Senior Offensive Security Engineer, Web and AI Systems

Our Customer is a Silicon Valley-based company that is engaged in researching emerging technologies.

We are seeking a contract Senior Offensive Security Engineer to proactively identify, exploit, and help eliminate security weaknesses across web platforms and AI/ML systems. In this role, you will think like an attacker, operate with engineering rigor, and work closely with product, platform, and AI teams to raise the security bar across the organization.

You will lead complex penetration tests, design novel attack techniques for web and modern AI-powered applications, and influence secure-by-design architecture at scale.

This role is on-site in Mountain View, CA.

Responsibilities:

• Conduct offensive security assessments on large-scale web applications, REST APIs, and cloud-backed services
• Identify and validate vulnerabilities, including injection flaws, access control issues, authentication and authorization weaknesses, server-side request forgery, deserialization flaws, and business logic bugs
• Evaluate large language model–based systems and AI agents for prompt injection, data exfiltration, model abuse, and jailbreak vulnerabilities
• Design and execute red team–style engagements that simulate real-world adversary behavior
• Develop custom exploitation tools, proofs-of-concept, and fuzzers targeting web and AI attack surfaces
• Identify systemic security weaknesses and collaborate with engineering teams to drive durable mitigations
• Review system architectures and product designs with an attacker-focused perspective
• Produce clear, actionable security reports and present findings to technical and executive stakeholders

Skills and Qualifications:

• 5+ years of hands-on offensive security experience (senior level)
• Master’s degree in a relevant technical field preferred; exceptional hands-on experience may substitute
• Deep expertise in web application security and API exploitation
• Proven ability to identify and exploit critical/high-impact vulnerabilities
• Strong attacker mindset with experience simulating real-world attack scenarios
• Experience with red teaming and penetration testing (black-box and gray-box)
• Hands-on full-stack testing (frontend, backend, APIs)
• Proficiency in Python, JavaScript, or similar for exploitation, tooling, and code review
• Experience with manual testing, fuzzing, and targeted code review
• Ability to explain exploitation techniques, impact, and CVSS scoring
• Comfortable working in secure lab environments with strict operational controls
• Strong communication skills for presenting findings to global engineering teams
• AI/LLM security exposure (prompt injection, jailbreaks) preferred
• Certifications (OSCP, OSWE, CRTO), bug bounty, CVEs, or security research nice to have

Preferred:

• Experience with adversarial machine learning, AI red teaming, or secure large language model pipeline design
• Experience securing cloud environments and containerized platforms
• Background in security research, including published vulnerabilities, capture-the-flag participation, blogs, or conference presentations
• Relevant offensive security certifications

We offer a competitive salary range for this position. Most candidates who join our team are hired at the median of this range, ensuring fair and equitable compensation based on experience and qualifications.

Contractor benefits are available through our 3rd Party Employer of Record (Available upon completion of waiting period for eligible engagements)

Benefits include: Medical, Dental, Vision, 401k.

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.