AI Offensive Security Engineer
Role details
Job location
Tech stack
Job description
- Offensive AI Research: Design and execute adversarial attacks against production AI/ML systems - including prompt injection and traditional vulnerabilities
- Red Team Operations: Lead AI-focused red team engagements: threat model targets, develop attack chains, execute, and deliver actionable findings
- Tool Development: Build, maintain, and document offensive security tooling for AI system testing - attack harnesses, fuzzing frameworks, automated vulnerability scanners, and agentic attack simulations
- Vulnerability Research: Discover novel attack techniques against LLMs, multimodal models, agentic pipelines, and AI-integrated applications; contribute findings to the broader security community
- Exploit Development: Develop proof-of-concept exploits for discovered vulnerabilities and work with engineering teams on remediation validation
- Automation & Scale: Integrate offensive testing into pipelines and security review workflows so AI red teaming is continuous, not point-in-time
- Knowledge Transfer: Document TTPs, author internal playbooks, and mentor other team members on AI attack techniques, * Builder Mentality - You default to automating and tooling your work, not doing it manually twice
- Curiosity & Depth - You dig until you find the root cause; you're not satisfied with surface-level findings
- Independent Operator - You can own a full engagement from scoping through remediation without heavy oversight
- Adaptability - The AI attack surface changes weekly; you stay current and evolve your techniques accordingly
- Collaborative - Offensive results matter only if they drive fixes; you work closely with defenders and engineers to close gaps
Requirements
Do you have experience in Vuls?, * 5+ years in offensive security, penetration testing, or red teaming
- Strong software engineering skills - you write production-quality tools, not just scripts (Python required; Java, or JavaScript a plus)
- Background in traditional appsec/web pentesting (Burp Suite, fuzzing, auth bypass) - many AI vulnerabilities are classic vulns in new wrappers
- Cloud security experience across AWS, GCP, or Azure - including container/Kubernetes environments and cloud-hosted AI services
- Ability to independently scope, execute, and report on offensive engagements
- Strong written communication - clear, technically precise findings reports, * Hands-on experience attacking LLMs/GenAI systems, ML pipelines, APIs, or cloud-hosted AI services
- Knowledge of common failure modes of AI agents and LLMs, risks and exploitation techniques
- Experience with agentic AI frameworks, technologies and their attack surfaces
- Familiarity with MLOps tooling, model serving infrastructure, and vector databases
Benefits & conditions
Pulled from the full job description
- Parental leave
- Paid time off
- RSU, $136,000 - $228,600
Base pay offered may vary depending on multiple individualized factors, including location, skills, and experience. The total compensation package for this position may also include other elements, including a target bonus and restricted stock units (as applicable) in addition to a full range of medical, financial, and/or other benefits (including 401(k) eligibility and various paid time off benefits, such as PTO and parental leave). Details of participation in these benefit plans will be provided if an employee receives an offer of employment.
If hired, employees will be in an "at-will position" and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors.
Remote roles are not eligible for U.S. visa sponsorship.