Offensive Security Engineer at Red Violet Inc
Boca Raton, Florida, United States -
Full Time


Start Date

Immediate

Expiry Date

11 May, 26

Salary

0.0

Posted On

10 Feb, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Penetration Testing, Offensive Security, Cloud Infrastructure Testing, API Security Testing, AI/LLM Security Testing, Prompt Injection, Model Inversion, Threat Modeling, Vulnerability Validation, Remediation Guidance, AWS, Python, Burp Suite, Metasploit, Nmap, MITRE ATT&CK

Industry

IT Services and IT Consulting

Description
Description Our Company: At red violet, we build proprietary technologies and apply analytical capabilities to deliver identity intelligence. Our technology powers critical solutions, which empower organizations to operate with confidence. Our solutions enable the real-time identification and location of people, businesses, assets, and their interrelationships. These solutions are used for purposes including risk mitigation, due diligence, fraud detection and prevention, regulatory compliance, and customer acquisition. Our intelligent platform, CORE™, is purpose-built for the enterprise, yet flexible enough for organizations of all sizes, bringing clarity to massive datasets by transforming data into intelligence. Our solutions are used today to enable frictionless commerce, to ensure safety, and to reduce fraud and the concomitant expense borne by society. The Role: The Offensive Security Engineer is responsible for proactively identifying, validating, and demonstrating security weaknesses across traditional applications, cloud infrastructure, APIs, and AI-enabled systems, including Large Language Models (LLMs), machine learning pipelines, and AI-integrated products. This role sits at the intersection of offensive security, cloud security, and AI risk, working closely with Security Engineering, Cloud Engineering, Development, and Data Science teams. The tester will simulate real-world adversaries to uncover exploitable weaknesses, validate security controls, and provide actionable remediation guidance to reduce organizational risk. What You Will Do: Core Penetration Testing: Conduct authorized penetration tests against web applications, APIs, cloud infrastructure, containers, and internal services. Perform network, application, and cloud security testing using both automated tooling and manual exploitation techniques. Validate vulnerabilities discovered through scanning, threat modeling, or other submissions. AI and ML Testing:- Test AI-enabled products and services for AI-specific threats: Prompt injection and prompt manipulation. Model inversion and data extraction. Training data poisoning. Model theft and inference abuse. Excessive data exposure via AI APIs. Assess security controls around AI pipelines, including data ingestion, training environments, inference endpoints, and model storage. Evaluate abuse scenarios involving AI agents, automation, and third-party AI integrations. Reporting and Collaboration: Produce clear, high-quality penetration testing reports with risk ratings, exploit evidence, and prioritized remediation guidance. Partner with engineering teams to validate fixes, retest findings, and implement compensating controls where remediation is not immediately feasible. Contribute to secure design reviews and threat modeling for new products, cloud services, and AI capabilities. Support red team activities and collaborate with Security Operations during incident investigations involving exploited vulnerabilities. Continuous Improvement: Stay current on emerging attack techniques, especially in AI, cloud-native, and API security. Help evolve internal penetration testing methodologies, tooling, and playbooks. Assist with compliance and audit evidence related to penetration testing and security assessments (SOC 2, PCI, NIST, ISO). What You Bring: Hands-on experience in penetration testing, offensive security, or red team operations. Strong experience testing web applications, APIs, and cloud environments (AWS preferred). Demonstrated knowledge of AI/ML security risks, including LLM abuse patterns and model-level attacks. Proficiency with common penetration testing tools (e.g., Burp Suite, Metasploit, Nmap, cloud-native tooling). Strong understanding of: OWASP Top 10, OWASP API Security Top 10, Cloud attack paths and IAM abuse, and MITRE ATT&CK Ability to write clear, developer-friendly remediation guidance. Comfortable scripting or automating testing tasks (Python, Bash, PowerShell preferred). Excellent communication skills and ability to work cross-functionally. Experience testing AI APIs, LLM platforms, or ML pipelines in production environments. Familiarity with AI risk frameworks (e.g., NIST AI RMF). Experience in regulated or high-trust environments. Relevant certifications include: OSCP, OSCE, CRTO, GPEN, GXPN, Cloud security certifications, AI-security or ML-adjacent coursework or certifications Applicants must have permanent work authorization in the U.S.; we are not sponsoring visas for this role. What We Offer: red violet offers excellent benefits including opportunity for stock (RSU) grants, a 401K and generous company match, flexible PTO policy, medical, dental and vision coverage, commuter benefits, in-office healthy snacks, team events and more. red violet is proud to be an Equal Opportunity Employer.

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities
The Offensive Security Engineer will proactively identify, validate, and demonstrate security weaknesses across applications, cloud infrastructure, APIs, and AI-enabled systems by simulating real-world adversaries. This involves conducting core penetration testing, specialized AI/ML testing, producing high-quality reports with remediation guidance, and contributing to secure design reviews.
Loading...