AI Red Team Security Engineer

Ethos is a leading life insurance technology company on a mission to protect families by democratizing access to life insurance. They are seeking a skilled AI Red Team Security Engineer to join their offensive security team, where the primary responsibility will be to simulate real-world adversaries and exploit vulnerabilities across applications, cloud infrastructure, and AI/ML systems using both traditional and AI-augmented techniques.

Responsibilities:

• Design and execute adversarial attacks against large language model (LLM)-powered products including prompt injection, jailbreaking, goal hijacking, and context manipulation
• Test retrieval-augmented generation (RAG) pipelines for data exfiltration, poisoning, and unauthorized knowledge extraction
• Assess AI agent systems and agentic workflows for unsafe tool-use, privilege escalation, and indirect prompt injection via environment feedback
• Conduct model extraction, membership inference, and adversarial example attacks against deployed ML models
• Evaluate AI guardrails, safety filters, and content moderation layers for bypass techniques
• Perform full-scope penetration tests across web applications, REST/GraphQL APIs, mobile apps (iOS/Android), cloud environments (AWS, GCP, Azure), and internal networks
• Conduct red team exercises simulating advanced persistent threat (APT) actors using MITRE ATT&CK and AI-augmented techniques
• Exploit vulnerabilities across the OWASP Top 10 and beyond: SSRF, IDOR, XXE, SSTI, authentication bypasses, and logic flaws
• Perform social engineering and phishing simulations as part of combined red team campaigns
• Conduct cloud and Kubernetes security assessments including IAM misconfigurations, container escapes, and privilege escalation paths
• Leverage AI models and tools (e.g., LLMs, code generation, fuzzing assistants) to accelerate vulnerability discovery, payload crafting, and exploit development
• Build or adapt AI-powered reconnaissance, exploitation, and evasion tooling for internal use in red team engagements
• Stay current with adversarial AI research and translate academic findings into practical red team techniques
• Use AI to automate repetitive testing tasks and generate novel attack variants at scale

Requirements:

• 7+ years of hands-on penetration testing and offensive security experience in a professional setting
• Demonstrated experience testing AI/ML systems, LLM-powered products, or AI APIs
• Experience conducting red team engagements
• Scripting and tool development
• Strong understanding of authentication protocols and common implementation flaws
• Familiarity with cloud security architectures and common misconfigurations
• Working knowledge of Docker/Kubernetes and container security
• Understanding of LLM architectures and how they relate to attack surfaces
• Familiarity with OWASP LLM Top 10
• Practical experience with prompt injection and jailbreak techniques against LLMs
• Ability to use LLMs as force-multipliers in red team workflows
• Certifications: OSCP, OSEP, CRTO, CRTE, PNPT, CEH, GPEN, GWAPT, or equivalent
• Experience with adversarial ML frameworks
• Contributions to open-source security tooling or published CVEs / bug bounty hall-of-fame credits
• Familiarity with AI governance frameworks
• Experience with GenAI infrastructure
• Background in threat modeling for AI-powered applications
• Reverse engineering skills for binary and mobile assessments
• CTF participation or competitive hacking experience