Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Sabio

Red Team Security Engineer

Sabio

Red Team Security Engineer conducting offensive security assessments for Sabio Group. Focused on multi-cloud architectures and AI-powered systems to ensure security and compliance.

Posted 5/19/2026full-timeCape Town • 🇿🇦 South AfricaMid-LevelSeniorWebsite

Tech Stack

Tools & technologies
AWSAzureCloudDockerGoGoogle Cloud PlatformJavaScriptKubernetesPythonSDLCTerraformTypeScript

About the role

Key responsibilities & impact
  • Plan and execute red team engagements, penetration tests and adversary simulations against our platforms, products and corporate environment.
  • Identify, exploit and document vulnerabilities across web applications, APIs, cloud infrastructure, identity systems and AI/LLM-based services.
  • Develop realistic attack scenarios — initial access, privilege escalation, lateral movement, data exfiltration — mapped to frameworks such as MITRE ATT&CK.
  • Build and maintain custom tooling, exploits and automation where off-the-shelf tools fall short.
  • Leverage AI pen testing tooling and frameworks as a force amplifier within your role.
  • Active, hands-on use of **AI-powered offensive security tooling** as a core part of your workflow — leveraging LLMs and agentic assistants to accelerate reconnaissance, exploit development, code review, payload generation and report writing.
  • Familiarity with emerging **AI red-team frameworks and platforms** — e.g. PyRIT, Garak, Promptfoo, NVIDIA Aegis, Microsoft Counterfit, HackerOne / Bugcrowd AI testing toolkits, or equivalent — and a practical sense of when to use which.
  • Experience building or extending **automated AI red-team harnesses**: prompt-injection test suites, jailbreak corpora, tool-abuse scenarios, multi-turn attack agents, and regression eval sets for LLM and agentic systems.
  • Pragmatic judgement on the **limits and risks of AI-assisted offensive work** — hallucinated findings, false confidence, data leakage into third-party models — and the discipline to validate AI output before acting on it.
  • Curiosity to keep pace with a fast-moving space: new models, new attack techniques, new defensive controls — and a willingness to bring those learnings back into the team.
  • Probe LLM-powered and agentic systems for prompt injection, jailbreaks, tool/function-call abuse, context leakage, insecure output handling and supply-chain risks.
  • Test RAG pipelines, knowledge bases and integrations for data exfiltration, poisoning and unauthorised access paths.
  • Contribute to internal threat models for agentic architectures and help shape secure-by-default patterns for multi-agent and tool-using systems.
  • Stay close to evolving standards and guidance (e.g. OWASP Top 10 for LLMs, NIST AI RMF, emerging agent interoperability protocols).
  • Perform deep-dive security testing of cloud workloads across AWS, Azure and/or GCP — IAM, network, container, serverless and data-layer concerns.
  • Review CI/CD pipelines, IaC (Terraform, CloudFormation, Bicep) and Kubernetes deployments for misconfigurations and exploitable weaknesses.
  • Conduct source-assisted ("grey-box") testing — reading code to find logic flaws, authZ gaps and unsafe integrations.
  • Triage findings, assign realistic severity, and write clear, reproducible reports with concrete remediation guidance.
  • Partner with engineering teams to validate fixes, advise on secure design and pair on hardening work — not just throw findings over the wall.
  • Drive continuous improvement of detection coverage by working with the blue team / SOC on purple-team exercises.
  • Build automation that turns one-off tests into repeatable, scheduled checks — exposure scanning, attack-path analysis, agent red-teaming harnesses.
  • Integrate offensive testing into the SDLC: SAST/DAST/IAST, dependency scanning, secrets detection, container and IaC scanning.
  • Treat evaluation and regression of security controls as a first-class deliverable — measured, not assumed.
  • Work alongside the Head of Information Security, AI Ethics leads, platform engineering and product teams to embed security early.
  • Produce clear design reviews, threat models, runbooks and post-engagement reports for both technical and executive audiences.
  • Operate within strict rules of engagement, with care for production stability, customer data and legal/regulatory obligations.

Requirements

What you’ll need
  • **Required**
  • - Demonstrable hands-on experience in **offensive security** — penetration testing, red teaming, or adversary simulation — against modern web, API and cloud-based systems.
  • - Strong understanding of common vulnerability classes (OWASP Top 10, authZ flaws, SSRF, deserialisation, injection, cryptographic misuse) and how to chain them into real impact.
  • - Solid grasp of **cloud security** in at least one major provider (AWS, Azure or GCP): IAM, networking, key management, container and serverless services, common misconfigurations and attack paths.
  • - Practical understanding of **AI/LLM systems** — how they work, where they fail, and the new risks they introduce (prompt injection, jailbreaks, insecure tool use, training/RAG data exposure).
  • - **Coding capability** in at least one of Python, Go, JavaScript/TypeScript or similar — comfortable writing exploits, tooling and automation, not just running other people's tools.
  • - Confidence with offensive tooling — Burp Suite, nmap, Nuclei, BloodHound, Metasploit, custom scripts — and the judgement to know when to build vs. buy.
  • - Familiarity with **CI/CD, containers and IaC** (Docker, Kubernetes, Terraform or equivalent) and how to attack and defend them.
  • - An **evaluation mindset**: you measure security posture with reproducible tests, metrics and evidence — not gut feel.
  • - Comfort with **agentic development workflows** — using AI coding assistants and AI co-work / pair-development models (Claude Code, Copilot, Cursor or equivalent) as part of your day-to-day delivery.
  • - Clear written and verbal communication in English: able to brief engineers, executives and (where relevant) customers on findings and risk.
  • - A strong ethical compass and discipline around scope, rules of engagement, evidence handling and responsible disclosure.

Benefits

Comp & perks
  • This is your chance to join and friendly and passionate team that will motivate you to learn and develop your career in the company.******Benefits may include:**
  • - Remote/Flexible work
  • - Discovery Medical Aid
  • - Connectivity Allowance
  • - 15 days paid holiday a year- (this includes three Sabio days)
  • - Momentum EAP
  • ****The Small Print******Strictly No Agencies; any submission of resumes without prior request from Sabio Group will not be deemed as an introduction and therefore will not warrant an introduction fee. All applicants must have the right to work in the territory to which the role relates (UK & EU). Sabio Group are unable to offer sponsorship on any roles advertised.

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
penetration testingred teamingadversary simulationcloud securityAI/LLM systemscoding in Pythoncoding in Gocoding in JavaScriptoffensive securityvulnerability assessment
Soft Skills
clear communicationevaluation mindsetethical judgementcuriositycollaborationdisciplinepragmatic judgementreport writingproblem-solvingcontinuous improvement