We are seeking a hands-on Staff Security Engineer for our Red Team with deep technical expertise in running AI-driven adversary operations that measurably improve detection and response processes. You'll execute at the intersection of offensive security and AI, developing novel Red Team capabilities and running operations against AI-powered systems. This role is responsible for working with other stakeholders in planning, executing, and delivering Red Team, Purple Team, and other Adversary Emulation operations. Outcomes will directly inform detection engineering, incident response readiness, and control validation. You will be responsible for the testing/evaluation of AI applications and agents as well as the leveraging of agentic AI to gain efficiencies for Red Team and penetration testing efforts. Success in this role means you can champion operations end-to-end: shape the scope and objectives, define safety controls and deconfliction, build or tailor emulation plans, execute advanced operator tradecraft in authorized environments, and deliver clear findings mapped to TTPs, telemetry gaps, and detection opportunities. You are someone with progressive experience on Offensive Security operations who can consistently translate realistic adversary behavior into practical defensive improvements and repeatable emulation capability. This role offers a unique opportunity to expand your influence, forge critical alliances, and lead the evolution of Adversary Emulation programs in a fast-paced environment. Your impact will be felt across the organization as we strengthen our defenses against ever-evolving cyber threats through simulation of real-world cyberattacks and attempts to breach the organization's defenses. Responsibilities: - Participate in AI-focused adversary operations: plan, execute and deliver Red Team, Purple Team and other Adversary Emulation operations. - Scope and design operations: define objectives, target scope, success criteria, safety controls. - Develop and run emulations: build, customize, and execute emulation plans using platforms such as MITRE Caldera, or similar products. - Execute advanced AI-leveraged tradecraft across enterprise environments (identity, endpoints, networks, cloud, SaaS) in a controlled, measurable way. - Partner with defenders: work directly with Detection Engineering, Threat Intelligence, and Risk Management to validate telemetry coverage, tune detections, improve response playbooks, and close visibility gaps. - Champion continuous improvement and innovation in adversary operations techniques, tools, and methodologies. Required Qualifications: - 8+ years of experience in Offensive Security operations. - 5+ years of hands-on experience running Red Team, Purple Team, and other Adversary operations in enterprise environments. - Deep understanding of LLM architecture and familiarity with how models process input, manage context, and generate output. - Experience with AI frameworks and tools such as PyTorch, TensorFlow, Hugging Face, and LangChain. - Experience with Azure, AWS, GCP or other cloud providers. - Strong working knowledge of MITRE ATLAS and ATT&CK, and the ability to translate TTPs into repeatable emulations and measurable detection outcomes. - Hands-on experience with adversary emulation platforms, including building/maintaining emulations and running operations. - Demonstrated capability with core operator tradecraft (C2, payload delivery, privilege escalation, lateral movement, persistence, and operational security) appropriate to authorized testing. - Extensive use of red team frameworks: Cobalt Strike, Sliver, Metasploit, Empire, BloodHound. Preferred Qualifications: - OSCP, OSCE, CRTO, CISSP, or relevant Red Team/offensive security certs. - GIAC Penetration Testing, Red Team certifications (GCTI, GPEN, GXPN) a plus. - Breadth and depth of knowledge in security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting and programing. - Advanced level knowledge of Linux/Mac/Windows operating systems, AWS/Azure cloud environments and cloud-native resources (ex. Containers, Kubernetes, microservices, serverless functions). - Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections. Education: - Bachelor's degree in Cybersecurity, Computer Science or a related field. Annual Salary $110,000.00 - $260,000.00 The above annual salary range is a general guideline. Multiple factors are taken into consideration to arrive at the final hourly rate/ annual salary to be offered to the selected candidate. Factors include, but are not limited to, the scope and responsibilities of the role, the selected candidate's work experience, education and training, the work location as well as market and business considerations. GEICO will consider sponsoring a new qualified applicant for employment authorization for this position.