Senior AI Penetration Tester (New York)

About The Position

Requirements

• 2–4 years of hands-on penetration testing experience.
• Demonstrated expertise across emerging AI security, network, and application domains.
• Strong scripting and exploit development skills.
• Comfort working with AI-powered tools.
• Ability to communicate complex technical findings clearly and effectively.
• Hands-on AI red-teaming experience covering prompt injection (direct and indirect), jailbreaking, tool-use abuse, insecure output handling, training/context data exfiltration, and model DoS.
• Familiarity with OWASP Top 10 for LLMs and MITRE ATLAS.
• Hands-on penetration testing experience across network infrastructure (servers, endpoints, network devices, Active Directory), web applications (OWASP Top 10, API security, manual and automated testing), and AI/LLM-based systems.
• Solid grounding in TCP/IP, DNS, HTTP/S, VPNs, and firewalls.
• Strong scripting proficiency in Python, Bash, or PowerShell.
• Working knowledge of Metasploit, Burp Suite (including Burp AI extensions), Nmap, Nessus/OpenVAS, BloodHound, Cobalt Strike and other similar tools.
• Experience using AI tools (e.g., Claude, ChatGPT, or similar) for penetration testing activities including reconnaissance, vulnerability analysis, payload crafting, and exploit development.
• Ability to produce clear, well-structured assessment reports that translate findings, risk ratings, and remediation guidance into actionable insights for both technical teams and senior stakeholders.

Nice To Haves

• Experience assessing AI systems and LLM-based applications in enterprise deployments (Claude, ChatGPT, Azure OpenAI Studio, or similar), identifying risks including prompt injection, insecure tool use, MCP server misconfigurations, and risks across agentic orchestration workflows.
• Experience testing AI systems in regulated or data-sensitive environments where material non-public information (MNPI), confidential client data, or similar controlled data classes are in scope.
• Experience with AI agent monitoring/observability platforms.
• Strong working knowledge of the MITRE ATT&CK framework, including staying current with newly published TTPs and actively applying them during engagements to simulate real-world adversary behavior.
• Experience with cloud penetration testing across AWS, Azure, or GCP environments.
• Exposure to container and Kubernetes security assessments.
• Knowledge of secure coding practices and ability to perform basic code review to support application security engagements.
• Familiarity with compliance frameworks such as PCI DSS, DORA, and ISO 27001.
• Certifications such as OSCP, CEH, GPEN, GWAPT.
• A degree in Computer Science, Cybersecurity, Information Systems, or equivalent practical experience.
• Participation in bug bounty programs or CTF competitions.

Responsibilities

• Conduct security assessments of AI systems and implementations (e.g., AI chatbots, MCP servers, Claude, ChatGPT, Azure OpenAI Studio), identifying risks like prompt injection, model abuse, and data exfiltration.
• Execute continuous adversarial testing of AI platforms and guardrails to validate controls.
• Plan, scope, and execute penetration testing engagements across network infrastructure (servers, firewalls, endpoints, Active Directory).
• Perform comprehensive web application security assessments covering OWASP Top 10 vulnerabilities, business logic flaws, authentication weaknesses, and API security issues.
• Leverage AI agents and AI-assisted tooling (e.g., Claude, ChatGPT) to augment testing workflows and automate reconnaissance.
• Develop and maintain custom scripts and exploit code for attack chain automation, payload generation, and post-exploitation tasks.
• Document and communicate assessment outcomes, including findings, risk context, and remediation guidance, for both technical teams and senior stakeholders.
• Collaborate with Vulnerability Management, Application, and Infrastructure teams to ensure findings are handed off with clear remediation ownership.
• Stay current with the latest offensive security research, CVEs, exploitation techniques, and AI security threats.
• Support red team exercises and threat simulation activities.
• Maintain detailed records of testing activities, methodologies, and evidence per internal documentation standards.

Benefits

• Hybrid Work Environment (2-3 days a week in office)
• Dedicated trainings, leadership development and mentorship programs
• Retirement planning
• Financial wellness programs
• Tuition reimbursement programs
• Comprehensive healthcare offerings
• Family-first policies, including a generous global parental leave plan
• Paid volunteer days and support for community engagement initiatives