RemoteLeaf Logo
Log in Sign up

Senior Application Security Tester & AI Red Team Subject Matter Expert

2 weeks, 6 days ago
United States
Full-time
Senior
AI (Artificial Intelligence)
Artificial Intelligence and Machine Learning
Bash GraphQL JavaScript JWT Metasploit Nmap OpenID Connect Penetration Testing Postman PowerShell Python REST API SAML SPA TypeScript
Apply Now
Evolve Security Academy

Evolve Security Academy

Evolve Security Academy offers elite offensive security solutions and top-ranked cybersecurity training to address vulnerabilities and enhance organizational security.

Internet Software & Services
11-50
Founded 2016
View All Jobs 3

Description

  • Lead end-to-end web application and API penetration tests, including scoping, execution, and presenting findings to client leadership.
  • Design and execute AI red team engagements against LLM-backed applications, RAG systems, and agentic workflows.
  • Test the full AI application surface, including model endpoints, retrieval pipelines, vector stores, plug-ins, guardrails, and cloud infrastructure.
  • Validate authentication, session management, access control, secrets handling, and data-flow controls across traditional and AI-specific systems.
  • Perform manual exploit development and code-assisted review to identify classical web vulnerabilities and AI integration flaws.
  • Build and maintain AI red team methodology, payload libraries, evaluation harnesses, and reporting templates.
  • Mentor mid-level penetration testing engineers and OSOC analysts through paired testing, code review, and methodology coaching.
  • Serve as the technical reviewer for AI-related findings and contribute to internal training and academy content.
  • Represent Evolve Security externally through talks, webinars, blogs, podcasts, and thought-leadership content.
  • Communicate findings with clear business impact, reproducibility, and strategic remediation guidance.

Requirements

  • 5–8+ years of offensive security experience with a deep concentration in web application and API penetration testing.
  • Demonstrable hands-on experience testing AI/ML systems such as LLM-backed applications, RAG pipelines, fine-tuned models, multi-agent systems, or production ML inference.
  • A track record of dozens of completed assessments, published research, conference talks, CVEs, or open-source contributions.
  • Mastery of web application and API security beyond the OWASP Top 10, including business logic abuse and complex auth flows such as OAuth 2.0 / OIDC, SAML, JWT, and mTLS.
  • Deep knowledge of modern web attack techniques including SSRF chains, deserialization, request smuggling, prototype pollution, SPA, and GraphQL attack surfaces.
  • Working knowledge of the OWASP Top 10 for LLM Applications and OWASP ML Top 10, including prompt injection, jailbreaks, poisoning, extraction, and excessive agency risks.
  • Expertise with offensive tools such as Burp Suite Pro, OWASP ZAP, Nuclei, Postman, Nmap, Metasploit, and BloodHound.
  • Ability to build bespoke tooling when off-the-shelf tools are insufficient.
  • Comfort with AI red-teaming tools such as Garak, PyRIT, Promptfoo, and Giskard, plus adversarial ML libraries.
  • Strong scripting and small-tool development ability in Python, with working knowledge of JavaScript / TypeScript, Bash, and PowerShell.
  • Familiarity with AI application components such as vector databases, embedding models, retrieval pipelines, agent frameworks, and MCP.
  • Excellent written and verbal communication skills, including publication-quality reporting and briefing CISO and engineering leaders.
  • Experience mentoring engineers through code review, paired testing, and methodology coaching.
  • Preferred certifications include OSWE, OSCP, OSEP, GWAPT, GXPN, and Burp Suite Certified Practitioner.
  • Preferred AI/ML-adjacent credentials or contributions include AI Red Team certifications, prompt injection research, MITRE ATLAS contributions, or SANS SEC545 / SEC595.

Benefits

  • Healthcare benefits.
  • 401(k) match.
  • Parental leave.
  • Flexible paid time off.
  • Annual vacation reimbursement.
  • Opportunity to work with a Chicago-based cybersecurity firm focused on penetration testing, training, and talent solutions.
  • Access to Evolve Academy, a cybersecurity bootcamp with live security assessment experience.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

FutureSight

Co-Founder & CEO - AI Communication Agents for Freight & Logistics

FutureSight 11-50 Internet Software & Services

FutureSight is seeking a Co-Founder & CEO to build and lead HawkAI, an enterprise AI venture that automates freight communications for logistics brokerages, carriers, and warehouse operators.

United States Executive AI (Artificial Intelligence) Business Development
LLM
42 minutes ago
FutureSight

Co-Founder & CEO - AI Communication Agents for Freight & Logistics

FutureSight 11-50 Internet Software & Services

FutureSight is seeking a Co-Founder & CEO to build and lead HawkAI, an enterprise AI venture for US logistics brokerages, carriers, and warehouse operators focused on automating high-volume freight communications.

Canada Full-time Executive AI (Artificial Intelligence) Head of Sales
LLM
2 hours, 27 minutes ago
ELVTR

AI Product Manager

ELVTR 51-250 Diversified Consumer Services

ELVTR is hiring a Middle Product Manager to build AI-native internal tools and, over time, student-facing products that improve key business workflows and drive adoption across the company.

Ukraine Full-time Mid Level AI (Artificial Intelligence) Product Manager
HubSpot Microservices Supabase UI Design UX Design Vercel
2 hours, 32 minutes ago
Toloka

AI Training Specialist (Egocentric Video)

Toloka 251-1K Internet Software & Services

Project-based freelance opportunity on an AI training platform for recording first-person videos of everyday household activities to help train AI systems and robots.

Chile Colombia Bolivia Uruguay Part-time Entry Level AI (Artificial Intelligence)
2 hours, 48 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers