Penetration and Security Tester
Responsibilities
Perform hands-on penetration testing and security assessments of AI and Agentic AI platforms.
Conduct security testing of Large Language Models (LLMs), AI agents, multi-agent systems, and AI workflows.
Assess the security of MCP (Model Context Protocol) implementations and integrations.
Identify, exploit, validate, and document security vulnerabilities across AI-enabled products and services.
Execute AI Red Teaming exercises and adversarial testing scenarios.
Evaluate risks related to:
Prompt Injection
Indirect Prompt Injection
Jailbreaking
Data Leakage and Data Exfiltration
Model Manipulation and Model Poisoning
Retrieval-Augmented Generation (RAG) Security Risks
Tool Abuse and Agent Exploitation
Perform application, API, cloud, and infrastructure security testing.
Develop detailed security reports with remediation recommendations.
Collaborate closely with Engineering, Product, and Security teams to mitigate identified vulnerabilities.
Conduct threat modeling activities for AI-driven systems and products.
Support the development of secure-by-design AI architectures and security best practices.
Stay up to date with emerging threats, attack techniques, and industry standards in AI Security.
Required Qualifications
Must-Have
Minimum 5 years of professional experience as a Penetration Tester, Security Tester, Offensive Security Engineer, or similar role.
OSCP (OffSec Certified Professional) certification is mandatory.
Strong hands-on penetration testing and vulnerability assessment experience.
Deep understanding of LLM Security and AI-specific attack vectors.
Practical experience testing Agentic AI platforms, AI agents, or AI-powered applications.
Experience in AI Security Engineering.
Strong knowledge of web application, API, and cloud security testing.
Experience with offensive security methodologies, frameworks, and tools.
Strong understanding of OWASP Top 10 and modern application security principles.
Ability to independently identify, exploit, and validate security vulnerabilities.
Excellent communication skills in English.
Nice-to-Have Qualifications
Experience with MCP Security Testing.
Prior experience with AI Red Teaming frameworks and methodologies.
Cloud Security expertise (AWS, Azure, or GCP).
Knowledge of secure AI/ML development practices.
Additional certifications such as:
OSEP
OSWE
GPEN
CISSP
CEH
German language skills.
Ability to communicate complex technical findings to non-technical stakeholders and business audiences.