Job Description

Key Responsibilities:

Penetration Testing and Red Teaming:

• Conduct comprehensive penetration testing and red teaming exercises on systems, networks, applications, mobile platforms, and AI/ML environments to identify vulnerabilities and potential entry points for attackers.
• Perform AI system and model penetration testing, focusing on adversarial attacks, prompt injection, data poisoning, and model inversion vulnerabilities.
• Assess AI pipelines, APIs, and LLM-based integrations for misuse, data leakage, and unauthorized access risks.
• Develop and execute custom tools and scripts to automate testing and exploitation processes.
• Analyze and report on findings, providing detailed explanations of vulnerabilities and recommended remediation steps.
• Simulate advanced persistent threats (APTs) to test the resilience of security controls and incident response capabilities.
• ASM: Continuously discover and catalog all assets, including hardware, software, and network components.
• ASM: Monitor the attack surface for changes and potential vulnerabilities, using automated tools and manual assessments.

Vulnerability Assessment:

• Perform thorough vulnerability assessments to identify and prioritize security weaknesses.
• Utilize industry-standard tools such as Qualys, Nessus or Nexpose and methodologies to uncover vulnerabilities in various environments.
• Provide actionable recommendations for remediation and mitigation strategies.

Patch management

• Support AI-specific vulnerability scanning and review of data pipelines or model endpoints.

Threat Modeling and Risk Assessment:

• Develop and maintain a comprehensive understanding of systems, networks, applications, and AI models to identify potential exploitation paths.
• Conduct threat modeling and risk assessments to identify potential attack vectors and vulnerabilities
• Develop and maintain a comprehensive understanding of our systems, networks, and applications to identify potential vulnerabilities
• Provide recommendations for remediation and mitigation strategies

Incident Response and Crisis Management:

• Participate in security incident response and crisis management efforts as needed
• Collaborate with incident response teams to contain and remediate security incidents
• Provide technical expertise and guidance during incident response efforts

Security Research and Development:

• Research and develop adversarial testing techniques for AI models, including LLM prompt manipulation and training data leakage.
• Stay up to date with the latest security threats and trends, and adapt testing methodologies accordingly
• Develop and maintain a comprehensive knowledge of industry-leading security tools and technologies
• Participate in security research and development efforts to identify and develop new testing techniques and methodologies

Collaboration and Communication:

• Collaborate with development teams to implement security patches and fixes
• Provide technical guidance and support to development teams on security-related issues
• Communicate complex technical information to non-technical stakeholders in a clear and concise manner

Key Responsibilities:

Penetration Testing and Red Teaming:

• Conduct comprehensive penetration testing and red teaming exercises on systems, networks, applications, mobile platforms, and AI/ML environments to identify vulnerabilities and potential entry points for attackers.
• Perform AI system and model penetration testing, focusing on adversarial attacks, prompt injection, data poisoning, and model inversion vulnerabilities.
• Assess AI pipelines, APIs, and LLM-based integrations for misuse, data leakage, and unauthorized access risks.
• Develop and execute custom tools and scripts to automate testing and exploitation processes.
• Analyze and report on findings, providing detailed explanations of vulnerabilities and recommended remediation steps.
• Simulate advanced persistent threats (APTs) to test the resilience of security controls and incident response capabilities.
• ASM: Continuously discover and catalog all assets, including hardware, software, and network components.
• ASM: Monitor the attack surface for changes and potential vulnerabilities, using automated tools and manual assessments.

Vulnerability Assessment:

• Perform thorough vulnerability assessments to identify and prioritize security weaknesses.
• Utilize industry-standard tools such as Qualys, Nessus or Nexpose and methodologies to uncover vulnerabilities in various environments.
• Provide actionable recommendations for remediation and mitigation strategies.

Patch management

• Support AI-specific vulnerability scanning and review of data pipelines or model endpoints.

Threat Modeling and Risk Assessment:

• Develop and maintain a comprehensive understanding of systems, networks, applications, and AI models to identify potential exploitation paths.
• Conduct threat modeling and risk assessments to identify potential attack vectors and vulnerabilities
• Develop and maintain a comprehensive understanding of our systems, networks, and applications to identify potential vulnerabilities
• Provide recommendations for remediation and mitigation strategies

Incident Response and Crisis Management:

• Participate in security incident response and crisis management efforts as needed
• Collaborate with incident response teams to contain and remediate security incidents
• Provide technical expertise and guidance during incident response efforts

Security Research and Development:

• Research and develop adversarial testing techniques for AI models, including LLM prompt manipulation and training data leakage.
• Stay up to date with the latest security threats and trends, and adapt testing methodologies accordingly
• Develop and maintain a comprehensive knowledge of industry-leading security tools and technologies
• Participate in security research and development efforts to identify and develop new testing techniques and methodologies

Collaboration and Communication:

• Collaborate with development teams to implement security patches and fixes
• Provide technical guidance and support to development teams on security-related issues
• Communicate complex technical information to non-technical stakeholders in a clear and concise manner

• A bachelor’s degree in computer Science, or a related field is required.
• OSCP, CEH, CRTP or other relevant certifications
• Minimum of 5+ years of experience in penetration testing, vulnerability assessment, or a related field
• Strong understanding of networking protocols, operating systems, and applications
• Proficiency in programming languages such as Python, C++, or Java
• Experience with penetration testing frameworks and tools such as Nmap, Nessus, Burp Suite, or Metasploit
• Strong analytical and problem-solving skills
• Excellent communication and reporting skills
• Ability to work independently and as part of a team
• Strong attention to detail and ability to maintain accurate records
• Ability to work in a fast-paced environment with tight deadlines

Additional Requirements:

• Experience with AI Penetration Testing and LLM Red Teaming.
• Knowledge of adversarial ML, AI governance, and AI model assurance frameworks (e.g., NIST AI RMF, ISO/IEC 23894).
• Experience with cloud-based technologies and cloud security
• Familiarity with Agile development methodologies
• Strong understanding of compliance and regulatory requirements (e.g., GDPR, PCI-DSS)
• Experience with security orchestration, automation, and response (SOAR) tools
• Familiarity with threat intelligence and threat hunting