$70-$200/hr cybersecurity and offensive security work, on your schedule
Review AI exploits and detections: confirm what pops a box, flag the detection that misses, walk the kill chain a model glosses over. Your sense for how systems get owned. Paid hourly, remote, a few hours a week.
Trusted by top research companies
Hi, we're Zac and Jack, the founders of Terac. We want to talk to you directly, because you are the most important part of what we're building.
Terac is a community of experts. People who have spent years getting good at something specific and hard. The world is about to need more of you, not less. As AI takes on more of the world's work, the bottleneck shifts to the people who actually know what they're talking about.
Expert labor is the rarest resource in the world right now, and it is shockingly hard to find. The companies that need a pentester's eye on a subtle auth bypass spend weeks chasing people, paying placement fees, and settling for whoever is available. Meanwhile thousands of qualified people are sitting with knowledge that no one ever asks for.
That gap is what we're here to close. Every project that lands on Terac is routed to the people who actually know the answer, on their schedule, paid fairly, and only when the work is verified. No middleman taking a cut of your time. No vague gigs. No chasing checks.
We care about every single person in this community. If you join Terac, you're not a row in a database to us. We read the feedback. We answer the emails. We will fight for you when a customer is being unreasonable, and we will be honest with you when something on our side is broken. The quality of this panel is our entire company, and we owe you a serious bar.
If you've made it this far, here is what we're asking: claim your profile. Put your expertise on the record. Let the world's most ambitious teams come find you for the work only you can do.
Cybersecurity questions
Still curious? Write to us at support@terac.com.
Offensive specialists are among the most in-demand contributors, because models are actively trained on pen testing methodology, CVE analysis, and adversarial tradecraft. Your work includes reviewing AI exploit chains, checking the accuracy of vulnerability research, and writing worked examples of correct red team reasoning from recon through post-exploitation.
Yes. The CISSP signals foundational credibility, but your hands-on domain matters more. Cloud security is specifically useful for IAM misconfigurations, S3 bucket exposure, and cloud-native threat modeling. You are matched to tasks that reflect your actual practice, not the broad exam syllabus.
No. The work is evaluating and improving AI reasoning, not producing operational tooling. You may review model outputs that discuss vulnerability classes, MITRE ATT&CK techniques, or defensive gaps, but you will never write weaponized code or instructions targeting specific real-world systems.
Typically AI threat models, CVSS scoring rationale, incident response runbooks, YARA rules, Sigma detection logic, and narrative CVE explanations. You judge whether the model reasoned correctly, flag technical errors, and in some tasks write your own expert version as a reference.
Cert level is one signal, not a hard gate. Terac weights demonstrated experience and sub-specialty alongside credentials, so a CEH holder with five years of active vulnerability assessment qualifies for the same tiers as an OSCP holder of comparable scope. A short technical screener at onboarding calibrates difficulty to your real skill, whatever cert you hold.
Why your expertise matters
Models now write attack code, firewall rules, and remediation advice, and a wrong output causes real harm. A practitioner knows when a CVE description omits the context an attacker would exploit, and whether a fix survives a red team. That judgment, built on hands-on Burp Suite, Splunk, and Metasploit work, calibrates a model that is safe and useful.
How pay works
The $70-$200 band rises with sub-specialty depth: active red team, cloud security, or ICS/OT experience commands the top, as does evaluating outputs against NIST CSF, PCI DSS, or SOC 2. Work is remote and async, billed hourly, and paid only after your submission is verified. No long-term commitments.
What the work looks like
A sample of the cybersecurity and offensive security work you would pick up. Every project is scoped, remote, and paid on verified completion.
- Review a model's pen test report and annotate every finding where severity is miscalibrated or the fix would not survive a real exploit attempt.
- Evaluate a model's SQL injection walkthrough for technical accuracy, missing mitigations, and whether it respects responsible-disclosure conventions.
- Write a worked example of triaging a lateral-movement alert in Splunk or Microsoft Sentinel, narrating your reasoning at each pivot.
- Score AI threat models against a real application architecture, marking attack surfaces missed by someone who knows STRIDE or MITRE ATT&CK.
- Stress-test a model's cloud security guidance for configs that conflict with CIS Benchmarks or fail an AWS Security Hub audit.
- Build a ground-truth incident timeline for a simulated ransomware scenario, annotating which forensic artifacts you collect and why.
Specialties we match
Cybersecurity projects span a wide range of focus areas. Tell us where you go deep and we route the work that fits.
- Penetration testing
- Threat modeling
- Incident response
- SIEM and log analysis
- Cloud security (AWS/Azure/GCP)
- Vulnerability management
- Red team / adversarial simulation
- Malware analysis and reverse engineering
- Network security and packet analysis
- Identity and access management (IAM)
- ICS/OT and critical infrastructure security
- Compliance and risk frameworks (NIST, PCI DSS, SOC 2)
