Senior AI Security Red Team Lead & Offensive Testing Expert
Evolvesec
The Senior Application Security Tester & AI Red Team Subject Matter Expert is a senior-level offensive security role for a tester who has mastered modern web and API security and is now defining how Evolve Security tests AI-enabled applications, large language models, and agentic systems. This role wears two hats: hands-on senior application penetration tester for our most complex client engagements, and the firm-wide subject matter expert who builds, scales, and represents Evolve Security’s AI red team practice. The senior tester executes assessments with full autonomy, owns the technical relationship with client security and engineering leadership, mentors mid-level engineers and OSOC analysts, and is the recognized internal authority on offensive AI/ML testing methodology, tooling, and threat modeling. Typical Experience: 5–8+ years of offensive security experience with a deep concentration in web application and API penetration testing, plus demonstrable hands-on work testing AI/ML systems — LLM-backed applications, RAG pipelines, fine-tuned models, multi-agent systems, or production ML inference. A track record of dozens of completed assessments, published research, conference talks, CVEs, or open-source contributions is expected. Domain Expertise: Mastery of web application and API security beyond the OWASP Top 10 — business logic abuse, complex authentication and authorization flows (OAuth 2.0 / OIDC, SAML, JWT, mTLS), SSRF chains, deserialization, request smuggling, prototype pollution, and modern SPA / GraphQL attack surface. Equally fluent in the OWASP Top 10 for LLM Applications and OWASP ML Top 10 — prompt injection (direct, indirect, multi-modal), jailbreaks and safety bypasses, insecure output handling, training data poisoning and extraction, model denial of service, supply chain vulnerabilities in model and plugin ecosystems, excessive agency in agentic systems, sensitive data leakage from system prompts and embeddings, and vector store / RAG poisoning. Technical Skills: Expert with the modern offensive toolchain — Burp Suite Pro (including custom extensions), OWASP ZAP, Nuclei, Postman, Nmap, Metasploit, BloodHound — and able to build bespoke tooling when the off-the-shelf option falls short. Comfortable with AI red-teaming tooling such as Garak, PyRIT, Promptfoo, Giskard, and adversarial ML libraries, and confident designing custom evaluation harnesses against client-specific LLM and agent stacks. Strong scripting and small-tool development in Python, with working knowledge of JavaScript / TypeScript, Bash, and PowerShell. Familiar with the components of modern AI applications: vector databases (Pinecone, Weaviate, pgvector), embedding models, retrieval pipelines, agent frameworks (LangChain, LlamaIndex, CrewAI), and tool-use protocols including MCP. Soft Skills: Excellent written and verbal communication — produces publication-quality reports with no editorial rework, leads CISO and engineering-leader briefings, and de-escalates contested findings with technical rigor. Mentors mid-level engineers and OSOC analysts through code review, paired testing, and methodology coaching. Comfortable representing Evolve Security externally — webinars, podcasts, conference CFPs, and client thought-leadership content. Certifications (Preferred, not required): OSWE, OSCP, OSEP, GWAPT, GXPN, Burp Suite Certified Practitioner; AI/ML-adjacent credentials and contributions such as AI Red Team certifications, published prompt injection research, MITRE ATLAS contributions, or SANS SEC545/SEC595. Expertise that aligns to our approach Lead end-to-end web application and API penetration tests as the senior technical owner, scoping the engagement, executing the assessment, and presenting findings to client security and engineering leadership. Apply structured testing techniques aligned to OWASP WSTG and OWASP API Security Top 10 to assess authentication, session management, access control (vertical and horizontal privilege escalation), input validation, error handling, and business logic flaws. Design and execute AI red team engagements against LLM-backed applications, RAG systems, and agentic workflows — covering prompt injection (direct, indirect, multi-modal), jailbreak resilience, system prompt and tool-use exfiltration, training data and embedding leakage, insecure output handling, and excessive agency in tool-using agents. Map AI findings to the OWASP Top 10 for LLM Applications, OWASP ML Top 10, MITRE ATLAS, and the NIST AI Risk Management Framework so client stakeholders can defend severity and remediation calls internally. Test the full AI application surface: model endpoints, prompt and response pipelines, retrieval augmentation, vector stores, fine-tuning pipelines, plugin / tool integrations (including MCP servers), guardrail and safety layers, and supporting cloud infrastructure. Demonstrate proficiency in manual exploit development for both classical web vulnerabilities (XSS, SQLi, SSRF, IDOR, CSRF, deserialization) and LLM-specific attacks (jailbreak chains, indirect prompt injection via RAG content, agent hijacking via crafted tool outputs). Validate authentication mechanisms — OAuth, OIDC, SAML, MFA implementations, and JWT — and how they extend into AI-specific surfaces such as agent identity, per-user tool scoping, and prompt-level authorization. Assess session management, secrets handling, and data-flow controls in AI applications, including how user data ends up in prompts, logs, vector stores, and model fine-tunes. Execute client-side testing using browser dev tools and proxy-based inspection, evaluating DOM-based vulnerabilities, insecure local storage, and AI-driven client behaviors (e.g., embedded copilots and in-page agents). Test REST and GraphQL APIs using a combination of dynamic, manual, and automated methods; extend the same rigor to model and agent APIs. Perform code-assisted (grey-box) and full source review when available, identifying logic flaws, insecure configurations, and dangerous patterns specific to AI integrations (untrusted-content-into-prompt, unbounded tool use, missing output sanitization). Build, maintain, and contribute to Evolve Security’s AI red team methodology, payload libraries, evaluation harnesses, and reporting templates — and serve as the firm-wide reviewer for AI-related findings. Mentor mid-level penetration testing engineers and OSOC analysts through paired testing, technical review, knowledge-sharing sessions, and contributions to internal training and the academy. Represent Evolve Security externally through conference talks, blog posts, webinars, and client thought-leadership content on application security and AI red teaming. Communicate findings clearly, with strong emphasis on business impact, reproducibility, and strategic remediation guidance that engineering teams can actually ship. Success in the first 6 months looks like: Published, version-controlled AI red team methodology covering LLM applications, RAG systems, and agentic workflows, adopted across Evolve Security engagements. A reusable AI red team toolkit (custom Garak/PyRIT probes, payload libraries, evaluation harnesses) ready for any tester to use on a client engagement. Senior technical ownership of at least one strategic, AI-focused client account. Mentorship cadence in place with mid-level engineers and OSOC analysts; demonstrable uplift in their AI-related findings and reporting quality. At least one piece of public thought leadership (talk, blog, or research) attributed to Evolve Security. Who is Evolve Security? Evolve Security is a cybersecurity services firm headquartered in Chicago, IL. We are dedicated to improving our client’s security posture by providing continuous penetration testing, training services, and talent solutions. In addition to our professional cybersecurity service offerings, Evolve Security offers a cybersecurity bootcamp, “Evolve Academy”,currentlyrankedthe #1 cybersecurity bootcamp in the world. The Cybersecurity Bootcamp in Chicago provides immersive training, giving students the concrete and practicalskills,needed on the job. Students gain real work experience through live security assessment work that they perform on not-for-profit companies. We are passionate about directly improving our customers’ security posture, and we proudly train others to help meet the need for qualified cybersecurity talent. Benefits Include Healthcare Benefits 401(k) Match Parental Leave Flexible Paid Time Off Annual vacation reimbursement #J-18808-Ljbffr Evolvesec
- Evolve Security is looking for a Senior Application Security Tester & AI Red Team Subject Matter Expert in Chicago, IL. In this senior-level role, you will lead application penetration tests and be a key authority in AI-enabled... ...have 5-8+ years of offensive security experience...SeniorFlexible hours
£65k - £134k per year
Coalfire is looking for a Senior Consultant in Chicago to lead projects involving application security assessments. You will perform comprehensive penetration testing, manage client engagements, and mentor junior staff. Ideal candidates have a solid background in application...SeniorFlexible hours£65k - £134k per year
...cybersecurity experts, but above... ..., we are a team of... ...Summary The Senior Consultant... ...members to lead engagements... ...assessing the security of various... ...objective testing and results... ..., API, and AI Penetration... ...OSCE, OSEE offensive security certifications... ...Android. Red/Purple Team...SeniorWork at officeFlexible hours- Urbane Security is looking for talented professionals in offensive and defensive security to enhance their Security Services team. The role involves extensive penetration testing, risk assessment, and developing tailored security solutions. Applicants should have strong...Senior
$130k - $180k
...it possible for AI to impact clinical... ...box penetration tests on web... ...deep-dive mobile security assessments on iOS... ...certificate pinning. Lead specialized security... ...engineering teams with hands‑on remediation... ...environments. Expert knowledge of web... ...Certifications Offensive Security: OSCP,...Senior- ...Senior Offensive Security Engineer - Pentester Denver, Colorado;Seattle, Washington... ...top talent to join our team. You bring your talent and passion... ...hacker mentality. You will lead and participate in... ...a wide range of penetration testing techniques (reconnaissance,...SeniorWork at officeRemote workShift workDay shift
$175k - $195k
...change they need to own their future. We are seeking a senior-level AI Security Architect to help clients design, secure, and scale... ...modeling, architecture risk assessments, and AI security testing (including red teaming) for AI systems. Assess AI supply chain risk,...Senior- TransUnion LLC is seeking a skilled Red Teamer for their Cybersecurity team in Chicago. This role involves conducting in-depth threat emulation exercises, including Red Team and Purple Team operations to uncover vulnerabilities in our systems. The ideal candidate will have...SeniorWork at office
$167.37k - $209.21k
...business as the leading global omni‑... ...a time. Using AI, robotics and... ...and talented teams come in. They’... ...Department Overview As Senior Manager, Offensive Security, you will lead... ...testers and red team operators... ..., concurrent testing engagements... ...regions Expert‑level understanding...SeniorLocal areaShift work$130k - $180k
Tempus AI, Inc. is seeking a Senior Penetration Tester in Chicago, Illinois, focused on advancing... ...execute advanced penetration tests on applications and lead security testing for FDA-regulated... ...has over 5 years of experience, expert knowledge in web and mobile security...Senior$145k - $192.5k
...Global Information Security (GIS) team is looking for a Cyber Threat Defense AI Security Senior Engineer to lead the integration of... ...Act as a technical expert on AI‑driven cybersecurity... .... Collaborate with offensive security teams to develop AI‑enhanced red teaming and...SeniorShift workDay shift$150k - $225k
...will be on the bleeding edge of AI, helping transform... ...for our product and technology teams as you discover repeatable solutions... ...discovery and scoping to POC, testing, and handover. ~ Code and ship... ...instrument logging/metrics, add tests, security controls, and deployment...Senior- Application Security Engineer (Senior) ID71672 Full time | AgileEngine | United States... ...application development and AI/ML, and our people-first... ...remediation guidance to development teams, and operate with full... ...modern application security testing tools, including SAST, DAST,...SeniorFull timeWork at officeRemote workVisa sponsorshipWork visaFlexible hours
- ...TEKsystems c/o Allegis Group is hiring a Senior CCaaS Engineer in Chicago, IL (Fully Remote). In this role, you will be responsible... ...with vendors, and ensuring telecom systems comply with industry security standards. The ideal candidate will demonstrate strong telephony...SeniorRemote work
$152.95k - $272k
...When you join NFA as a Senior AI & Application Security Engineer, you will... ...leader and subject‑matter expert developing, designing... ...data, and governance teams. Your expertise will... .... What you’ll do: Lead secure design and... ...application security testing across cloud and AI environments...Senior$185k - $200k
...AI Governance Lead This is an opportunity to join Ascot Group... ...is a talented team who flourish in a collaborative... ...leading financial security while delivering bespoke... ...Reporting to the Senior Vice President, Predictive... ...explainability, Bias/fairness testing, Human-in-the-loop...Temporary workWork at officeLocal areaFlexible hours$128.1k - $239.6k
...powerhouse of diverse teams and take your... ...is seeking a Cloud Security consultant with expertise... ...consultant will lead the enablement of CNAPP... ...automated security testing and compliance,... ...SME (subject matter expert) to mature/advance... .... Enabled by data, AI and advanced technology...SeniorSummer holidayLocal areaFlexible hoursShift work$171.7k - $300.5k
Senior Director, AI Security page is loaded## Senior Director, AI Securitylocations: Chicago, ILtime type... ...’s most sophisticated clients using leading technology and exceptional service.... ...compliance audits, the evaluation and testing of hardware, firmware and software for...SeniorWork experience placementFlexible hours- ...government services firm is seeking an experienced eDiscovery Analytics Lead to provide technical support for federal agency projects. You... ...skills and a strong background in project management. Join our team to contribute to important government initiatives. #J-18808-...Senior
- ...Business Intelligence team is building AI-enabled analytics... ...We're seeking a Senior Software... ...build, establish secure development workflows... ...implement automated testing, security... ...BigQuery, Redshift) Expert-level SQL, query... ...Collaboration Leads by example through...SeniorContract workRemote workRelocation package
- ...directly. As a leading, global... ...Technology & Data Team is a dynamic... ...like AI and cloud solutions... ...currently seeking a Senior AI... ...Information Security department. The... ...penetration testing experience, deep... ...with the latest offensive security... ...threats; support red team exercises...SeniorFull timeTemporary workWork at officeImmediate start2 days per week3 days per week
- Senior / Lead Conversational AI & Digital Payments Solutions Engineer 02/04/2026 Contract... ...will design scalable, secure, and high-performing solutions... ...needed. Partner with cloud teams (AWS, Azure, GCP) to ensure... ...design, data preparation, testing, and feedback loops. Understanding...SeniorContract work
$145.2k - $236.7k
...Lead Associate Principal Cloud Security Engineer Join our dynamic Security Engineering team as a Lead Associate Principal Cloud Security... ...assets, implement AI-based security... ...architecture, and security testing Apply expertise in... ...lifecycle. Expert level knowledge of...Local areaRemote work2 days per week- ...You’ll work with leading companies across... ...cloud and AI journeys. With support... ...technology, and Red Hat, you’ll have... ...to delivery teams across active engagements... ...teams to build, test, and ship AI... ...Serve as a senior technical voice... ...Solutions Architect Expert, Azure AI Engineer...SeniorWorldwide
- PEAK6 is seeking a Lead Payroll to own the payroll processing across multiple states. You will be responsible for ensuring compliance with payroll regulations and collaborating cross-functionally. The role is perfect for those who thrive in a fast-paced environment and...SeniorRemote work
$170.6k - $390k
...globally connected powerhouse of diverse teams and take your career wherever you... ...- Microsoft Enterprise Platform - Senior Manager (Architect & Solution Lead Roles) - Location OPEN Role... ...and deliver this capability across AI, Security, and Cloud domains. As part of...SeniorFull timeSummer holidayWork at officeFlexible hours$89k - $142k
Woodward HRT/MPC in Niles, IL is seeking a Trade Compliance Specialist. In this role, you will manage compliance with U.S. government regulations regarding export and import transactions, ensuring adherence to ITAR, EAR, and other relevant regulations. Your expertise will...Senior$144k - $180k
A leading insurance firm in Chicago is seeking a Senior Manager of SEC Reporting to oversee the preparation and filing of SEC reports. This role will lead the SEC Reporting team, ensuring compliance with U.S. GAAP and SEC regulations while collaborating with multiple departments...Senior- Australia-Employment is seeking a Safety Manager in Chicago to lead safety initiatives in their construction projects. This role demands significant experience in construction safety and knowledge of OSHA regulations. Responsibilities include conducting safety evaluations...Senior
- ...candidates will have a bachelor's degree or 8+ years of equivalent experience with the Trade Compliance program. Responsibilities include leading compliance efforts, reviewing contracts, and driving export licensing strategy. The position offers a comprehensive benefits...Senior
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Senior AI Security Red Team Lead & Offensive Testing Expert. Be the first to apply!
- group strategy director Chicago, IL
- clinical team leader Chicago, IL
- marketing team manager Chicago, IL
- team leader Chicago, IL
- application team lead Chicago, IL
- group operations director Chicago, IL
- group operations manager Chicago, IL
- after school program leader Chicago, IL
- healthcare team leader Chicago, IL
- team lead full time Chicago, IL


