Offensive Security Engineer Associate / Intern

Offensive Security Engineer Associate / Intern

Securin is expanding its team of offensive security engineers focused on hunting and mitigating extreme risks in digital ecosystems, AI systems and future AI models.

We are looking for Offensive Security Engineers who can execute offensive assessments and attack validation across our customers' environments. Our objective is to preempt the adversary in attacking our customers and make the entities more secure.

This individual should have knowledge across the attack lifecycle, MITRE ATT&CK framework, TTPs used by known Advanced Persistent Threats (APTs) groups, and a demonstrated capacity to understand, design and execute offensive security assessments against various technologies and stacks.

Candidates are expected to support delivering technology-oriented assessments that positively benefit the overall security posture of the organization. This role requires a desire to help drive fixes after testing cycles, both as short-term mitigations and long-term improvements.

Job Description

Do you want to find and exploit security vulnerabilities in fortune 100 companies, critical infrastructure companies, and public sector agencies impacting millions of users?

Join Securin’s Offensive Security Team where you'll emulate real-world attacks against our customers' systems. We are an interdisciplinary group of red teamers, adversarial Machine Learning (ML) researchers and software developers with the mission of proactively finding weaknesses and vulnerabilities in some of the most critical digital ecosystems in the world.

Responsibilities

● Offensive Security Assessments: Perform security assessments ranging from Red Team operations, threat-based evaluations, and vulnerability research and exploitation against both the unique systems and technologies used by our customers, as well as approved 3rd party software, open-source software, and vendors

● Security Guidance: Provide threat-based guidance and education to our customers and internal teams through offensive security, with audiences including software engineers, business and technical leaders

● Collaborate with teams to influence measurement and mitigations of discovered vulnerabilities

● Research new and emerging threats to inform the organization including prompt injection, improve red teaming efficacy and accuracy, and stay relevant

● Discover and exploit vulnerabilities end-to-end in order to assess the security of AI systems

● Execute Red Team operations on production AI systems using real world adversarial tactics and techniques to identify failures

● Adversary TTPs: Research, develop, and execute adversary TTPs across the range of the attack lifecycle

● Develop tools and techniques to scale and accelerate offensive emulation and vulnerability discovery specific for AI systems in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection

Required Qualifications

● Currently has, or is in the process of obtaining a Bachelor's or Master's degree in Computer Science, Computer Engineering, relevant technical field, or equivalent practical experience. Degree must be completed prior to joining Securin.

● Proven understanding of the attack lifecycle, and offensive security concepts in at least one of the following:  Red Team operations, Purple Team engagements, Vulnerability Research, and/or Exploitation.

● Experience in identifying security vulnerabilities, software development lifecycle, large-scale computing, modeling, cyber security, or adversarial machine learning

● Experience with exploiting common security vulnerabilities and bypassing security controls

● Demonstrated impact in Application Security, Penetration Testing, or other related field.

● Experience using penetration testing tools, including any of the following: Nessus, NMAP (Network Mapper), Metasploit, Burp Suite Pro, etc.

● Coding skills, in any of the following languages: C#, Python, C/C++, Go, PowerShell, ASP.NET, JavaScript

● Knowledge of server (Linux, Windows) and client (Windows, macOS, Linux) operating systems.

● Must obtain work authorization in country of employment at the time of hire, and maintain ongoing work authorization during employment

Preferred Qualifications

● OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), or similar certifications

● Track record of participation in capture the flag (CTF) competitions.

● Contributions to the security community (public research, blogging, presentations, bug bounty, tooling, etc.)

● Experience with Advanced Persistent Threat (APT) emulation, purple teaming, and/or working with threat intelligence

● Experience performing reverse engineering

● Prior experience with Responsible AI

● Interest in learning about generative AI and foundational models • Prior participation in AI Village DEFCON (Defence Readiness Condition) CTFs (Capture the Flag), MLSec (Machine Learning and Security) competition or enjoyed playing with Gandalf!

● Publications in AISec, NeurIPS, FAccT Penetration Testing IC4

Other Requirements

Ability to meet Securin, customer and/or government security screening requirements are required for this role. These requirements include but are not limited to the following specialized security screenings:

● Securin Background Check-This position will be required to pass the Securin background check upon hire/transfer and every two years thereafter

Who Should Apply

● Have solid ML-focused Python engineering and research skills, particularly around using and training models.

● Have worked and executed technical research with a team.

● Comfortable with ad-hoc and dynamic experimental science.

○ A lot of this is uncharted territory. We optimize for fast feedback loops. You may need to build your own tooling.

● Can clearly articulate and discuss the findings and importance of your work.

● Are mission driven. You’re motivated to advance Cyber Security and AI security and safety as fast as possible while developing new exploits for software weaknesses and vulnerabilities.

Role-specific policy

This role will be based in Albuquerque, New Mexico and we require candidates who are able to be in our offices more than 50% of the time.

Hybrid policy & US visa sponsorship

Currently, we expect all staff to be in our office at least 50% of the time. We do sponsor candidates who are currently in the United States, and if we make you an offer, we will make every effort to assist you with the sponsorship of a US visa.

Compensation and Benefits

Securin’s compensation package is designed to pay competitively with market rates and includes eligibility to participate in medical, dental, and vision benefits as well as a 401k.