Mercor has quietly built a reputation as one of the more interesting players in AI talent infrastructure. The San Francisco-based company connects elite technical professionals with leading AI research labs, and its latest opening for a Penetration Tester paying up to $2,150 per completed task is drawing attention from cybersecurity professionals across the United Kingdom.
This is not a traditional penetration testing role. The position sits at the intersection of cybersecurity expertise and AI evaluation work. Understanding what that means day-to-day is key before applying.
What Mercor Actually Does
Mercor operates as a talent layer for the AI economy. The company sources specialists in creative and technical fields and matches them with AI research labs needing real-world expertise. Its investor list includes Benchmark, General Catalyst, Peter Thiel, Adam D'Angelo, Larry Summers, and Jack Dorsey. That backing signals serious resources and long-term ambition.
The business model is built around human evaluation of AI outputs. Research labs need subject matter experts to validate, label, and critique what their models produce. Mercor supplies those experts on a contract basis.
The Role Itself: What You Actually Do
The Penetration Tester or Cybersecurity Expert role is fully remote and contract-based. Work is structured around task completion rather than fixed hours. Each completed task earns between $1,750 and $2,150, depending on quality.
Daily responsibilities are varied and technically demanding. Here is what the work covers:
- Reviewing and evaluating AI-generated outputs related to threat analysis, vulnerability assessment, and security architecture
- Creating realistic cybersecurity scenarios such as incident response runbooks and penetration testing reports
- Annotating and labeling data across use cases like CVE classification accuracy and SIEM alert triage
- Providing structured feedback on AI accuracy across frameworks like NIST CSF and MITRE ATT&CK
- Validating threat intelligence standards including STIX/TAXII
- Collaborating asynchronously with research teams to refine AI evaluation frameworks
The work demands genuine expertise. You are not clicking through basic checklists. You are applying enterprise-level security knowledge to assess whether AI models are producing accurate, usable outputs.
Company Culture at Mercor
Mercor's culture reflects its San Francisco roots. The company prizes precision, quality, and output over face time. There is no traditional office hierarchy to navigate. Contractors are evaluated almost entirely on the quality of their work.
The asynchronous nature of the role shapes everything. Communication happens through written channels, not Zoom calls. That suits professionals who prefer focused, deep work over constant meetings.
Top performers receive weekly performance bonuses. That incentive structure reflects a culture where results are recognized quickly. Mercor is not a place where good work disappears into a bureaucratic void.
Work Environment: Remote and Flexible
The role is fully remote, open to professionals based in the United Kingdom. There are no set hours. Work is organized around tasks, and you complete them at your own pace within deadlines.
That flexibility is a genuine advantage for experienced professionals balancing other commitments. A senior penetration tester with consulting clients, for example, can fit this work into available windows. The pay structure rewards quality over volume.
Remote work at Mercor does require strong self-management. Without a manager checking in daily, you stay accountable through the output itself. Tasks are evaluated on accuracy, depth, and usefulness to the research team.
Team Structure and Collaboration
Contractors working with Mercor sit within a distributed network of technical specialists. You collaborate with AI research teams asynchronously. There is no single reporting manager in the traditional sense.
The research teams you support are building and refining AI systems for cybersecurity applications. Your feedback directly shapes how those models learn and improve. That gives the work a meaningful layer beyond simple data annotation.
Communication is structured and written. Mercor provides resources and frameworks to guide evaluation tasks. The expectation is that you come in with deep domain expertise and apply it independently.
Who Is a Good Fit for This Role
Mercor sets a clear experience bar. The role requires 3 or more years of professional cybersecurity experience at an enterprise organization, MSSP, consultancy, or government or defense environment. That is not a soft requirement. The work demands real operational context.
Relevant backgrounds include:
- SOC analysis and security operations
- Incident response and DFIR
- Penetration testing
- Threat intelligence and threat hunting
- Security architecture
Beyond technical background, strong analytical thinking and clear written communication are essential. You need to translate complex security operations into structured, readable evaluation tasks. That is a specific skill not every technical professional has developed.
Certifications That Strengthen Your Application
Mercor lists several preferred certifications for this role. None are strictly required, but holding one or more meaningfully strengthens your profile. The most valued credentials include:
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CEH (Certified Ethical Hacker)
- OSCP (Offensive Security Certified Professional)
- GIAC certifications
- CompTIA Security+
Professionals with OSCP or GIAC credentials are especially well-positioned. Those certifications signal exactly the kind of hands-on, technical depth the role demands.
Compensation Structure: Understanding the Pay
The pay model here is different from a standard hourly contract. Each completed task pays between $1,750 and $2,150. Task quality determines where within that range your payment lands.
Top performers also earn a weekly performance bonus. High-quality, consistent contributors may transition to an hourly compensation model over time. That hourly path offers more predictable income for sustained performers.
For part-time work, the earnings potential is significant. A single high-quality task pays more than many professionals earn in a full week at traditional roles. The trade-off is that income depends entirely on output and quality.
Growth Opportunities Within Mercor
Growth at Mercor looks different than at a traditional employer. There is no promotion ladder. Instead, growth comes through expanding influence on AI research, gaining access to more complex tasks, and transitioning into the higher-value hourly compensation tier.
The exposure itself carries professional value. Working at the edge of cybersecurity and AI development gives contractors insight into how AI models handle security tasks. That knowledge is increasingly relevant as AI tools enter the security operations space.
Strong performers build a track record within Mercor's network. That reputation can open doors to additional projects and higher-paying engagements over time.
Work-Life Balance Considerations
The flexibility of this role is a genuine strength for work-life balance. You set your own schedule, work remotely, and take on tasks when capacity allows. There are no mandatory check-ins or rigid availability requirements.
The asynchronous collaboration model removes the pressure of real-time responsiveness. You engage with research teams on your timeline, within reasonable task windows. That structure suits professionals who value control over their schedule.
The challenge is that variable income requires planning. Task-based pay means earnings fluctuate. Professionals treating this as a primary income source need to manage that variability carefully. As a part-time supplement to existing work, the balance works well for most experienced practitioners.
How to Apply
The application process takes roughly 20 to 30 minutes. You upload your resume, complete an AI-based interview drawn from your experience, and submit the application form. The process is streamlined and designed to move quickly.
Cybersecurity professionals with enterprise or consultancy backgrounds, strong written communication, and relevant certifications are the strongest candidates. If you meet those criteria, this part-time opportunity with Mercor is worth exploring directly at this application link.
