We're standing up a new AI & Offensive Tooling capability inside our Offensive Security organization, and we're looking for its founding engineer. As Lead, Offensive Security (AI & Tooling), you will own the in-house AI agent platform that powers our penetration testing and red team operations, and build the AI-driven tooling that makes every offensive service line faster, broader, and more autonomous. This is a hands-on building role with the scope of a technical lead: you set the technical direction for offensive AI at the company, and you ship the software that proves it. It's a rare chance to build autonomous offensive security capabilities from the ground up, responsibly, inside a program that helps protect the health data of millions of people. Join a 100% remote, highly specialized offensive security team where you will have access to Hack The Box Pro Labs, all HTB role-based training paths and certifications, discretionary certification funding, and conference/training budgets. These resources will enable you to continuously advance your expertise while working on industry-leading Offensive Security challenges at scale. You will be part of the Offensive Security organization, collaborating with Red Team, Penetration Testing, and Breach and Attack Simulation (BAS) professionals, highly specialized experts who identify vulnerabilities so the business can address them proactively. Fridays are dedicated to research and development, allowing the team to pursue training in emerging offensive security methodologies, tools, agents, large language models (LLMs), artificial intelligence, and other bleeding edge topics. AI that attacks traditional systems. Build autonomous and semi-autonomous agents that perform real offensive operations against networks, web applications, and infrastructure, LLM-driven planning loops that reason through reconnaissance, exploitation, privilege escalation, and lateral movement, multi-agent orchestration for breadth, and tool/function-calling that drives real offensive tooling. This is the emerging class of LLM-driven penetration-testing agents, built for production use by a professional red team. Offense applied to AI itself. Red-team the enterprise's own AI—LLM-powered products, agents, RAG pipelines, and ML applications, against prompt injection, jailbreaks, model extraction and inversion, membership inference, data and supply-chain poisoning, evasion, and agent tool/sandbox abuse, and validate that guardrails and classifiers actually hold. You'll operate this as a production, event-driven cloud platform at real scale, dozens of serverless functions, change-stream data pipelines, hundreds of operational alarms, and integrated LLM inference. This requires a production software engineering mindset, not proof-of-concept scripting. First 90 days: ramp on the agent platform and the three service lines (Red Team, BAS, Penetration Testing); take operational ownership; ship one meaningful improvement to the agent's autonomous capability or reliability, measured against real engagements. By 6 months: deliver at least one AI-driven tool that a service line adopts into its live workflow, with metrics showing coverage or turnaround gains; establish the evaluation harness that tracks the agent's autonomous success rate against representative targets. By 12 months: publish the multi-quarter offensive-AI roadmap and KPIs; stand up repeatable adversarial testing for the enterprise's own AI systems; mentor 1–3 engineers as the capability grows toward its own function. Real scope, real authority. You own the platform's architecture, roadmap, and day-to-day operation—and you advise Offensive Security leadership on strategy. This is the founding technical role of a capability that grows into its own team. A program that's already serious about AI. Fridays are dedicated to R&D. You'll have Hack The Box Pro Labs, all HTB role-based paths and certifications, discretionary certification funding, and conference/training budgets. Mission that matters. Offensive Security identifies weaknesses so the business can fix them before adversaries exploit them—protecting the data and care of millions of people. AI is entering both our adversaries' tradecraft and our own operations faster than traditional tooling keeps up; you keep us ahead.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed