AI Red Team Engineer

About the Role We are looking for a skilled Red Team Security Engineer to join our SOC team. You will simulate real-world adversary TTPs — including APT-level attacks — to validate our detection and response capabilities, while also conducting cutting-edge research into AI/LLM security risks. You will work closely with the blue team, threat intelligence, and security engineering to continuously strengthen our defensive posture. Key Responsibilities Design and execute end-to-end red team operations covering the full attack chain: reconnaissance, initial access, lateral movement, privilege escalation, and data exfiltration Replicate APT group TTPs (e.g., Lazarus, APT41) to validate detection and incident response capabilities Develop and maintain custom offensive tools, C2 frameworks, and evasion techniques to simulate advanced threats Participate in BAS (Breach and Attack Simulation) playbook design and execution across Windows, macOS, and Linux platforms Research AI/LLM attack surfaces: Prompt Injection, model poisoning, adversarial examples, training data contamination, and AI Agent security risks Evaluate security risks in AI/LLM applications (RAG, MCP, Tool Use, Agentic workflows) and provide red team findings Track AI security research (MITRE ATLAS, OWASP LLM Top 10) and produce internal threat intelligence Collaborate with the blue team to translate red team findings into detection rules and defensive hardening Produce high-quality red team reports with actionable remediation recommendations Major Requirements 3+ years of hands-on penetration testing or red team experience Proficiency with at least one mainstream C2 framework (Cobalt Strike, Sliver, Havoc, etc.) Strong vulnerability exploitation fundamentals: web (OWASP Top 10), internal network (AD attack chains), cloud environments Familiar with MITRE ATT&CK framework; able to map TTPs and design corresponding attack scenarios Scripting/tooling development skills (Python, Go, or PowerShell) Holds at least one major red team certification: OSCP, CRTO, CRTE (preferred) (AI Security) Understanding of LLM application architectures (RAG, Agent, MCP, Tool Use) and ability to identify attack surfaces (AI Security) Hands-on research or PoC experience with Prompt Injection, jailbreaking, or model extraction attacks (AI Security) Familiar with MITRE ATLAS framework and AI/ML threat classification (Bonus) Web3 / blockchain security background (smart contract audits, on-chain attack analysis) (Bonus) CTF experience (DEFCON CTF, GeekCon, etc.) or published vulnerability research (CVE, conference talks, technical blog) Show more Show less