at scale - Design iterative adversarial games where a red-team and blue team continuously attack and defend respectively
Skopje, Zagreb, Split, hybrid DEPT® is a Growth Invention company built to help the world’s most ambitious brands grow faster. Operating at the intersection of technology and marketing, our 4,000+ specialists deliver growth invention services across Brand & Media, Experience, Commerce, CRM, and Technology & Data. We’re 50|50 tech and marketing, partner-led, and first to move. Clients include Google, Lufthansa, Meta, eBay, and OpenAI. We have been certified B Corp and Climate Neutral since 2021. JOB PURPOSE We are looking for a motivated Associate Information Security Specialist to join our growing security team in Croatia or North Macedonia. This role is a career-accelerating entry point for an ambitious professional looking to shape themselves under top-tier mentorship. You will work alongside our Information Security Officer to support audits, ISMS related operational tasks, and map our company-wide AI inventory. In the long term, you will transition into a direct-report role under our returning Global Information Security Officer, stepping up to take continuous support of our dual ISO 27001 and ISO 42001 compliance lifecycles. WHAT YOU'LL DO * You will coordinate and document routine security control monitoring activities, including access reviews, security checklists, and asset onboarding verification. * You will act as the central operational coordinator for building and maintaining our AI use-case inventory register in ISMS.Online, gathering system metrics from departments across the global organization. * You will facilitate and support system impact assessments, data collection for risk registers, and tracking remediation metrics. * You will perform standard information security due diligence reviews of new vendors, tools, and SaaS solutions. * You will help update, deliver, and track completion records for company-wide annual security and AI acceptable-use training. Day-to-Day Expectations & Execution * ISMS Adherence & Maintenance: you will live our security practices by rigorously following and helping to maintain the records, documentation, and operational workflows of our ISMS. * Proactive Organization-Wide Communication: you will act as an approachable champion for security, answering routine team questions and proactively pushing clear updates and awareness reminders out to the organization regarding best practices. * Work hands-on alongside internal systems, product, and IT teams: you will help bridge the gap between our high-level security experts and internal engineers, assisting them in executing and tracking technical security measures. * Incident Response Mobilization: you will provide immediate operational support during security incidents by gathering data, documenting timelines, and assisting the broader response team in quick resolution. * Business & Client Support: you will assist the commercial team in answering client RFIs and security questionnaires accurately, playing a proactive role in keeping data security top-of-mind for our clients. * Practical Fieldwork with Business Teams: you will actively step into our business units to learn how they function day-to-day. Using ISO frameworks as a clear starting point, you will help identify how the security team can better support their unique operational workflows. * Vendor & Audit Coordination: you will maintain close communication with our software vendors during procurement to verify their security stance. You will organize and prepare evidence packages to support internal audits, external audits, and client due diligence reviews. * Executive Team Insights Support: you will help aggregate security performance metrics, identify vulnerabilities, and prepare reporting materials that give the executive team clear visibility into our security posture and improvement areas. * AI-Powered Efficiency: you will actively explore, suggest, and experiment with internally sourced AI compliance tools to automate tedious compliance logging and documentation tasks, helping our lean security team work much more efficiently. WHAT YOU'll BRING * 1–3 years of foundational experience in IT, sys administration, system auditing, or a junior security / compliance role. * Framework Knowledge: Basic theoretical or working knowledge of Information Security principles (ISO 27001, SOC 2, or CIS controls). * Core Skills: Excellent organizational, documentation, and stakeholder communication. You must be comfortable reaching out to engineering and product teams to gather asset information. * Growth Mindset: High coachability and excitement for deep diving into the cutting-edge requirements of AI security compliance (ISO 42001). WE OFFER * Transparent career development and pay. * A flexible, hybrid working policy. * A rewarding, supportive and healthy company culture. * Supplemental and additional health insurance. * Referral bonus program. * Stay happy and healthy with a contribution to your health through the OpenUp platform, and a multisport programme. * A reputation for doing good. DEPT® has been a Certified B Corp® since 2021. * Awesome clients. Whether big, small, local or global — at DEPT® you’ll get the opportunity to work with all of them. And we celebrate all of our successes together! * The opportunity for possibility. We want to enable you to do what you do best and help you develop your skills further with training, development and certifications. * Global annual DEPT® Cares Month in which employees come together and donate their skills to support local charities. WHY DEPT®? We are a Growth Invention company built to help the world’s most ambitious brands grow faster. Operating at the intersection of technology and marketing, we create what is next by pioneering ideas, acting fast, and moving further because standing still just is not in our DNA. We are drawn to people who stay curious, move with intent, and never stop inventing. Our culture runs on three values: better together, relentlessly curious, and get sh*t done. It is how we work, how we grow, and how we make things that matter. At DEPT®, you will find the freedom to explore, the space to collaborate, and the trust to make a real impact for our clients, for each other, and for the world we are helping to build. DIVERSITY, EQUITY & INCLUSION At DEPT®, we take pride in creating an inclusive workplace where everyone has an equal opportunity to thrive. We actively seek to recruit, develop, nurture, and retain talented individuals from diverse backgrounds, with varying skills and perspectives. Not sure you meet all qualifications? Apply, and let us decide! Research shows that women and members of underrepresented groups tend not to apply for jobs when they think they may not meet every requirement, when in fact they do. We believe in giving everyone a fair chance to shine. We also encourage you to reach out to us and discuss any reasonable adjustments we can make to support you throughout the recruitment process and your time with us. Want to know more about our dedication to diversity, equity, and inclusion? Check out our efforts here.
About Irregular Irregular is the first frontier security lab with the mission of protecting the world in the time of increasingly capable and sophisticated AI systems. We build next-generation defenses through high-fidelity research platforms that simulate and monitor real-world AI security scenarios. As AI systems become more powerful, we focus on staying ahead of emerging threats and vulnerabilities, ensuring these transformative technologies can be deployed safely and securely. About the Role We’re looking for a Security Engineer to help architect and scale Irregular’s security foundations as we grow, working closely with our CISO to execute the security roadmap. This is a high-impact, hands-on, role designing security from the ground up across cloud infrastructure, identity, application security, monitoring, and internal security operations. You’ll partner with exceptional engineers and security researchers and help shape Irregular’s long-term security strategy Representative Responsibilities: * Build, deploy and own Irregular’s security infrastructure and internal security operations * Design and maintain security controls across cloud infrastructure, SaaS applications, and internal systems * Partner closely with Engineering to improve security across platforms, infrastructure, and development workflows * Develop and improve security monitoring, alerting, vulnerability management, and incident response processes * Manage identity and access systems and access control policies * Manage endpoint MDM (Mobile Device Management) and laptop devices. * Lead security and compliance initiatives such as SOC2, ISO27001, or similar frameworks * Establish and maintain company-wide security policies, standards, and best practices * Evaluate, implement, and manage security technologies and tooling * Serve as the security subject matter expert across the company * Help drive a strong security culture across teams You may be a good fit if you have: * Strong experience in Security Engineering, Security Operations, or Infrastructure Security * Deep understanding of modern security frameworks including Zero Trust, identity management, endpoint protection, cloud security, Data Loss Prevention, and Insider threat programs * Hands-on experience with threat detection, incident response, and vulnerability management * Experience leading security and compliance initiatives such as SOC2 or ISO27001 * Experience securing modern cloud infrastructure and SaaS environments * Ability to balance security, scalability, operational efficiency, and business needs * Strong ownership mentality and ability to operate independently in fast-moving environments * Excellent communication and cross-functional collaboration skills