AI Data Annotator, Cybersecurity

About ProtocolClear

ProtocolClear is an independent, principal-led consultancy in security, privacy, AI governance, and compliance. We operate an in-house, Lagos-based annotation and security team that produces high-quality human judgement for AI training. This role fills a specific gap: we need annotators who actually understand cybersecurity, so we can label and evaluate security-domain data correctly. Security made clear is how we work, and on this stream it is also the subject matter.

About the role

This is specialized, domain-expert annotation for security, privacy, and governance content used to train and evaluate AI systems. You will judge whether a model's answer to a security question is technically correct, label security-relevant content, perform RLHF-style preference and quality judgements on cybersecurity, privacy, and governance outputs, label harm and safety in a security context, and work with adversarial material including prompt-injection, jailbreak, and other attack examples. The founder, an AI security architect, supplies the rubric. Your job is to apply real cybersecurity knowledge to that rubric consistently and defensibly. Note for candidates: this stream is launching on a rubric-based pattern (higher per-task pay, longer estimated time per task) and will be restructured when the client's exact terms are confirmed.

The standard your work is held to

Your work is held to a five-star client standard, and on security content the bar for technical accuracy is unforgiving. A response that sounds right but is technically wrong, a misstated control, a confused threat model, an unsafe instruction labeled safe, is an error, and errors are rejected, not paid, traced to the annotator, redone on your own time, and penalized. You are expected to distinguish a genuinely correct, well-reasoned security answer from a confident, plausible, wrong one. You must apply the harm and safety taxonomy exactly, recognize when an adversarial prompt has actually bypassed a model's safety behaviour, and never let surface wording (technical jargon, an authoritative tone) substitute for correctness. When the rubric is genuinely ambiguous on a security edge case, you flag it rather than guessing.

What you will do

• Evaluate model responses to security, privacy, and compliance questions for technical accuracy and completeness.
• Label security-relevant content against the supplied taxonomy.
• Perform pairwise and rubric-based preference judgements (RLHF) on cybersecurity outputs.
• Apply harm and safety labels to security content, including dual-use material where harm depends on context.
• Label prompt-injection, jailbreak, and adversarial examples by attack type and judge whether a model response was a safe refusal, a partial failure, or a full bypass.
• Assess whether security guidance in a model output is sound or dangerous.
• Write short rationales tying each judgement to the rubric.
• Maintain agreement with other security annotators.

What we are looking for (required)

• A real cybersecurity background: hands-on or studied knowledge of core security concepts, common attack vectors, web and network security, and a working grasp of security governance and privacy.
• The ability to tell technically correct security content from plausible-sounding error.
• Familiarity with prompt-injection and jailbreak concepts at a practitioner level, or the ability to learn the taxonomy quickly and apply it precisely.
• Strong reasoning and English comprehension.
• Discipline to apply a rubric consistently.
• Comfort working screen-proctored, camera on, one device.
• A personal laptop and reliable backup power.
• Willingness to sign an NDA on all client data and to handle adversarial and harmful content professionally.
• No use of unauthorized AI tools on the work.

Nice to have (preferred)

• Recognized security certifications (for example Security+, CEH, or higher).
• Practical experience in a SOC, GRC, application security, or penetration testing.
• Familiarity with frameworks such as NIST, ISO 27001, or the OWASP and NIST AI risk material.
• Prior RLHF, red-teaming, or model-evaluation experience.
• A coding or systems background that helps you judge technical security content.
• Experience writing security findings or rationales.

Compensation

The package combines a monthly base, an internet and power stipend, per-task output pay for accepted work, and performance kickers for sustained quality. Because this is specialized, domain-expert work, the range sits above general annotation. Provisional realistic monthly earnings run from about ₦250,000 for light accepted output up to about ₦1,500,000 for sustained full output at five-star quality, including base, stipend, and kickers. This range is provisional and will be restructured when the client's exact per-task terms for the security stream arrive. The first three months are a paid trial at per-task rates plus stipend.

How we work

Remote, full-time, on Lagos working hours, with coordination on the project tool and WhatsApp. Screen-proctored, camera on, one device. No unauthorized AI tools on the work. NDA on all client data. Approved tools only. You provide your own laptop and backup power; ProtocolClear provides an internet and power stipend, not equipment. Adversarial and harmful content is handled inside approved systems and never copied out.

<