Responsibilities
• Conduct offensive security assessments on large-scale web applications, REST APIs, and cloud-backed services.
• Identify and validate vulnerabilities including injection flaws, access control issues, authentication/authorization weaknesses, SSRF, deserialization, and logic bugs.
• Evaluate LLM-based systems and AI agents for prompt injection, data exfiltration, model abuse and jailbreaks
• Design and execute red team–style engagements simulating real-world adversaries.
• Develop custom exploitation tools, PoCs, and fuzzers for web and AI attack surfaces.
• Identify systemic security weaknesses and collaborate with engineering teams to drive long-term mitigations.
• Review architectures and designs for new products with an attacker mindset.
• Produce clear, actionable security reports and present findings to technical and executive stakeholders.
Minimum Qualifications
• Master’s degree in Computer Science, Computer Engineering, Information Security, or a closely related technical field.
• Doctorate (PhD) in a relevant field is a plus but not required.
• 5+ years of experience in offensive security, penetration testing, or red teaming.
• Deep expertise in web application security.
• Strong understanding of API security.
• Hands-on experience testing AI/ML or LLM-based systems, or strong motivation with demonstrated research in this area.
• Proficiency in at least one scripting or programming language (Python, Go, JavaScript, or similar).
• Strong knowledge of common exploitation techniques and attacker tooling.
Preferred Qualifications
• Prior work on adversarial ML, red-teaming AI systems, or secure LLM pipeline design.
• Experience with cloud security (AWS, Google Cloud Platform, Azure) and containerized environments.
• Background in security research, published CVEs, CTF experience, blog posts, or conference talks.
• OSCP, OSEP, OSWE, CRTO, or similar.
Master’s degree in Computer Science, Computer Engineering, Information Security, or a closely related technical field.
What We Look For
• An attacker-first mindset with strong engineering discipline.
• Ability to go beyond scanners and find novel, high-impact vulnerabilities.
• Clear communicator who can translate complex exploits into actionable fixes.
• Curiosity about emerging threats, especially in AI security.
• Ownership mentality and comfort operating in ambiguous problem spaces.
Never miss an opportunity! Create an alert based on the job you applied for.
