Search

414,106 Jobs

No logo available
Honeywell - AEROSPACE
locationMilpitas, CA 95035, USA
PublishedPublished: 7/17/2026
No logo available
Intuit
locationRiverside, CA 92506, USA
PublishedPublished: 7/17/2026
No logo available
Intuit
locationSan Bernardino, CA 92403, USA
PublishedPublished: 7/17/2026
No logo available
Sharp Decisions
locationSan Jose, CA, USA
PublishedPublished: 7/17/2026
No logo available
Synthires
locationSanta Clarita, CA 91382, USA
PublishedPublished: 7/17/2026
No logo available
TrustWorks
locationLos Angeles, CA 90079, USA
PublishedPublished: 7/17/2026
No logo available
Compass Group
locationMt. Eden, CA 94557, USA
PublishedPublished: 7/17/2026
No logo available
Chrome Hearts
locationLos Angeles, CA 90079, USA
PublishedPublished: 7/17/2026
No logo available
Envision Technology Solutions
locationSan Jose, CA, USA
PublishedPublished: 7/17/2026
No logo available
Honeywell - AEROSPACE
locationLawndale, CA, USA
PublishedPublished: 7/17/2026

Security Engineer- Penetration Testing

Envision Technology Solutions
locationSan Jose, CA, USA
PublishedPublished: 6/14/2022
Real Estate
Full Time

Job Description

Role summary

\n

We are seeking a highly skilled Security Engineer specializing in Penetration Testing to strengthen our o ensive security capabilities. This role is responsible for identifying vulnerabilities across applications, infrastructure, cloud environments, and emerging AI/ML systems, including Large Language Models (LLMs) and GenAI platforms. The ideal candidate combines deep technical pentesting expertise with hands-on experience in AI security, enabling proactive defense against sophisticated and evolving threats.

\n


\n

Key Responsibilities:

\n

Application & API Security Testing

\n

    \n
  • Perform black-box, gray-box, and white-box penetration testing of:
  • \n

  • Web applications, APIs (REST/GraphQL), and mobile platforms
  • \n

\n

• Identify vulnerabilities including:

\n

    \n
  • Authentication/authorization flaws
  • \n

  • Injection attacks
  • \n

  • Business logic vulnerabilities
  • \n

  • Session Management
  • \n

  • Information Gathering
  • \n

  • Data Validation, Governance and Transfer
  • \n

  • Configuration Management
  • \n

\n

• Conduct secure code reviews and validate SAST/DAST findings

\n

Infrastructure & Network Penetration Testing

\n

• Execute penetration testing across:

\n

    \n
  • Enterprise networks (internal/external)
  • \n

  • Cloud platforms (AWS, Azure, GCP)
  • \n

  • Hybrid environments
  • \n

\n

• Perform:

\n

    \n
  • Privilege escalation and lateral movement
  • \n

  • Active Directory assessments (Kerberos, NTLM, etc.)
  • \n

\n

• Identify misconfigurations and control weaknesses

\n

AI/ML & GenAI Security Testing

\n

• Conduct security assessments on:

\n

    \n
  • LLM-based applications and AI copilots
  • \n

  • Machine learning models and pipelines
  • \n

\n

• Perform:

\n

    \n
  • Prompt injection and jailbreak testing
  • \n

  • Data leakage and model abuse scenarios
  • \n

  • Adversarial ML attacks (evasion, poisoning)
  • \n

\n

• Assess:

\n

    \n
  • RAG (Retrieval-Augmented Generation) pipelines
  • \n

  • Model APIs, plugins, and agent frameworks
  • \n

  • E ectiveness of AI guardrails and controls
  • \n

\n

Red Teaming & Adversary Simulation

\n

• Simulate real-world attack scenarios across:

\n

    \n
  • Applications, infrastructure, and AI systems
  • \n

\n

Develop multi-stage attack chains combining:

\n

    \n
  • Traditional and AI-specific techniques
  • \n

\n

• Support purple team exercises with SOC and detection teams

\n

Automation & AI-Driven Security Testing

\n

Leverage AI tools to:

\n

    \n
  • Automate vulnerability discovery
  • \n

  • Generate test cases and attack payloads
  • \n

  • Develop custom tools/scripts using:
  • \n

  • Python, Bash, PowerShell, or Go
  • \n

\n

• Enhance scalability and repeatability of pentesting processes

\n

Reporting & Stakeholder Engagement

\n

• Deliver:

\n

    \n
  • Executive-level summaries (CIO/CISO ready)
  • \n

  • Detailed technical reports with reproduction steps
  • \n

\n

• Provide:

\n

    \n
  • Risk-based prioritization aligned to business impact
  • \n

  • Actionable remediation guide
  • \n

\n

• Collaborate with:

\n

    \n
  • Engineering, Cloud, SOC, and DevOps teams
  • \n

\n

\n

Required Qualifications

\n

Experience

\n

• 5+ years in penetration testing, red teaming, or offensive security

\n

Proven experience testing:

\n

    \n
  • Web applications, APIs, and infrastructure
  • \n

\n

• Hands-on exposure to cloud security and enterprise environments

\n

Technical Skills

\n

• Strong knowledge of:

\n

    \n
  • OWASP Top 10 / API Top 10
  • \n

  • OWASP Top 10 LLM
  • \n

  • Network and infrastructure pentesting
  • \n

  • Identity and Active Directory exploitation
  • \n

\n

• Experience with tools such as:

\n

    \n
  • Burp Suite, Metasploit, Nmap
  • \n

  • BloodHound, Mimikatz, Nessus
  • \n

\n

\n

AI Security

\n

• Understanding of:

\n

    \n
  • LLM architectures and GenAI use cases
  • \n

  • RAG pipelines, embeddings, and vector databases
  • \n

\n


\n

Experience with:

\n

    \n
  • Prompt injection testing
  • \n

  • AI red teaming or model security assessments
  • \n

\n


\n

• Exposure to:

\n

    \n
  • LangChain, Semantic Kernel, or similar frameworks
  • \n

\n


\n

Programming

\n

Proficiency in:

\n

    \n
  • Python (required)
  • \n

  • Scripting (Bash/PowerShell)
  • \n

\n

\n

• Ability to develop:

\n

    \n
  • Custom testing tools and exploit scripts
  • \n

\n

\n

Preferred Qualifications

\n

• Certifications:

\n

    \n
  • OSCP, OSEP, or OSCE
  • \n

  • GPEN, GWAPT, or CRTO
  • \n

  • Cloud security certifications (AWS/Azure)
  • \n

\n

\n

• Experience with:

\n

    \n
  • AI security research or tooling
  • \n

  • Bug bounty programs or red team operations
  • \n

\n


\n

Key Competencies

\n

    \n
  • Strong attacker mindset and creative problem solving
  • \n

  • Ability to translate technical findings into business risk
  • \n

  • Excellent collaboration across engineering and security teams
  • \n

  • Focus on scalable, repeatable security processes
  • \n

\n