Offensive Security Engineer

Description

Our Company:

At red violet, we build proprietary technologies and apply analytical capabilities to deliver identity intelligence. Our technology powers critical solutions, which empower organizations to operate with confidence. Our solutions enable the real-time identification and location of people, businesses, assets, and their interrelationships. These solutions are used for purposes including risk mitigation, due diligence, fraud detection and prevention, regulatory compliance, and customer acquisition. Our intelligent platform, CORE, is purpose-built for the enterprise, yet flexible enough for organizations of all sizes, bringing clarity to massive datasets by transforming data into intelligence. Our solutions are used today to enable frictionless commerce, to ensure safety, and to reduce fraud and the concomitant expense borne by society.

The Role:

The Offensive Security Engineer is responsible for proactively identifying, validating, and demonstrating security weaknesses across traditional applications, cloud infrastructure, APIs, and AI-enabled systems, including Large Language Models (LLMs), machine learning pipelines, and AI-integrated products. This role sits at the intersection of offensive security, cloud security, and AI risk, working closely with Security Engineering, Cloud Engineering, Development, and Data Science teams. The tester will simulate real-world adversaries to uncover exploitable weaknesses, validate security controls, and provide actionable remediation guidance to reduce organizational risk.

What You Will Do:

Core Penetration Testing:

• Conduct authorized penetration tests against web applications, APIs, cloud infrastructure, containers, and internal services.
• Perform network, application, and cloud security testing using both automated tooling and manual exploitation techniques.
• Validate vulnerabilities discovered through scanning, threat modeling, or other submissions.

AI and ML Testing:- Test AI-enabled products and services for AI-specific threats:

• Prompt injection and prompt manipulation.
• Model inversion and data extraction.
• Training data poisoning.
• Model theft and inference abuse.
• Excessive data exposure via AI APIs.
• Assess security controls around AI pipelines, including data ingestion, training environments, inference endpoints, and model storage.
• Evaluate abuse scenarios involving AI agents, automation, and third-party AI integrations.

Reporting and Collaboration:

• Produce clear, high-quality penetration testing reports with risk ratings, exploit evidence, and prioritized remediation guidance.
• Partner with engineering teams to validate fixes, retest findings, and implement compensating controls where remediation is not immediately feasible.
• Contribute to secure design reviews and threat modeling for new products, cloud services, and AI capabilities.
• Support red team activities and collaborate with Security Operations during incident investigations involving exploited vulnerabilities.

Continuous Improvement:

• Stay current on emerging attack techniques, especially in AI, cloud-native, and API security.
• Help evolve internal penetration testing methodologies, tooling, and playbooks.
• Assist with compliance and audit evidence related to penetration testing and security assessments (SOC 2, PCI, NIST, ISO).

What You Bring:

• Hands-on experience in penetration testing, offensive security, or red team operations.
• Strong experience testing web applications, APIs, and cloud environments (AWS preferred).
• Demonstrated knowledge of AI/ML security risks, including LLM abuse patterns and model-level attacks.
• Proficiency with common penetration testing tools (e.g., Burp Suite, Metasploit, Nmap, cloud-native tooling).
• Strong understanding of: OWASP Top 10, OWASP API Security Top 10, Cloud attack paths and IAM abuse, and MITRE ATT&CK
• Ability to write clear, developer-friendly remediation guidance.
• Comfortable scripting or automating testing tasks (Python, Bash, PowerShell preferred).
• Excellent communication skills and ability to work cross-functionally.
• Experience testing AI APIs, LLM platforms, or ML pipelines in production environments.
• Familiarity with AI risk frameworks (e.g., NIST AI RMF).
• Experience in regulated or high-trust environments.
• Relevant certifications include: OSCP, OSCE, CRTO, GPEN, GXPN, Cloud security certifications, AI-security or ML-adjacent coursework or certifications
• Applicants must have permanent work authorization in the U.S.; we are not sponsoring visas for this role.

What We Offer:

red violet offers excellent benefits including opportunity for stock (RSU) grants, a 401K and generous company match, flexible PTO policy, medical, dental and vision coverage, commuter benefits, in-office healthy snacks, team events and more.

red violet is proud to be an Equal Opportunity Employer.