Pindrop is the Real Human + Right Human® Identity Trust Platform for the AI era, focused on identity verification and deepfake detection. As a Senior Security Engineer (Red Team), you will proactively identify and exploit weaknesses in Pindrop's systems to strengthen defenses against adversaries.
Responsibilities:
- Design and execute red team operations against Pindrop’s GenAI systems, LLM pipelines, RAG architectures, autonomous agents, APIs, SaaS products, and cloud environments, simulating real-world attacks across both traditional and AI-specific attack surfaces
- Conduct adversarial testing focused on prompt injection, indirect prompt attacks, jailbreaking, model extraction, training-data poisoning, data leakage, inference abuse, and unauthorized output manipulation
- Use deepfake generation, voice synthesis, and related spoofing techniques to test and attempt to defeat Pindrop’s voice authentication and deepfake detection capabilities, helping identify model robustness and detection gaps
- Develop novel attack chains that combine GenAI vulnerabilities with infrastructure, application, identity, and API weaknesses to create realistic end-to-end threat scenarios
- Plan and execute full-scope penetration tests and support bug bounty efforts across Pindrop’s web applications, APIs, SaaS products, and AWS/GCP environments using commercial and open-source offensive tooling
- Perform architecture reviews, security code reviews, and threat modeling with emphasis on vulnerabilities introduced by AI/ML components, model integrations, and LLM-facing services
- Build automation for offensive security workflows, testing, compliance checks, alerting, and reporting using Python or similar scripting languages, including AI-native attack tooling where useful
- Partner closely with SecOps and security engineering to improve detections, tune response workflows, and translate red team findings into practical remediation and defensive improvements
- Stay current on GenAI security research, adversarial ML techniques, evolving threat intelligence, and relevant regulatory developments, then apply those insights to Pindrop’s security program
Requirements:
- 3+ years of hands-on penetration testing and red team experience across SaaS applications, cloud infrastructure, APIs, and web applications
- Demonstrable experience attacking GenAI or LLM-based systems, including prompt injection, jailbreaking, indirect prompt attacks, model extraction, or adversarial input generation
- Hands-on experience with deepfake tools, voice synthesis, or audio/visual spoofing technologies in an offensive or research context
- Strong proficiency with offensive security tooling such as Burp Suite, OWASP ZAP, Nmap, Metasploit, Cobalt Strike, or equivalent frameworks
- Experience configuring and operating SAST and DAST tools and integrating them into CI/CD pipelines
- Proficiency in at least one scripting or programming language, with Python strongly preferred, for custom attack tooling and workflow automation
- Familiarity with AI-specialized security tools or frameworks such as Garak, PyRIT, Claude Security, or similar adversarial ML tooling
- Strong understanding of cloud security architecture, container security, API security, and common security standards including ISO 27001/27002, NIST, CIS, PCI DSS, OWASP, and SOC 2
- Prior software development or secure architecture experience, including the ability to reason about production code across multiple languages
- Research, publication, or deep practitioner background in adversarial machine learning, LLM security, or voice/audio deepfake detection
- Relevant certifications such as OSCP, GPEN, GWAPT, GXPN, CEH, or equivalent
- Prior experience in voice biometrics, AI security, fraud prevention, or similarly high-risk product environments