AI Red Team Security Engineer

About Ethos Ethos is a leading life insurance technology company on a mission to protect families by democratizing access to life insurance and empowering agents at scale. With its robust three-sided technology platform, Ethos is transforming the life insurance experience for consumers, agents, and carriers alike. Ethos offers instant, accessible products and a seamless online process that requires no medical exams and just a few health questions; it eliminates traditional barriers, making it easier than ever for everyone to protect their families. Ethos is redefining how life insurance is bought, sold, and underwritten. About the role We are looking for a skilled and creative AI Red Team Engineer to join our offensive security team. In this role, you will simulate real-world adversaries, exploit vulnerabilities across applications, cloud infrastructure, and AI/ML systems using both traditional penetration testing techniques and cutting-edge AI-augmented attack tooling. You will operate across the full attack surface: web apps, APIs, mobile, internal networks, and AI-powered products including LLM pipelines, model APIs, agents, and RAG systems. You will help us find the flaws before the adversaries do, and work closely with engineering and product teams to close those gaps. Duties and Responsibilities: AI & LLM Security Testing Design and execute adversarial attacks against large language model (LLM)-powered products including prompt injection, jailbreaking, goal hijacking, and context manipulation. Test retrieval-augmented generation (RAG) pipelines for data exfiltration, poisoning, and unauthorized knowledge extraction. Assess AI agent systems and agentic workflows for unsafe tool-use, privilege escalation, and indirect prompt injection via environment feedback. Conduct model extraction, membership inference, and adversarial example attacks against deployed ML models. Evaluate AI guardrails, safety filters, and content moderation layers for bypass techniques. Penetration Testing & Ethical Hacking Perform full-scope penetration tests across web applications, REST/GraphQL APIs, mobile apps (iOS/Android), cloud environments (AWS, GCP, Azure), and internal networks. Conduct red team exercises simulating advanced persistent threat (APT) actors using MITRE ATT&CK and AI-augmented techniques. Exploit vulnerabilities across the OWASP Top 10 and beyond: SSRF, IDOR, XXE, SSTI, authentication bypasses, and logic flaws. Perform social engineering and phishing simulations as part of combined red team campaigns. Conduct cloud and Kubernetes security assessments including IAM misconfigurations, container escapes, and privilege escalation paths. AI-Augmented Attack Operations Leverage AI models and tools (e.g., LLMs, code generation, fuzzing assistants) to accelerate vulnerability discovery, payload crafting, and exploit development. Build or adapt AI-powered reconnaissance, exploitation, and evasion tooling for internal use in red team engagements. Stay current with adversarial AI research and translate academic findings into practical red team techniques. Use AI to automate repetitive testing tasks and generate novel attack variants at scale. Qualifications and Skills: 7+ years of hands-on penetration testing and offensive security experience in a professional setting Demonstrated experience testing AI/ML systems, LLM-powered products, or AI APIs Experience conducting red team engagements Scripting and tool development Strong understanding of authentication protocols and common implementation flaws Familiarity with cloud security architectures and common misconfigurations Working knowledge of Docker/Kubernetes and container security Understanding of LLM architectures and how they relate to attack surfaces. Familiarity with OWASP LLM Top 10 Practical experience with prompt injection and jailbreak techniques against LLMs Ability to use LLMs as force-multipliers in red team workflows

Preferred Qualifications

Certifications: OSCP, OSEP, CRTO, CRTE, PNPT, CEH, GPEN, GWAPT, or equivalent Experience with adversarial ML frameworks Contributions to open-source security tooling or published CVEs / bug bounty hall-of-fame credits Familiarity with AI governance frameworks Experience with GenAI infrastructure Background in threat modeling for AI-powered applications Reverse engineering skills for binary and mobile assessments CTF participation or competitive hacking experience #LI-Remote #LI-MK1 The US national base salary range for this full-time position is $152,000 - $269,000. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Please note that the compensation details listed in US role postings reflect the base salary only and do not include applicable bonus, equity, or benefits. You can find further details of our US benefits at https://www.ethoslife.com/careers/ Don’t meet every single requirement? If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. At Ethos we are dedicated to building a diverse, inclusive and authentic workplace. We are an equal opportunity employer.. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Pursuant to the SF Fair Chance Ordinance, we will consider employment for qualified applicants with arrests and conviction records. To learn more about what information we collect and how it may be used, please refer to our California Candidate Privacy Notice. Recruitment Notice: Please be aware of recruitment scams. All legitimate communication from our team will only come from email addresses ending in @ethos.com or @getethos.com. We will never ask for payment, banking details, or sensitive personal information during the hiring process. If you are contacted by someone claiming to represent us from a different email address, please treat it as fraudulent. Apply To This Job