Apply Now
Location: San Jose, California (CA)
Contract Type: C2C
Posted: 2 hours ago
Closed Date: 07/09/2026
Skills: Security Engineer – Pentesting,,AWS, Azure, GCP
Visa Type: Any Visa

Job Title: Security Engineer – Pentesting

Location: San Jose, CA (5 days Onsite)

Role summary

We are seeking a highly skilled Security Engineer specializing in Penetration Testing to strengthen our o ensive security capabilities. This role is responsible for identifying vulnerabilities across applications, infrastructure, cloud environments, and emerging AI/ML systems, including Large Language Models (LLMs) and GenAI platforms. The ideal candidate combines deep technical pentesting expertise with hands-on experience in AI security, enabling proactive defense against sophisticated and evolving threats.

 

Key Responsibilities:

Application & API Security Testing

  • Perform black-box, gray-box, and white-box penetration testing of: 
  • Web applications, APIs (REST/GraphQL), and mobile platforms

• Identify vulnerabilities including: 

  • Authentication/authorization flaws
  • Injection attacks
  • Business logic vulnerabilities
  • Session Management
  • Information Gathering
  • Data Validation, Governance and Transfer
  • Configuration Management

• Conduct secure code reviews and validate SAST/DAST findings

Infrastructure & Network Penetration Testing

• Execute penetration testing across: 

  • Enterprise networks (internal/external)
  • Cloud platforms (AWS, Azure, GCP)
  • Hybrid environments

• Perform: 

  • Privilege escalation and lateral movement
  • Active Directory assessments (Kerberos, NTLM, etc.)

• Identify misconfigurations and control weaknesses

AI/ML & GenAI Security Testing

• Conduct security assessments on: 

  • LLM-based applications and AI copilots
  • Machine learning models and pipelines

• Perform: 

  • Prompt injection and jailbreak testing
  • Data leakage and model abuse scenarios
  • Adversarial ML attacks (evasion, poisoning)

• Assess: 

  • RAG (Retrieval-Augmented Generation) pipelines
  • Model APIs, plugins, and agent frameworks
  • E ectiveness of AI guardrails and controls

Red Teaming & Adversary Simulation

• Simulate real-world attack scenarios across: 

  • Applications, infrastructure, and AI systems

Develop multi-stage attack chains combining: 

  • Traditional and AI-specific techniques

• Support purple team exercises with SOC and detection teams

Automation & AI-Driven Security Testing

Leverage AI tools to: 

  • Automate vulnerability discovery
  • Generate test cases and attack payloads
  • Develop custom tools/scripts using: 
  • Python, Bash, PowerShell, or Go

• Enhance scalability and repeatability of pentesting processes

Reporting & Stakeholder Engagement

• Deliver: 

  • Executive-level summaries (CIO/CISO ready)
  • Detailed technical reports with reproduction steps

• Provide: 

  • Risk-based prioritization aligned to business impact
  • Actionable remediation guide

• Collaborate with: 

  • Engineering, Cloud, SOC, and DevOps teams

Required Qualifications

Experience

• 5+ years in penetration testing, red teaming, or o ensive security

Proven experience testing: 

  • Web applications, APIs, and infrastructure

• Hands-on exposure to cloud security and enterprise environments

Technical Skills

• Strong knowledge of: 

  • OWASP Top 10 / API Top 10
  • OWASP Top 10 LLM
  • Network and infrastructure pentesting
  • Identity and Active Directory exploitation

• Experience with tools such as: 

  • Burp Suite, Metasploit, Nmap
  • BloodHound, Mimikatz, Nessus

 AI Security 

• Understanding of: 

  • LLM architectures and GenAI use cases
  • RAG pipelines, embeddings, and vector databases

 • Experience with: 

  • Prompt injection testing
  • AI red teaming or model security assessments

 • Exposure to: 

  • LangChain, Semantic Kernel, or similar frameworks

 Programming

Proficiency in: 

  • Python (required)
  • Scripting (Bash/PowerShell)

 • Ability to develop: 

  • Custom testing tools and exploit scripts 

Preferred Qualifications

• Certifications: 

  • OSCP, OSEP, or OSCE
  • GPEN, GWAPT, or CRTO
  • Cloud security certifications (AWS/Azure)