Evolve Security Academy

Evolve Security Academy offers elite offensive security solutions and top-ranked cybersecurity training to address vulnerabilities and enhance organizational security.

Internet Software & Services

Information Technology

11-50 (30)

Founded 2016

3 open positions

Links

View All Jobs

Senior Application Security Tester & AI Red Team Subject Matter Expert

21 hours, 8 minutes ago

United States

Full-time

Senior

AI (Artificial Intelligence)

Artificial Intelligence and Machine Learning

Bash GraphQL JavaScript JWT Metasploit Nmap OpenID Connect Penetration Testing Postman PowerShell Python REST API SAML SPA TypeScript

Apply Now

Evolve Security Academy

Evolve Security Academy offers elite offensive security solutions and top-ranked cybersecurity training to address vulnerabilities and enhance organizational security.

Internet Software & Services

11-50

Founded 2016

View All Jobs 3

Description

Lead end-to-end web application and API penetration tests, including scoping, execution, and presenting findings to client leadership.
Design and execute AI red team engagements against LLM-backed applications, RAG systems, and agentic workflows.
Test the full AI application surface, including model endpoints, retrieval pipelines, vector stores, plug-ins, guardrails, and cloud infrastructure.
Validate authentication, session management, access control, secrets handling, and data-flow controls across traditional and AI-specific systems.
Perform manual exploit development and code-assisted review to identify classical web vulnerabilities and AI integration flaws.
Build and maintain AI red team methodology, payload libraries, evaluation harnesses, and reporting templates.
Mentor mid-level penetration testing engineers and OSOC analysts through paired testing, code review, and methodology coaching.
Serve as the technical reviewer for AI-related findings and contribute to internal training and academy content.
Represent Evolve Security externally through talks, webinars, blogs, podcasts, and thought-leadership content.
Communicate findings with clear business impact, reproducibility, and strategic remediation guidance.

Requirements

5–8+ years of offensive security experience with a deep concentration in web application and API penetration testing.
Demonstrable hands-on experience testing AI/ML systems such as LLM-backed applications, RAG pipelines, fine-tuned models, multi-agent systems, or production ML inference.
A track record of dozens of completed assessments, published research, conference talks, CVEs, or open-source contributions.
Mastery of web application and API security beyond the OWASP Top 10, including business logic abuse and complex auth flows such as OAuth 2.0 / OIDC, SAML, JWT, and mTLS.
Deep knowledge of modern web attack techniques including SSRF chains, deserialization, request smuggling, prototype pollution, SPA, and GraphQL attack surfaces.
Working knowledge of the OWASP Top 10 for LLM Applications and OWASP ML Top 10, including prompt injection, jailbreaks, poisoning, extraction, and excessive agency risks.
Expertise with offensive tools such as Burp Suite Pro, OWASP ZAP, Nuclei, Postman, Nmap, Metasploit, and BloodHound.
Ability to build bespoke tooling when off-the-shelf tools are insufficient.
Comfort with AI red-teaming tools such as Garak, PyRIT, Promptfoo, and Giskard, plus adversarial ML libraries.
Strong scripting and small-tool development ability in Python, with working knowledge of JavaScript / TypeScript, Bash, and PowerShell.
Familiarity with AI application components such as vector databases, embedding models, retrieval pipelines, agent frameworks, and MCP.
Excellent written and verbal communication skills, including publication-quality reporting and briefing CISO and engineering leaders.
Experience mentoring engineers through code review, paired testing, and methodology coaching.
Preferred certifications include OSWE, OSCP, OSEP, GWAPT, GXPN, and Burp Suite Certified Practitioner.
Preferred AI/ML-adjacent credentials or contributions include AI Red Team certifications, prompt injection research, MITRE ATLAS contributions, or SANS SEC545 / SEC595.

Benefits

Healthcare benefits.
401(k) match.
Parental leave.
Flexible paid time off.
Annual vacation reimbursement.
Opportunity to work with a Chicago-based cybersecurity firm focused on penetration testing, training, and talent solutions.
Access to Evolve Academy, a cybersecurity bootcamp with live security assessment experience.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Optical Engineer - Freelance AI Trainer

Mindrift.ai: Be the “I” in AI Internet Software & Services

Mindrift is seeking optical and physics specialists for project-based AI work focused on creating and validating challenging optics and physics problems for leading tech companies.

Israel Jordan Kuwait Qatar Saudi Arabia Turkey Part-time Junior AI (Artificial Intelligence)

$73k-$73k

1 hour, 7 minutes ago

Apply

1 hour, 7 minutes ago

Co-Founder & CEO - AI WealthTech

FutureSight 11-50 Internet Software & Services

FutureSight is seeking a Co-Founder & CEO to build and lead Weli AI, a B2B WealthTech venture that brings embedded intelligence into advisors’ existing tools to drive proactive client outreach and growth.

Canada Full-time Executive AI (Artificial Intelligence) Business Development

CRM LLM

1 hour, 32 minutes ago

Apply

1 hour, 32 minutes ago

Research Physicist - Freelance AI Trainer

Mindrift.ai: Be the “I” in AI Internet Software & Services

Mindrift is seeking part-time physics specialists for project-based AI evaluation work focused on designing and validating original optics and physics problems for tech company projects.