Senior Engineer, Offensive Security

HumanaTampa, FL
$117,600 - $161,700Remote

About The Position

We're building a new AI & Offensive Tooling capability inside our Offensive Security organization, and we're looking for a senior engineer who can both build it and use it. As Senior Offensive Security Engineer, AI-Driven Red Team & Tooling, you'll build the AI and agentic tooling that makes our offensive operations faster and broader, then prove it where it counts, on real penetration tests, purple-team exercises, and red-team operations. You'll also bring that same offensive lens to the enterprise's own AI systems. It's one loop: build the tooling, prove it on live engagements, feed what you learn back into the tooling. And it's a rare chance to do that hands-on inside a program that helps protect the health data of millions of people.

Requirements

  • 4+ years in roles such as Red Team, Penetration Testing, Purple Team / control validation, or Bug Bounty, with a track record of delivering engagements end to end: scoping, execution, and clear written findings.
  • Production Python engineering: you build and operate real tooling, not only one-off scripts.
  • You've built with agentic AI: hands-on designing, building, or operating AI agents or LLM applications: agentic workflows, tool/function-calling, and orchestration. (We care about what you've shipped and operated, not years on a particular framework—these frameworks are only a few years old.)
  • You've attacked AI: hands-on testing of AI/ML systems: prompt injection, jailbreaking, and adversarial techniques.
  • Cloud fluency: production experience with at least one major Cloud Service Provider (AWS, GCP, or Azure).

Nice To Haves

  • Built autonomous or semi-autonomous offensive agents, LLM-driven penetration-testing agents, or reinforcement-learning exploit and attack-path planners.
  • Red-team tradecraft: C2 frameworks (e.g. Cobalt Strike, Sliver, Mythic), evasion and OPSEC, and testing endpoints protected by modern EDR/XDR.
  • Purple-team and adversary-emulation fluency: MITRE ATT&CK, and platforms such as VECTR or Atomic Red Team.
  • Hands-on with AI red-teaming frameworks such as PyRIT or Garak, and fluent in MITRE ATLAS, the OWASP Top 10 for LLM Applications, and the NIST AI Risk Management Framework.
  • Model Context Protocol (MCP), building clients/servers, or testing them and RAG pipelines for tool/prompt-injection abuse.
  • Cloud penetration-testing depth or multi-cloud breadth; threat-intelligence-driven operations; depth in an advanced offensive specialty (malware development, advanced red-team operations, or adversarial ML research).
  • Published research, open-source contributions, or talks at DEF CON (incl. the AI Village / Generative Red Team), BSides, x33fcon, or Black Hat, or strong showings in AI-security competitions like HackAPrompt.
  • Certifications are a plus, not a gate, offensive (e.g. OSCP, OSEP, OSED, OSCE3, CRTO, CRTL, CPTS, CWES, CWEE, CAPE) and emerging AI-security (e.g. the OffSec AI Red Teamer (OSAI / AI-300), the SANS/GIAC AI security line, the HTB AI Red Teamer path).

Responsibilities

  • Build agentic offensive tooling. Write production-quality software and AI agents, LLM-driven planning loops, multi-agent orchestration, and tool/function-calling that drives real offensive tooling, and contribute to the in-house agent platform that powers our pentest and red-team operations. You'll operate this as a production, event-driven cloud platform at real scale (dozens of serverless functions, change-stream data pipelines, hundreds of operational alarms, integrated LLM inference), real software engineering, not proof-of-concept scripting.
  • Run penetration tests. Network, web-application, cloud, and infrastructure testing, recon through exploitation, privilege escalation, and lateral movement, accelerated by the tooling you build, with your own judgment owning scope and exploitability.
  • Run purple-team exercises. Validate security countermeasures (EDR/XDR, NDR, DLP, firewalls) with our defensive partners, then pair with detection engineering to close the gaps your attacks reveal.
  • Run red-team operations and test the enterprise's own AI. Objective-driven adversary emulation; and adversarial assessment of internal LLM-powered products, agents, RAG pipelines, and ML applications, prompt injection, jailbreaks, model extraction and inversion, membership inference, data and supply-chain poisoning, evasion, and agent tool/sandbox abuse, validating that guardrails and classifiers actually hold.
  • First 90 days: ramp on the agent platform and the offensive service lines; deliver your first engagements (a penetration test and a purple-team exercise) and ship one improvement to the agentic tooling that you used during them.
  • By 6 months: ship at least one AI-driven tool that a service line adopts into its live workflow, with metrics showing coverage or turnaround gains; run a red-team operation end to end.
  • By 12 months: stand up repeatable adversarial testing for at least one of the enterprise's own AI systems; establish an evaluation approach that tracks your tooling's autonomous success against representative targets; become a go-to for both building and operating across the team.
  • Build and operate (both, for real). Most offensive roles let you build or operate. This one is explicitly both: you ship the software and you run the engagements, so your tooling is shaped by someone who actually uses it.
  • A program that's already serious about AI.
  • Fridays are dedicated to R&D.
  • You'll have Hack The Box Pro Labs, all HTB role-based paths and certifications, discretionary certification funding, and conference/training budgets.
  • You'll work alongside the Lead of our new AI & Offensive Tooling capability—contributing to the platform they own while running your own engagements.
  • Offensive Security identifies weaknesses so the business can fix them before adversaries exploit them, protecting the data and care of millions of people.
  • AI is entering both our adversaries' tradecraft and our own operations faster than traditional tooling keeps up; you help keep us ahead.
  • Use your skills to make an impact
  • You'll work with considerable autonomy on moderately complex engagements and influence the team's technical direction through your expertise.
  • You'll embed with each service line and the AI & Tooling Lead rather than build in isolation; ship software with engineering rigor (reproducibility, evaluation, safety guardrails, human-in-the-loop where offensive operations demand it); deliver findings and tooling with reproduction steps, severity, business impact, and remediation; track risk in the enterprise risk platform; and operate within the organization's acceptable-use-of-AI policies and offensive security rules of engagement.

Benefits

  • medical
  • dental
  • vision
  • 401(k) retirement savings plan
  • time off (including paid time off, company and personal holidays, paid parental and caregiver leave)
  • short-term and long-term disability
  • life insurance
  • Hack The Box Pro Labs
  • all HTB role-based paths and certifications
  • discretionary certification funding
  • conference/training budgets
  • bonus incentive plan
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service