AI Red Team Engineer

Role Overview:

Lead offensive security testing of an AI Agent, a tool-augmented LLM that can browse, run code, access connectors (GDrive, Gmail, GitHub, etc.), and act on behalf of users. The goal is to uncover high-risk model mistakes, prompt-injection pathways, and data-exfiltration vectors before adversaries do.

Day-to-day responsibilities:

• Design and automate multi-turn attack chains spanning browser, terminal, and connector-API misuse.
• Craft multi-turn conversations that co-opt Agent tools to induce high-impact mistakes, such as unauthorized purchases or data deletion.
• Design prompt-injection and data-exfiltration scenarios, including malicious webpages, poisoned Google Docs, and cross-connector inference attacks.
• Script repeatable tests in Python or bash inside the VM and build harnesses to replay payloads after mitigations.
• Verify compliance with policy guardrails (PD5, FA2) and attempt policy-bypass exploits.

Requirements:

• 2+ years of hands-on offensive security or adversarial ML experience, including at least 1 year in LLM or prompt-injection testing.
• Deep fluency with classic AppSec techniques (XSS, CSRF, SSRF) and LLM-specific issues (jailbreaks, hidden prompt channels).
• Comfortable orchestrating attacks that chain browser automation, terminal commands, HTTP requests, and API calls.
• Proficient in Python and bash; capable of prototyping tooling inside a constrained VM.
• Proven track record of clear vulnerability write-ups (CVE, HackerOne, or internal bug bounty).
• Working knowledge of privacy and financial-risk policies (GDPR, SOC2, or comparable).

Nice-to-Have:

• Published research or conference talks on AI red-teaming (DEF CON, Black Hat, MLSecOps, etc.).
• Familiarity with OpenAI policy taxonomy (PD1-PD5, FA1-FA3).
• Certifications: OSCP, GXPN, or CCSK (cloud).
• Work in a fully remote environment.
• Opportunity to work on cutting-edge AI projects with leading LLM companies.

Offer Details:

• Commitments required: At least 4 hours per day and a minimum of 20 hours per week with 4 hours overlapping with PST (options: 20, 30, or 40 hrs/week).
• Employment type: Contractor assignment (no medical/paid leave).
• Duration of contract: 2 months; expected start date next week.
• Location: India, Pakistan, Nigeria, Kenya, Egypt, Ghana, Bangladesh, Turkey, Mexico.

Location: Remote - India, Pakistan, Nigeria, Kenya, Ghana, Egypt, Bangladesh, Turkey, Mexico

Skills required for this job:

• AI (Artificial intelligence)
• Application security
• Attack orchestration
• Bash
• Browser automation
• LLM (Large language model)
• ML
• Offensive Security
• OpenAI
• Prompt-injection testing
• Python