Senior Red Team Analyst
IBLISS Digital Security
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇧🇷 Brazil
Visit company websiteJob Level
Senior
Tech Stack
CloudDockerKubernetesPython
About the role
- Leadership: Plan, lead, and execute penetration tests and Red Team exercises from kick-off through executive delivery in high-criticality environments (Web, APIs, Cloud, Internal Networks).
- Advanced AI/ML Exploitation: Perform security testing specific to Machine Learning models and LLMs (Large Language Models), identifying vulnerabilities such as Prompt Injection, Data Poisoning, and sensitive data extraction (Model Inversion).
- R&D of AI Attacks: Conduct research and develop Proofs of Concept (PoCs) to exploit weaknesses in data pipelines, model deployment environments (MLOps), and APIs that interact with AI.
- Quality and Communication: Produce high-quality technical and executive reports, including risk assessments for specific attack scenarios, and provide strategic guidance to clients.
- Validation and Remediation: Provide detailed, strategic guidance for remediating both traditional vulnerabilities and those specific to AI/ML.
- Technical Mentorship: Serve as a technical reference and mentor for Junior and Mid-level team members.
Requirements
- Mastery of security methodologies and frameworks, including PTES, OWASP Top 10, and advanced understanding of MITRE ATT&CK and AI security frameworks (e.g., OWASP Top 10 for LLMs or similar).
- Advanced proficiency in manual vulnerability exploitation for:
- Web applications and APIs;
- Mobile applications;
- Cloud infrastructure (IAM, PaaS);
- Experience establishing Rules of Engagement (RoE) for Red Team exercises and conducting physical and internal network tests.
- Experience or deep knowledge in AI/ML security testing, including:
- Evasion attacks (adversarial attacks);
- Data poisoning attacks;
- Testing LLM APIs (Prompt Injection, sandboxing vulnerabilities).
- Scripting proficiency: ability to write scripts (Python, PowerShell, or Bash) to automate tasks and develop complex PoCs, including data manipulation for attacks on ML models.
- Excellent verbal and written communication skills in Portuguese.
- Preferred (Strong Differentiators):
- Recognized pentest certifications (OSCP, GPEN, GWEB, Pentest+, CRTE, CRTP, CRTO);
- Knowledge of OWASP Top 10 for LLM Applications or other AI-specific security frameworks;
- Experience in mobile security testing and/or container environments (Docker/Kubernetes).
Benefits
- CAJU
- Day off on your birthday
- Company laptop
- Variable performance bonus
- Quality of life with flexible hours and remote work
- Work-life balance
- Knowledge-sharing meetups
- Individual Development Plan (PDI)
- Wellhub
- Discounts at educational institutions
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
penetration testingRed Team exercisesAI/ML security testingmanual vulnerability exploitationscriptingdata manipulationevasion attacksdata poisoning attackstesting LLM APIsMLOps
Soft skills
leadershipcommunicationtechnical mentorshipstrategic guidancereport writing
Certifications
OSCPGPENGWEBPentest+CRTECRTPCRTO