[Remote] AI Red Team Engineer

Note: The job is a remote job and is open to candidates in USA. Confidential is seeking a skilled Red Team Security Engineer to join their SOC team. The role involves simulating real-world adversary tactics to validate detection and response capabilities while conducting research into AI/LLM security risks.

Responsibilities

• Design and execute end-to-end red team operations covering the full attack chain: reconnaissance, initial access, lateral movement, privilege escalation, and data exfiltration
• Replicate APT group TTPs (e.g., Lazarus, APT41) to validate detection and incident response capabilities
• Develop and maintain custom offensive tools, C2 frameworks, and evasion techniques to simulate advanced threats
• Participate in BAS (Breach and Attack Simulation) playbook design and execution across Windows, macOS, and Linux platforms
• Research AI/LLM attack surfaces: Prompt Injection, model poisoning, adversarial examples, training data contamination, and AI Agent security risks
• Evaluate security risks in AI/LLM applications (RAG, MCP, Tool Use, Agentic workflows) and provide red team findings
• Track AI security research (MITRE ATLAS, OWASP LLM Top 10) and produce internal threat intelligence
• Collaborate with the blue team to translate red team findings into detection rules and defensive hardening
• Produce high-quality red team reports with actionable remediation recommendations

Skills

• 3+ years of hands-on penetration testing or red team experience
• Proficiency with at least one mainstream C2 framework (Cobalt Strike, Sliver, Havoc, etc.)
• Strong vulnerability exploitation fundamentals: web (OWASP Top 10), internal network (AD attack chains), cloud environments
• Familiar with MITRE ATT&CK framework; able to map TTPs and design corresponding attack scenarios
• Scripting/tooling development skills (Python, Go, or PowerShell)
• Holds at least one major red team certification: OSCP, CRTO, CRTE (preferred)
• (AI Security) Understanding of LLM application architectures (RAG, Agent, MCP, Tool Use) and ability to identify attack surfaces
• (AI Security) Hands-on research or PoC experience with Prompt Injection, jailbreaking, or model extraction attacks
• (AI Security) Familiar with MITRE ATLAS framework and AI/ML threat classification
• (Bonus) Web3 / blockchain security background (smart contract audits, on-chain attack analysis)
• (Bonus) CTF experience (DEFCON CTF, GeekCon, etc.) or published vulnerability research (CVE, conference talks, technical blog)

Company Overview