Offensive Security Engineer

About The Position

Requirements

• Hands-on experience in penetration testing, offensive security, or red team operations.
• Strong experience testing web applications, APIs, and cloud environments (AWS preferred).
• Demonstrated knowledge of AI/ML security risks, including LLM abuse patterns and model-level attacks.
• Proficiency with common penetration testing tools (e.g., Burp Suite, Metasploit, Nmap, cloud-native tooling).
• Strong understanding of: OWASP Top 10, OWASP API Security Top 10, Cloud attack paths and IAM abuse, and MITRE ATT&CK
• Ability to write clear, developer-friendly remediation guidance.
• Comfortable scripting or automating testing tasks (Python, Bash, PowerShell preferred).
• Excellent communication skills and ability to work cross-functionally.
• Applicants must have permanent work authorization in the U.S.; we are not sponsoring visas for this role.

Nice To Haves

• Experience testing AI APIs, LLM platforms, or ML pipelines in production environments.
• Familiarity with AI risk frameworks (e.g., NIST AI RMF).
• Experience in regulated or high-trust environments.
• Relevant certifications include: OSCP, OSCE, CRTO, GPEN, GXPN, Cloud security certifications, AI-security or ML-adjacent coursework or certifications

Responsibilities

• Conduct authorized penetration tests against web applications, APIs, cloud infrastructure, containers, and internal services.
• Perform network, application, and cloud security testing using both automated tooling and manual exploitation techniques.
• Validate vulnerabilities discovered through scanning, threat modeling, or other submissions.
• Test AI-enabled products and services for AI-specific threats:
• Prompt injection and prompt manipulation.
• Model inversion and data extraction.
• Training data poisoning.
• Model theft and inference abuse.
• Excessive data exposure via AI APIs.
• Assess security controls around AI pipelines, including data ingestion, training environments, inference endpoints, and model storage.
• Evaluate abuse scenarios involving AI agents, automation, and third-party AI integrations.
• Produce clear, high-quality penetration testing reports with risk ratings, exploit evidence, and prioritized remediation guidance.
• Partner with engineering teams to validate fixes, retest findings, and implement compensating controls where remediation is not immediately feasible.
• Contribute to secure design reviews and threat modeling for new products, cloud services, and AI capabilities.
• Support red team activities and collaborate with Security Operations during incident investigations involving exploited vulnerabilities.
• Stay current on emerging attack techniques, especially in AI, cloud-native, and API security.
• Help evolve internal penetration testing methodologies, tooling, and playbooks.
• Assist with compliance and audit evidence related to penetration testing and security assessments (SOC 2, PCI, NIST, ISO).

Benefits

• red violet offers excellent benefits including opportunity for stock (RSU) grants, a 401K and generous company match, flexible PTO policy, medical, dental and vision coverage, commuter benefits, in-office healthy snacks, team events and more.