Role Overview:
Lead offensive security testing of an AI Agent, a tool-augmented LLM that can browse, run code, access connectors (GDrive, Gmail, GitHub, etc.), and act on behalf of users. The goal is to uncover high-risk model mistakes, prompt-injection pathways, and data-exfiltration vectors before adversaries do.
Day-to-day responsibilities:
* Design and automate multi-turn attack chains spanning browser, terminal, and connector-API misuse.
* Craft multi-turn conversations that co-opt Agent tools to induce high-impact mistakes, such as unauthorized purchases or data deletion.
* Design prompt-injection and data-exfiltration scenarios, including malicious webpages, poisoned Google Docs, and cross-connector inference attacks.
* Script repeatable tests in Python or bash inside the VM and build harnesses to replay payloads after mitigations.
* Verify compliance with policy guardrails (PD5, FA2) and attempt policy-bypass exploits.
Requirements:
* 2+ years of hands-on offensive security or adversarial ML experience, including at least 1 year in LLM or prompt-injection testing.
* Deep fluency with classic AppSec techniques (XSS, CSRF, SSRF) and LLM-specific issues (jailbreaks, hidden prompt channels).
* Comfortable orchestrating attacks that chain browser automation, terminal commands, HTTP requests, and API calls.
* Proficient in Python and bash; capable of prototyping tooling inside a constrained VM.
* Proven track record of clear vulnerability write-ups (CVE, HackerOne, or internal bug bounty).
* Working knowledge of privacy and financial-risk policies (GDPR, SOC2, or comparable).
Nice-to-Have:
* Published research or conference talks on AI red-teaming (DEF CON, Black Hat, MLSecOps, etc.).
* Familiarity with OpenAI policy taxonomy (PD1-PD5, FA1-FA3).
* Certifications: OSCP, GXPN, or CCSK (cloud).
* Work in a fully remote environment.
* Opportunity to work on cutting-edge AI projects with leading LLM companies.
Offer Details:
* Commitments required: At least 4 hours per day and a minimum of 20 hours per week with 4 hours overlapping with PST (options: 20, 30, or 40 hrs/week).
* Employment type: Contractor assignment (no medical/paid leave).
* Duration of contract: 2 months; expected start date next week.
* Location: India, Pakistan, Nigeria, Kenya, Egypt, Ghana, Bangladesh, Turkey, Mexico.