Red Team Engineer/ Offensive Security Lead

Authentic8
$150,000 - $175,000

About The Position

Authentic8 is building an AI-powered Red Teaming Harness to proactively discover, chain, and validate vulnerabilities across our SaaS platform and supporting infrastructure. We are looking for a Red Team Engineer / Offensive Security Lead to drive the development and operation of that harness from the ground up. This is a hands-on role. You will be the primary builder and operator of the harness, working directly with our DevSecOps engineers, SOC Lead, and Director of Security Operations. You will conduct red team operations from multiple attack perspectives and feed validated, prioritized findings into our expedited patch management pipeline. You will also assume ownership of security stage-gates within our CI/CD pipeline and support the operation of our internal Bug Bounty Program. If you’ve spent years thinking like an adversary and you’re energized by what frontier AI models can do in an offensive security context, this role was made for you.

Requirements

  • 5+ years in cybersecurity, penetration testing, or red team operations
  • Demonstrated experience building tools: scripting exploits, automating workflows, or constructing test harnesses (Python and/or Go strongly preferred)
  • Hands-on experience with LLM APIs in a security or agent context, including an understanding of tool use, control loops, and context management in agent architectures
  • Proficiency with static and dynamic analysis (SAST/DAST) and the ability to interpret and chain findings from automated tooling
  • Working knowledge of CVE and vulnerability data sources, including NVD, EPSS, KEV, OSV.dev, and the GitHub Advisory Database
  • Experience testing cloud-hosted SaaS platforms (GCP familiarity preferred)
  • Familiarity with container security (containered, Docker) and Linux-based infrastructure
  • Ability to work independently, manage your own scope, and deliver against defined milestones
  • Excellent documentation and communication skills
  • Must be US citizen

Nice To Haves

  • Experience with frontier AI model platforms in an agentic context
  • OSCP, GXPN, GPEN, or equivalent offensive security certification
  • Experience with SBOM tooling (Endor Labs, Syft, or similar) and software composition analysis
  • Familiarity with CI/CD pipeline security tooling (Snyk, SonarQube, or equivalents)
  • Experience with infrastructure-as-code or configuration management security (Chef/InSpec a plus)
  • Bug bounty program operations experience (HackerOne, Bugcrowd, or similar platforms)

Responsibilities

  • Design, build, and operate an AI-augmented red teaming harness using frontier LLM APIs.
  • Implement a control loop architecture (Plan | Act | Observe | Adjust) for autonomous and semi-autonomous vulnerability discovery.
  • Integrate the harness with purpose-built SBOM tooling (Endor Labs), CVE monitoring feeds (NVD, OSV.dev, EPSS/KEV, GitHub Advisory Database, and vendor-specific bulletins), and our CI/CD pipeline (Snyk, SonarQube).
  • Conduct adversarial testing across four attack perspectives: (Internal source code, External unauthenticated adversary, Internal authenticated user, and Internal unprivileged adversary)
  • Chain findings identify exploitable paths and corresponding vulnerabilities.
  • Validate and prioritize findings using CVSS, EPSS, and KEV context before handing off to the patch management pipeline.
  • Support the development and day-to-day operation of Authentic8's internal Bug Bounty Program.
  • Collaborate with engineering on custom mitigation decisions when vendor patches are unavailable.
  • Assume ownership of security stage-gates within our CI/CD pipeline, integrating Snyk, SonarQube, and harness findings into the build process.
  • Work alongside the SOC Lead on CVE monitoring, alerting, and vulnerability prioritization workflows.
  • Partner with DevSecOps Engineers on harness architecture and pipeline integration.
  • Provide technical input to the Integrated Operations Center on detection use case design for our SIEM.
  • Regularly brief the VP of Information Security on findings, program health, and checkpoint criteria.

Benefits

  • medical
  • dental
  • vision
  • flexible PTO
  • 401k program
  • stock options
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service