Note: The job is a remote job and is open to candidates in USA. Confidential is seeking a skilled Red Team Security Engineer to join their SOC team. The role involves simulating real-world adversary tactics to validate detection and response capabilities while conducting research into AI/LLM security risks.
Responsibilities
- Design and execute end-to-end red team operations covering the full attack chain: reconnaissance, initial access, lateral movement, privilege escalation, and data exfiltration
- Replicate APT group TTPs (e.g., Lazarus, APT41) to validate detection and incident response capabilities
- Develop and maintain custom offensive tools, C2 frameworks, and evasion techniques to simulate advanced threats
- Participate in BAS (Breach and Attack Simulation) playbook design and execution across Windows, macOS, and Linux platforms
- Research AI/LLM attack surfaces: Prompt Injection, model poisoning, adversarial examples, training data contamination, and AI Agent security risks
- Evaluate security risks in AI/LLM applications (RAG, MCP, Tool Use, Agentic workflows) and provide red team findings
- Track AI security research (MITRE ATLAS, OWASP LLM Top 10) and produce internal threat intelligence
- Collaborate with the blue team to translate red team findings into detection rules and defensive hardening
- Produce high-quality red team reports with actionable remediation recommendations
Skills
- 3+ years of hands-on penetration testing or red team experience
- Proficiency with at least one mainstream C2 framework (Cobalt Strike, Sliver, Havoc, etc.)
- Strong vulnerability exploitation fundamentals: web (OWASP Top 10), internal network (AD attack chains), cloud environments
- Familiar with MITRE ATT&CK framework; able to map TTPs and design corresponding attack scenarios
- Scripting/tooling development skills (Python, Go, or PowerShell)
- Holds at least one major red team certification: OSCP, CRTO, CRTE (preferred)
- (AI Security) Understanding of LLM application architectures (RAG, Agent, MCP, Tool Use) and ability to identify attack surfaces
- (AI Security) Hands-on research or PoC experience with Prompt Injection, jailbreaking, or model extraction attacks
- (AI Security) Familiar with MITRE ATLAS framework and AI/ML threat classification
- (Bonus) Web3 / blockchain security background (smart contract audits, on-chain attack analysis)
- (Bonus) CTF experience (DEFCON CTF, GeekCon, etc.) or published vulnerability research (CVE, conference talks, technical blog)
Company Overview
This page is owned and operated by Viral Audience. It was founded in undefined, and is headquartered in Silicon Valley, California US, US, with a workforce of 51-200 employees. Its website is .