Security Engineer- Penetration Testing
Job Description
Role summary
\n
We are seeking a highly skilled Security Engineer specializing in Penetration Testing to strengthen our o ensive security capabilities. This role is responsible for identifying vulnerabilities across applications, infrastructure, cloud environments, and emerging AI/ML systems, including Large Language Models (LLMs) and GenAI platforms. The ideal candidate combines deep technical pentesting expertise with hands-on experience in AI security, enabling proactive defense against sophisticated and evolving threats.
\n
\n
Key Responsibilities:
\n
Application & API Security Testing
\n
- \n
- Perform black-box, gray-box, and white-box penetration testing of:
- Web applications, APIs (REST/GraphQL), and mobile platforms
\n
\n
\n
• Identify vulnerabilities including:
\n
- \n
- Authentication/authorization flaws
- Injection attacks
- Business logic vulnerabilities
- Session Management
- Information Gathering
- Data Validation, Governance and Transfer
- Configuration Management
\n
\n
\n
\n
\n
\n
\n
\n
• Conduct secure code reviews and validate SAST/DAST findings
\n
Infrastructure & Network Penetration Testing
\n
• Execute penetration testing across:
\n
- \n
- Enterprise networks (internal/external)
- Cloud platforms (AWS, Azure, GCP)
- Hybrid environments
\n
\n
\n
\n
• Perform:
\n
- \n
- Privilege escalation and lateral movement
- Active Directory assessments (Kerberos, NTLM, etc.)
\n
\n
\n
• Identify misconfigurations and control weaknesses
\n
AI/ML & GenAI Security Testing
\n
• Conduct security assessments on:
\n
- \n
- LLM-based applications and AI copilots
- Machine learning models and pipelines
\n
\n
\n
• Perform:
\n
- \n
- Prompt injection and jailbreak testing
- Data leakage and model abuse scenarios
- Adversarial ML attacks (evasion, poisoning)
\n
\n
\n
\n
• Assess:
\n
- \n
- RAG (Retrieval-Augmented Generation) pipelines
- Model APIs, plugins, and agent frameworks
- E ectiveness of AI guardrails and controls
\n
\n
\n
\n
Red Teaming & Adversary Simulation
\n
• Simulate real-world attack scenarios across:
\n
- \n
- Applications, infrastructure, and AI systems
\n
\n
• Develop multi-stage attack chains combining:
\n
- \n
- Traditional and AI-specific techniques
\n
\n
• Support purple team exercises with SOC and detection teams
\n
Automation & AI-Driven Security Testing
\n
• Leverage AI tools to:
\n
- \n
- Automate vulnerability discovery
- Generate test cases and attack payloads
- Develop custom tools/scripts using:
- Python, Bash, PowerShell, or Go
\n
\n
\n
\n
\n
• Enhance scalability and repeatability of pentesting processes
\n
Reporting & Stakeholder Engagement
\n
• Deliver:
\n
- \n
- Executive-level summaries (CIO/CISO ready)
- Detailed technical reports with reproduction steps
\n
\n
\n
• Provide:
\n
- \n
- Risk-based prioritization aligned to business impact
- Actionable remediation guide
\n
\n
\n
• Collaborate with:
\n
- \n
- Engineering, Cloud, SOC, and DevOps teams
\n
\n
\n
Required Qualifications
\n
Experience
\n
• 5+ years in penetration testing, red teaming, or offensive security
\n
• Proven experience testing:
\n
- \n
- Web applications, APIs, and infrastructure
\n
\n
• Hands-on exposure to cloud security and enterprise environments
\n
Technical Skills
\n
• Strong knowledge of:
\n
- \n
- OWASP Top 10 / API Top 10
- OWASP Top 10 LLM
- Network and infrastructure pentesting
- Identity and Active Directory exploitation
\n
\n
\n
\n
\n
• Experience with tools such as:
\n
- \n
- Burp Suite, Metasploit, Nmap
- BloodHound, Mimikatz, Nessus
\n
\n
\n
\n
AI Security
\n
• Understanding of:
\n
- \n
- LLM architectures and GenAI use cases
- RAG pipelines, embeddings, and vector databases
\n
\n
\n
\n
• Experience with:
\n
- \n
- Prompt injection testing
- AI red teaming or model security assessments
\n
\n
\n
\n
• Exposure to:
\n
- \n
- LangChain, Semantic Kernel, or similar frameworks
\n
\n
\n
Programming
\n
• Proficiency in:
\n
- \n
- Python (required)
- Scripting (Bash/PowerShell)
\n
\n
\n
\n
• Ability to develop:
\n
- \n
- Custom testing tools and exploit scripts
\n
\n
\n
Preferred Qualifications
\n
• Certifications:
\n
- \n
- OSCP, OSEP, or OSCE
- GPEN, GWAPT, or CRTO
- Cloud security certifications (AWS/Azure)
\n
\n
\n
\n
\n
• Experience with:
\n
- \n
- AI security research or tooling
- Bug bounty programs or red team operations
\n
\n
\n
\n
Key Competencies
\n
- \n
- Strong attacker mindset and creative problem solving
- Ability to translate technical findings into business risk
- Excellent collaboration across engineering and security teams
- Focus on scalable, repeatable security processes
\n
\n
\n
\n
\n
