About the role

We are looking for a skilled and creative AI Red Team Engineer to join our offensive security team. In this role, you will simulate real-world adversaries, exploit vulnerabilities across applications, cloud infrastructure, and AI/ML systems using both traditional penetration testing techniques and cutting-edge AI-augmented attack tooling.

You will operate across the full attack surface: web apps, APIs, mobile, internal networks, and AI-powered products including LLM pipelines, model APIs, agents, and RAG systems. You will help us find the flaws before the adversaries do, and work closely with engineering and product teams to close those gaps.
Duties and Responsibilities:
AI & LLM Security Testing

• Design and execute adversarial attacks against large language model (LLM)-powered products including prompt injection, jailbreaking, goal hijacking, and context manipulation.
• Test retrieval-augmented generation (RAG) pipelines for data exfiltration, poisoning, and unauthorized knowledge extraction.
• Assess AI agent systems and agentic workflows for unsafe tool-use, privilege escalation, and indirect prompt injection via environment feedback.
• Conduct model extraction, membership inference, and adversarial example attacks against deployed ML models.
• Evaluate AI guardrails, safety filters, and content moderation layers for bypass techniques.

Penetration Testing & Ethical Hacking

• Perform full-scope penetration tests across web applications, REST/GraphQL APIs, mobile apps (iOS/Android), cloud environments (AWS, GCP, Azure), and internal networks.
• Conduct red team exercises simulating advanced persistent threat (APT) actors using MITRE ATT&CK and AI-augmented techniques.
• Exploit vulnerabilities across the OWASP Top 10 and beyond: SSRF, IDOR, XXE, SSTI, authentication bypasses, and logic flaws.
• Perform social engineering and phishing simulations as part of combined red team campaigns.
• Conduct cloud and Kubernetes security assessments including IAM misconfigurations, container escapes, and privilege escalation paths.

AI-Augmented Attack Operations

• Leverage AI models and tools (e.g., LLMs, code generation, fuzzing assistants) to accelerate vulnerability discovery, payload crafting, and exploit development.
• Build or adapt AI-powered reconnaissance, exploitation, and evasion tooling for internal use in red team engagements.
• Stay current with adversarial AI research and translate academic findings into practical red team techniques.
• Use AI to automate repetitive testing tasks and generate novel attack variants at scale.

Qualifications and Skills:

• 7+ years of hands-on penetration testing and offensive security experience in a professional setting
• Demonstrated experience testing AI/ML systems, LLM-powered products, or AI APIs
• Experience conducting red team engagements
• Scripting and tool development
• Strong understanding of authentication protocols and common implementation flaws
• Familiarity with cloud security architectures and common misconfigurations
• Working knowledge of Docker/Kubernetes and container security
• Understanding of LLM architectures and how they relate to attack surfaces.
• Familiarity with OWASP LLM Top 10
• Practical experience with prompt injection and jailbreak techniques against LLMs
• Ability to use LLMs as force-multipliers in red team workflows

Preferred Qualifications

• Certifications: OSCP, OSEP, CRTO, CRTE, PNPT, CEH, GPEN, GWAPT, or equivalent
• Experience with adversarial ML frameworks
• Contributions to open-source security tooling or published CVEs / bug bounty hall-of-fame credits
• Familiarity with AI governance frameworks
• Experience with GenAI infrastructure
• Background in threat modeling for AI-powered applications
• Reverse engineering skills for binary and mobile assessments
• CTF participation or competitive hacking experience

#LI-Remote #LI-MK1

The US national base salary range for this full-time position is $152,000 - $269,000. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.

Please note that the compensation details listed in US role postings reflect the base salary only and do not include applicable bonus, equity, or benefits.

You can find further details of our US benefits at https://www.ethoslife.com/careers/

Don't meet every single requirement? If you're excited about this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. At Ethos we are dedicated to building a diverse, inclusive and authentic workplace.