Penetration Tester

Lovable Lovable · Coding AI · Stockholm, Sweden · Engineering

The role is a Penetration Tester focused on offensive security for an AI platform. The responsibilities include testing web, mobile, APIs, cloud infrastructure, and specifically AI pipelines and LLM integrations for vulnerabilities like prompt injection and data exfiltration. The role also involves testing user-generated code and working with engineering to remediate findings, aiming to make the product the most secure AI product in the market.

What you'd actually do

  1. Own offensive security end-to-end: plan and execute penetration tests across Lovable's web platform, mobile surface, APIs, cloud infrastructure, and AI pipelines.
  2. Break our AI before others do: probe LLM integrations for prompt injection, jailbreaks, data leakage, and novel attack vectors unique to AI-generated code running in live products.
  3. Stress-test user-generated code at scale: identify systemic vulnerabilities introduced when millions of users create and deploy real applications on Lovable.
  4. Turn findings into action: work directly with engineering to prioritise, remediate, and verify fixes, closing the loop between discovery and resolution.
  5. Raise the security bar org-wide: run internal red team exercises, contribute to threat modelling, and embed an attacker's mindset across the engineering culture.

Skills

Required

  • penetration testing
  • offensive security
  • web security
  • mobile security
  • API security
  • cloud security
  • AI security
  • LLM security
  • prompt injection
  • data exfiltration
  • exploit development
  • privilege escalation
  • lateral movement
  • GCP
  • AWS
  • Cloudflare
  • reporting
  • communication

Nice to have

  • red team operations
  • supply chain attacks
  • mobile security (iOS/Android)
  • SAST
  • DAST

What the JD emphasized

  • 12+ years of hands-on penetration testing experience
  • A track record the field knows about: CVEs to your name, hall-of-fame credits in major bug bounty programs, or a reputation that precedes you.
  • Hands-on experience using AI as part of your hacking workflow
  • Experience attacking AI-native products or LLM-integrated systems
  • Help make Lovable the most secure AI product in the market.

Other signals

  • AI pipelines
  • AI-native products
  • LLM-integrated systems
  • AI product