[Remote] AI Red Team Engineer
Note: The job is a remote job and is open to candidates in USA. White Circle is an AI Safety company building the safety, reliability, and optimization layer for AI systems. They are seeking an AI Red Team Engineer to perform adversarial testing on LLM-powered systems, automate attacks, and generate reports to enhance security and customer confidence.
Responsibilities
- Red-team LLM-powered systems: chatbots, copilots, RAG pipelines, AI agents, tool-calling workflows, and API-based AI products
- Test for jailbreaks, prompt injection, system-prompt and tool leakage, sensitive-data and context leakage, unsafe outputs, policy bypass, tool misuse, excessive agency, resource and token-cost abuse, and business-logic abuse
- Write lightweight Python to automate attacks, run prompt sets, call model APIs, collect and score responses, and generate repeatable reports
- Build and maintain an internal attack library: prompts, scenarios, test cases, regression tests, scoring rubrics, and reusable demo cases
- Turn model failures into clear reports: what happened, why it matters, how to reproduce it, how severe it is, and how to fix it
- Convert successful attacks into regression tests and product requirements
- Track new red-team and safety techniques and fold the useful ones into our tests
- Support GTM by producing strong, credible evidence for customer demos, security reviews, and sales conversations
Skills
- Genuinely love breaking things and reasoning adversarially
- Have a background in QA automation, AppSec, API/security/pen testing, or bug bounty
- Have strong Python scripting skills
- Have experience testing APIs, web apps, backends, or SaaS products
- Are hands-on with LLMs, prompts, system instructions, RAG, agents, and tool/function calling
- Understand LLM-specific abuse vectors (prompt injection, jailbreaks, data leakage, tool misuse, excessive agency, token-cost exhaustion)
- Can find bypasses, abuse edge cases, chain failures, and reason about real-world impact
- Can separate real customer risk from low-impact prompt tricks
- Write clear, reproducible bug reports in clear English
- Can move fast without perfect requirements
- Hold a firm ethical line: you red-team to make systems safer, operate within scope and the law, and don't produce or traffic in genuinely harmful material
- Experience with Burp Suite, Postman, Playwright, pytest
- Experience with modern LLM red-teaming automated agents and pipelines
- Familiarity with LangChain, LangGraph, LlamaIndex, RAG pipelines, AI agents, tool/function calling, and LLM-as-judge evaluation
- Familiarity with OWASP LLM Top 10, OWASP Web Top 10, MITRE ATLAS, or other AI security taxonomies
- Experience testing RAG systems, AI agents, tool-calling workflows, browser agents, or internal copilots
- Experience writing customer-facing security reports
- Experience with trust & safety, abuse prevention, fraud, moderation, or platform security
- Experience building eval pipelines, regression suites, dashboards, or CI-friendly security tests
- A track record in CTFs, red-team competitions, or responsible-disclosure / bounty programs
Benefits
- Paid time off in line with your local regulations, no matter where you work from
- Work from Paris (hybrid) + relocation package
- Best medical insurance in France
- All the hardware, tools, and services you need
- Covered subscriptions for AI agents
- Team off-sites twice a year: we've recently been to the Alps and to Saint-Tropez
Company Overview