Cybersecurity Experts: $70-$200/hr from Frontier AI Labs

Open application· 88 spots this round

$70-$200/hr cybersecurity and offensive security work, on your schedule

Review AI-generated exploits, detections, and threat analysis the way you'd review a red-team report. Confirm what actually pops a box, flag the detection that misses, and walk through the kill chain a model glosses over. Your sense for how systems really get owned - and really get defended - is exactly what AI labs are short on.

Fully remoteYour scheduleWeekly pay

Apply nowApply once, get matched on a rolling basis. No prior AI experience needed.

Trusted by top research companies

Rated by experts worldwide

Hi, we're Zac and Jack, the founders of Terac. We want to talk to you directly, because you are the most important part of what we're building.

Terac is a community of experts. People who have spent years getting good at something specific and hard. The world is about to need more of you, not less. As AI takes on more of the world's work, the bottleneck shifts to the people who actually know what they're talking about.

Expert labor is the rarest resource in the world right now, and it is shockingly hard to find. The companies that need a pentester's eye on a subtle auth bypass spend weeks chasing people, paying placement fees, and settling for whoever is available. Meanwhile thousands of qualified people are sitting with knowledge that no one ever asks for.

That gap is what we're here to close. Every project that lands on Terac is routed to the people who actually know the answer, on their schedule, paid fairly, and only when the work is verified. No middleman taking a cut of your time. No vague gigs. No chasing checks.

We care about every single person in this community. If you join Terac, you're not a row in a database to us. We read the feedback. We answer the emails. We will fight for you when a customer is being unreasonable, and we will be honest with you when something on our side is broken. The quality of this panel is our entire company, and we owe you a serious bar.

If you've made it this far, here is what we're asking: claim your profile. Put your expertise on the record. Let the world's most ambitious teams come find you for the work only you can do.

Zac & Jack

Founders

Cybersecurity questions

Still curious? Write to us at support@terac.com.

Offensive specialists are among the most in-demand contributors because frontier models are actively trained on penetration testing methodology, CVE analysis, and adversarial tradecraft. Work in your area includes reviewing AI-generated exploit chains, evaluating the accuracy of vulnerability research, and writing worked examples that show correct red team reasoning from reconnaissance through post-exploitation.

Yes, the CISSP signals foundational credibility, but what matters more is your hands-on domain. Cloud security expertise is specifically useful for evaluating AI outputs involving IAM policy misconfigurations, S3 bucket exposure scenarios, and cloud-native threat modeling. You will be matched to tasks that reflect your actual practice, not the broad exam syllabus.

No. The work involves evaluating and improving AI reasoning, not producing operational attack tooling. You may review or annotate model outputs that discuss vulnerability classes, MITRE ATT&CK techniques, or defensive gaps, but you will never be asked to write weaponized code or provide instructions targeting specific real-world systems.

Typical deliverables include AI-generated threat models, CVSS scoring rationale, incident response runbooks, YARA rules, Sigma detection logic, and narrative explanations of vulnerabilities sourced from CVE databases. You evaluate whether the model reasoned correctly, flag technical errors, and in some tasks write your own expert version as a reference example.

Certification level is one signal but not a hard gate. Terac weights demonstrated experience and sub-specialty alongside credentials, so a CEH holder with five years of active vulnerability assessment work will qualify for the same task tiers as an OSCP holder with comparable scope. During onboarding you complete a short technical screener that calibrates task difficulty to your actual skill level regardless of which cert you hold.

Why your expertise matters

Cybersecurity is one of the highest-stakes domains for AI because models are increasingly used to generate attack code, write firewall rules, triage vulnerability reports, and advise incident responders - any of those outputs can cause real harm if they are wrong or misused. A working practitioner knows the difference between a technically correct CVE description and one that omits the critical context an attacker would exploit, and can judge whether a model's suggested remediation would actually survive a red team exercise. That judgment, built from hands-on work with tools like Burp Suite, Splunk, or Metasploit, is exactly what AI labs need to calibrate models that are safe and genuinely useful in security contexts.

How pay works

Compensation within the $70-$200/hr band rises with the specificity and depth of your sub-specialty: practitioners with active red team, cloud security, or ICS/OT experience command rates toward the top, as do those who can evaluate AI outputs against real regulatory frameworks like NIST CSF, PCI DSS, or SOC 2. Work is fully remote and asynchronous, billed hourly, and paid out only after your submission is verified - there are no long-term commitments, and you can take on tasks that fit around your existing schedule.

What the work looks like

A sample of the cybersecurity and offensive security work you would pick up. Every project is scoped, remote, and paid on verified completion.

Review an AI-generated penetration test report and annotate every finding where the severity rating is miscalibrated or the recommended remediation would not survive a real exploit attempt.
Evaluate a model's step-by-step walkthrough of a SQL injection attack to verify technical accuracy, flag missing mitigations, and assess whether the explanation appropriately handles responsible-disclosure conventions.
Write a worked example of how you would triage a suspicious lateral-movement alert in a SIEM like Splunk or Microsoft Sentinel, narrating the reasoning you apply at each pivot so a model can learn the decision logic.
Score a set of AI-drafted threat models against a real application architecture, marking where the model missed attack surfaces that would be obvious to someone familiar with STRIDE or MITRE ATT&CK.
Stress-test a model's cloud security guidance by identifying configurations it recommends that conflict with CIS Benchmarks or would fail a standard AWS Security Hub audit.
Create a ground-truth incident timeline for a simulated ransomware scenario, annotating which forensic artifacts you would collect and why, so the dataset captures expert investigative reasoning rather than just procedure steps.