Senior Engineer, Offensive Security
Role details
Job location
Tech stack
Job description
- First 90 days: ramp on the agent platform and the offensive service lines; deliver your first engagements (a penetration test and a purple-team exercise) and ship one improvement to the agentic tooling that you used during them.
- By 6 months: ship at least one AI-driven tool that a service line adopts into its live workflow, with metrics showing coverage or turnaround gains; run a red-team operation end to end.
- By 12 months: stand up repeatable adversarial testing for at least one of the enterprise's own AI systems; establish an evaluation approach that tracks your tooling's autonomous success against representative targets; become a go-to for both building and operating across the team.
Why this role, and why here
- Build and operate (both, for real). Most offensive roles let you build or operate. This one is explicitly both: you ship the software and you run the engagements, so your tooling is shaped by someone who actually uses it.
- A program that's already serious about AI. Fridays are dedicated to R&D. You'll have Hack The Box Pro Labs, all HTB role-based paths and certifications, discretionary certification funding, and conference/training budgets. You'll work alongside the Lead of our new AI & Offensive Tooling capability-contributing to the platform they own while running your own engagements.
- Mission that matters. Offensive Security identifies weaknesses so the business can fix them before adversaries exploit them, protecting the data and care of millions of people. AI is entering both our adversaries' tradecraft and our own operations faster than traditional tooling keeps up; you help keep us ahead., You'll work with considerable autonomy on moderately complex engagements and influence the team's technical direction through your expertise. You'll embed with each service line and the AI & Tooling Lead rather than build in isolation; ship software with engineering rigor (reproducibility, evaluation, safety guardrails, human-in-the-loop where offensive operations demand it); deliver findings and tooling with reproduction steps, severity, business impact, and remediation; track risk in the enterprise risk platform; and operate within the organization's acceptable-use-of-AI policies and offensive security rules of engagement.
Work at Home Requirements To ensure Home or Hybrid Home/Office employees' ability to work effectively, the self-provided internet service of Home or Hybrid Home/Office employees must meet the following criteria: At minimum, a download speed of 25 Mbps and an upload speed of 10 Mbps is required; wireless, wired cable or DSL connection is suggested. In certain roles, the minimum recommended internet speed required by Humana may not be sufficient for business needs. Humana reserves the right to require associates to upgrade their internet service if necessary. Work from a dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information. Travel: While this is a remote position, occasional travel to Humana's offices for training or meetings may be required.
Scheduled Weekly Hours
40
Requirements
We're hiring for a genuinely hybrid skill set, real offensive operations and real AI engineering. You do not need to check every box below. We expect depth in one half and real credibility plus a desire to grow in the other, not day-one mastery of both. If you're a strong offensive operator who has built real AI tooling, or a strong AI/agent builder with serious hands-on offensive experience, we want to hear from you., * Offensive operations experience: 4+ years in roles such as Red Team, Penetration Testing, Purple Team / control validation, or Bug Bounty, with a track record of delivering engagements end to end: scoping, execution, and clear written findings.
- Production Python engineering: you build and operate real tooling, not only one-off scripts.
- You've built with agentic AI: hands-on designing, building, or operating AI agents or LLM applications: agentic workflows, tool/function-calling, and orchestration. (We care about what you've shipped and operated, not years on a particular framework-these frameworks are only a few years old.)
- You've attacked AI: hands-on testing of AI/ML systems: prompt injection, jailbreaking, and adversarial techniques.
- Cloud fluency: production experience with at least one major Cloud Service Provider (AWS, GCP, or Azure)., * Built autonomous or semi-autonomous offensive agents, LLM-driven penetration-testing agents, or reinforcement-learning exploit and attack-path planners.
- Red-team tradecraft: C2 frameworks (e.g. Cobalt Strike , Sliver , Mythic ), evasion and OPSEC, and testing endpoints protected by modern EDR/XDR .
- Purple-team and adversary-emulation fluency: MITRE ATT&CK , and platforms such as VECTR or Atomic Red Team .
- Hands-on with AI red-teaming frameworks such as PyRIT or Garak , and fluent in MITRE ATLAS , the OWASP Top 10 for LLM Applications , and the NIST AI Risk Management Framework .
- Model Context Protocol (MCP), building clients/servers, or testing them and RAG pipelines for tool/prompt-injection abuse.
- Cloud penetration-testing depth or multi-cloud breadth; threat-intelligence-driven operations; depth in an advanced offensive specialty (malware development, advanced red-team operations, or adversarial ML research).
- Published research, open-source contributions, or talks at DEF CON (incl. the AI Village / Generative Red Team), BSides, x33fcon, or Black Hat, or strong showings in AI-security competitions like HackAPrompt.
- Certifications are a plus, not a gate, offensive (e.g. OSCP, OSEP, OSED, OSCE3, CRTO, CRTL, CPTS, CWES, CWEE, CAPE) and emerging AI-security (e.g. the OffSec AI Red Teamer (OSAI / AI-300), the SANS/GIAC AI security line, the HTB AI Red Teamer path).
Benefits & conditions
The compensation range below reflects a good faith estimate of starting base pay for full time (40 hours per week) employment at the time of posting. The pay range may be higher or lower based on geographic location and individual pay will vary based on demonstrated job related skills, knowledge, experience, education, certifications, etc.
$117,600 - $161,700 per year
This job is eligible for a bonus incentive plan. This incentive opportunity is based upon company and/or individual performance.
Description of Benefits
Humana, Inc. and its affiliated subsidiaries (collectively, "Humana") offers competitive benefits that support whole-person well-being. Associate benefits are designed to encourage personal wellness and smart healthcare decisions for you and your family while also knowing your life extends outside of work. Among our benefits, Humana provides medical, dental and vision benefits, 401(k) retirement savings plan, time off (including paid time off, company and personal holidays, paid parental and caregiver leave), short-term and long-term disability, life insurance and many other opportunities.