Senior Offensive Security Engineer - Web & AI Systems

Focus

KPI is seeking a Senior Offensive Security Engineer (Web & AI systems) to join one of our clients, a high-tech SaaS company.

Work Location: Mountain View, CA (Onsite role, 4 days/week onsite)
Duration: 12-month contract with potential to convert depending on the candidate's performance
Pay Range: $85 - 100/hr

No C2C resumes are considered

• Conduct offensive security assessments on large-scale web applications, REST APIs, and cloud-backed services.
• Identify and validate vulnerabilities, including injection flaws, access control issues, authentication/authorization weaknesses, SSRF, deserialization, and logic bugs.
• Evaluate LLM-based systems and AI agents for prompt injection, data exfiltration, model abuse, and jailbreaks.
• Design and execute red‑team‑style engagements that simulate real‑world adversaries.
• Develop custom exploitation tools, PoCs, and fuzzers for web and AI attack surfaces.
• Identify systemic security weaknesses and collaborate with engineering teams to drive long‑term mitigations.
• Review architectures and designs for new products from an attacker’s perspective.
• Produce clear, actionable security reports and present findings to technical and executive stakeholders.

• Master’s degree in Computer Science, Computer Engineering, Information Security, or a closely related technical field.
• A doctorate (PhD) in a relevant field is a plus, but not required.
• 5+ years of experience in offensive security, penetration testing, or red teaming.
• Deep expertise in web application security
  .
• Strong understanding of API security
  .
• Vulnerability findings:
  Identifying and prioritizing vulnerabilities across a network of 1,000+ devices to support risk management efforts and conducting regular vulnerability assessments to detect and address security weaknesses in various systems and applications.
• Hands‑on experience testing AI/ML or LLM‑based systems
  , or strong motivation with demonstrated research in this area.
• Proficiency in at least one scripting or programming language (
  Python, Go, JavaScript, or similar
  ).
• Strong knowledge of common exploitation techniques and attacker tooling
  .

• Prior work on adversarial ML, red‑teaming AI systems, or secure LLM pipeline design.
• Experience with cloud security (AWS, GCP, Azure) and containerized environments.
• Background in security research, published CVEs, CTF experience, blog posts, or conference talks.
• OSCP, OSEP, OSWE, CRTO, or similar.

• An attacker‑first mindset with strong engineering discipline.
• Ability to go beyond scanners and find novel, high‑impact vulnerabilities.
• Clear communicator who can translate complex exploits into actionable fixes.
• Curiosity about emerging threats, especially in AI security
  .
• Ownership mentality and comfort operating in ambiguous problem spaces.

Thank you!

Focus

KPI Hiring Team