[Remote] Senior Engineer, Offensive Security
Note: The job is a remote job and is open to candidates in USA. Humana Inc. is a leading U.S. healthcare company, and they are seeking a Senior Engineer in Offensive Security. The role involves building AI-driven offensive tooling, conducting penetration tests, and running red-team operations to enhance the security posture of the organization.
Responsibilities
- Write production-quality software and AI agents, LLM-driven planning loops, multi-agent orchestration, and tool/function-calling that drives real offensive tooling, and contribute to the in-house agent platform that powers our pentest and red-team operations
- Network, web-application, cloud, and infrastructure testing, recon through exploitation, privilege escalation, and lateral movement, accelerated by the tooling you build, with your own judgment owning scope and exploitability
- Validate security countermeasures (EDR/XDR, NDR, DLP, firewalls) with our defensive partners, then pair with detection engineering to close the gaps your attacks reveal
- Objective-driven adversary emulation; and adversarial assessment of internal LLM-powered products, agents, RAG pipelines, and ML applications, prompt injection, jailbreaks, model extraction and inversion, membership inference, data and supply-chain poisoning, evasion, and agent tool/sandbox abuse, validating that guardrails and classifiers actually hold
- Ramp on the agent platform and the offensive service lines; deliver your first engagements (a penetration test and a purple-team exercise) and ship one improvement to the agentic tooling that you used during them
- Ship at least one AI-driven tool that a service line adopts into its live workflow, with metrics showing coverage or turnaround gains; run a red-team operation end to end
- Stand up repeatable adversarial testing for at least one of the enterprise's own AI systems; establish an evaluation approach that tracks your tooling's autonomous success against representative targets; become a go-to for both building and operating across the team
Skills
- Offensive operations experience: 4+ years in roles such as Red Team, Penetration Testing, Purple Team / control validation, or Bug Bounty, with a track record of delivering engagements end to end: scoping, execution, and clear written findings
- Production Python engineering: you build and operate real tooling, not only one-off scripts
- You've built with agentic AI: hands-on designing, building, or operating AI agents or LLM applications: agentic workflows, tool/function-calling, and orchestration. (We care about what you've shipped and operated, not years on a particular framework—these frameworks are only a few years old.)
- You've attacked AI: hands-on testing of AI/ML systems: prompt injection, jailbreaking, and adversarial techniques
- Cloud fluency: production experience with at least one major Cloud Service Provider (AWS, GCP, or Azure)
- Built autonomous or semi-autonomous offensive agents, LLM-driven penetration-testing agents, or reinforcement-learning exploit and attack-path planners
- Red-team tradecraft: C2 frameworks (e.g. Cobalt Strike, Sliver, Mythic), evasion and OPSEC, and testing endpoints protected by modern EDR/XDR
- Purple-team and adversary-emulation fluency: MITRE ATT&CK, and platforms such as VECTR or Atomic Red Team
- Hands-on with AI red-teaming frameworks such as PyRIT or Garak, and fluent in MITRE ATLAS, the OWASP Top 10 for LLM Applications, and the NIST AI Risk Management Framework
- Model Context Protocol (MCP), building clients/servers, or testing them and RAG pipelines for tool/prompt-injection abuse
- Cloud penetration-testing depth or multi-cloud breadth; threat-intelligence-driven operations; depth in an advanced offensive specialty (malware development, advanced red-team operations, or adversarial ML research)
- Published research, open-source contributions, or talks at DEF CON (incl. the AI Village / Generative Red Team), BSides, x33fcon, or Black Hat, or strong showings in AI-security competitions like HackAPrompt
- Certifications are a plus, not a gate, offensive (e.g. OSCP, OSEP, OSED, OSCE3, CRTO, CRTL, CPTS, CWES, CWEE, CAPE) and emerging AI-security (e.g. the OffSec AI Red Teamer (OSAI / AI-300), the SANS/GIAC AI security line, the HTB AI Red Teamer path)
Benefits
- Bonus incentive plan
- Medical, dental and vision benefits
- 401(k) retirement savings plan
- Time off (including paid time off, company and personal holidays, paid parental and caregiver leave)
- Short-term and long-term disability
- Life insurance
- Hack The Box Pro Labs, all HTB role-based paths and certifications, discretionary certification funding, and conference/training budgets
- Work from a dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information
Company Overview
Company H1B Sponsorship