Senior Application Security Tester & AI Red Team Subject Matter Expert

1 month, 1 week ago
Full-time
Senior
Artificial Intelligence and Machine Learning
Evolve Security Academy

Evolve Security Academy

Evolve Security Academy offers elite offensive security solutions and top-ranked cybersecurity training to address vulnerabilities and enhance organizational security.

Internet Software & Services
11-50
Founded 2016

Description

  • Lead end-to-end web application and API penetration tests, including scoping, execution, and presenting findings to client leadership.
  • Design and execute AI red team engagements against LLM-backed applications, RAG systems, and agentic workflows.
  • Test the full AI application surface, including model endpoints, retrieval pipelines, vector stores, plug-ins, guardrails, and cloud infrastructure.
  • Validate authentication, session management, access control, secrets handling, and data-flow controls across traditional and AI-specific systems.
  • Perform manual exploit development and code-assisted review to identify classical web vulnerabilities and AI integration flaws.
  • Build and maintain AI red team methodology, payload libraries, evaluation harnesses, and reporting templates.
  • Mentor mid-level penetration testing engineers and OSOC analysts through paired testing, code review, and methodology coaching.
  • Serve as the technical reviewer for AI-related findings and contribute to internal training and academy content.
  • Represent Evolve Security externally through talks, webinars, blogs, podcasts, and thought-leadership content.
  • Communicate findings with clear business impact, reproducibility, and strategic remediation guidance.

Requirements

  • 5–8+ years of offensive security experience with a deep concentration in web application and API penetration testing.
  • Demonstrable hands-on experience testing AI/ML systems such as LLM-backed applications, RAG pipelines, fine-tuned models, multi-agent systems, or production ML inference.
  • A track record of dozens of completed assessments, published research, conference talks, CVEs, or open-source contributions.
  • Mastery of web application and API security beyond the OWASP Top 10, including business logic abuse and complex auth flows such as OAuth 2.0 / OIDC, SAML, JWT, and mTLS.
  • Deep knowledge of modern web attack techniques including SSRF chains, deserialization, request smuggling, prototype pollution, SPA, and GraphQL attack surfaces.
  • Working knowledge of the OWASP Top 10 for LLM Applications and OWASP ML Top 10, including prompt injection, jailbreaks, poisoning, extraction, and excessive agency risks.
  • Expertise with offensive tools such as Burp Suite Pro, OWASP ZAP, Nuclei, Postman, Nmap, Metasploit, and BloodHound.
  • Ability to build bespoke tooling when off-the-shelf tools are insufficient.
  • Comfort with AI red-teaming tools such as Garak, PyRIT, Promptfoo, and Giskard, plus adversarial ML libraries.
  • Strong scripting and small-tool development ability in Python, with working knowledge of JavaScript / TypeScript, Bash, and PowerShell.
  • Familiarity with AI application components such as vector databases, embedding models, retrieval pipelines, agent frameworks, and MCP.
  • Excellent written and verbal communication skills, including publication-quality reporting and briefing CISO and engineering leaders.
  • Experience mentoring engineers through code review, paired testing, and methodology coaching.
  • Preferred certifications include OSWE, OSCP, OSEP, GWAPT, GXPN, and Burp Suite Certified Practitioner.
  • Preferred AI/ML-adjacent credentials or contributions include AI Red Team certifications, prompt injection research, MITRE ATLAS contributions, or SANS SEC545 / SEC595.

Benefits

  • Healthcare benefits.
  • 401(k) match.
  • Parental leave.
  • Flexible paid time off.
  • Annual vacation reimbursement.
  • Opportunity to work with a Chicago-based cybersecurity firm focused on penetration testing, training, and talent solutions.
  • Access to Evolve Academy, a cybersecurity bootcamp with live security assessment experience.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Mortgage Underwriter - Freelance AI Trainer

Mindrift.ai: Be the “I” in AI Internet Software & Services

Mindrift is seeking mortgage underwriting and loan origination professionals for project-based AI evaluation work focused on testing and improving mortgage-related AI outputs and compliance decisions.

19 hours, 39 minutes ago

Claims Processing Agent - Freelance AI Trainer

Mindrift.ai: Be the “I” in AI Internet Software & Services

Mindrift is seeking part-time project-based insurance and claims specialists to evaluate and improve AI systems for auto insurance decision-making, fraud detection, and subrogation testing.

19 hours, 39 minutes ago

Record Your Daily Routine & Get Paid - AI Training (Remote)

Toloka 251-1K Internet Software & Services

Project-based freelance opportunity with an AI training platform recording first-person videos of everyday household activities to help train AI systems and robots.

19 hours, 39 minutes ago

Freelance Agent Evaluation Engineer

Mindrift.ai: Be the “I” in AI Internet Software & Services

Mindrift is seeking a project-based software specialist to create realistic coding evaluation tasks and tests for AI agents in simulated development environments.

Docker FastAPI JavaScript Kafka PostgreSQL Python React Redis TypeScript
19 hours, 39 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers