The Opportunity
Principal AI Security Engineer — AI Red Team
Somewhere in your organization right now, an LLM is one clever prompt away from leaking data it was never supposed to touch. Most companies don't know that until it's too late — or until a red team finds it first.
We're building that red team.
What you'll own
You'll lead adversarial testing against production AI systems — not lab demos, not theoretical exercises. You'll break things on purpose: prompt injection, jailbreaking, model exploitation, RAG manipulation, data extraction. Then you'll do the harder part — translate what you found into something an executive team and an auditor can both act on, mapped cleanly to ISO 27001, SOC 2, ISO 27701, and ISO 27017.
If you've ever watched a sharp AI risk finding die in a slide deck because nobody could connect it to a control framework, this role exists to fix that.
What we need from you
- You've personally run red team engagements against LLM or AI-driven systems in production — not just studied the theory. We'll ask you to walk us through a real one.
- You understand how these systems are actually built — RAG pipelines, vector databases, fine-tuning workflows, API architectures — well enough to know where they break.
- You write Python fluently enough to build or adapt your own testing tooling.
- You're as comfortable in an ISO 27001 or SOC 2 environment as you are in a terminal — you can map a jailbreak to a control gap without a translator.
- You can present a finding to an executive room and have them understand exactly why it matters.
This is a rare combination. If you're strong on the offensive AI side but have never worked inside a governance framework, or strong on GRC but have never actually attacked a model — this probably isn't your role yet. That's fine. We'd rather you self-select out than waste your time or ours.
Requirements
What We’re Looking For
Core Technical Depth
Strong understanding of adversarial machine learning
Experience red teaming LLM or AI systems
Deep familiarity with AI deployment architectures (RAG, APIs, vector DBs, fine-tuning pipelines)
Strong Python proficiency
Enterprise Security & Governance Fluency
Experience working within ISO 27001 environments
Practical knowledge of SOC 2 Trust Service Criteria
Understanding of ISO 27701 privacy extensions
Familiarity with ISO 27017 cloud security controls
Ability to map technical findings to control frameworks
Communication & Documentation
Ability to produce clear, structured, audit-friendly documentation
Comfortable presenting technical risk to executive audiences
Strong written and verbal communication skills
What you'll get from C-Serv
You'll be placed with an organization serious enough to build this function properly — not bolt a red team onto a compliance checklist. Full-cycle support from a delivery partner who understands both the technical depth and the enterprise context this role demands.
Ready to break something for a living?
Apply now, and be ready to talk specifics — not certifications in progress, actual engagements you've run.
Benefits
- Comprehensive Private Medical Coverage
- Support for Mental Health Expenses
- Life Insurance Options
- Attractive Compensation Package