[Remote] Staff Attack Engineer, AI/LLM
Note: The job is a remote job and is open to candidates in USA. Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to enabling organizations to proactively find and fix exploitable attack vectors. They are hiring a Staff Attack Engineer specializing in AI/LLM security to break AI systems and develop automated attack patterns within their NodeZero platform.ResponsibilitiesBreak AI and agentic systems and translate that research into automated, repeatable attack modules for NodeZeroDesign and execute prompt injection and defense evasion attacks, focusing on generalized, reusable patternsConduct tool-use exploitation, abusing LLM agentsβ access to code, file systems, APIs, and databases for attacker-realistic outcomes (e.g., context poisoning, RCE, data exfiltration, privilege escalation)Target AI infrastructure (model serving, training pipelines, vector databases, GPU/MLOps tooling) with an understanding of real-world enterprise deployments and misconfigurationsResearch and apply model and supply chain attacks (poisoning, training data extraction, adversarial inputs, deployment pipeline abuse)Perform threat modeling for agentic systems, mapping trust boundaries and attack surfaces and turning them into concrete attack pathsApply a strong productization mindset, turning manual techniques into safe, reliable, and scalable automated toolingBuild and extend LLM-powered applications (prompting, structured output, agentic workflows)Design with production concerns in mind: cost, safety and hallucination guardrails, reliability, and observabilityDesign and extend microservices that orchestrate LLM tasks and integrate with NodeZero and related offensive workflowsSkillsExpert-level Python and software engineering skillsSolid penetration testing fundamentals and understanding of common attack chainsFamiliarity with AI/LLM security frameworks (e.g., OWASP Top 10 for LLMs, MITRE ATLAS)Experience in a security product or offensive security team, ideally with shipped offensive capabilities or toolingProven ability to break AI/LLM and agentic systemsClear understanding of trust boundaries around AI tools, data sources, and permissions, and how to systematically test and exploit themExpert-level ownership β drives high-complexity, high-risk programs and sets strategy, not just executionSelf-motivated β identifies problems and builds solutions proactivelyIndustry obsessed β tracks the fast-moving AI security landscape and can speak to recent developments, new attacks, and where the field is headingExperience with other cloud AI services (e.g., Azure OpenAI, GCP Vertex AI)Contributions to AI security research (blog posts, conference talks, CVEs, open-source tools)Experience with AWS Bedrock and AWS Agent CoreFamiliarity with graph databases (e.g., Neo4j)Background in traditional exploit development or vulnerability researchCTF experience, particularly in AI/ML-focused challenge categoriesBenefitsHealth, vision & dental insurance for you and your familyFlexible vacation policyGenerous parental leaveEquity package in the form of stock optionsCompany OverviewHorizon3.ai offers an autonomous penetration testing platform that helps organizations proactively find and fix security vulnerabilities. It was founded in 2019, and is headquartered in San Francisco, California, USA, with a workforce of 201-500 employees. Its website is https://www.horizon3.ai.