Note: The job is a remote job and is open to candidates in USA. Authentic8 is building an AI-powered Red Teaming Harness to proactively discover, chain, and validate vulnerabilities across our SaaS platform and supporting infrastructure. We are looking for a Red Team Engineer / Offensive Security Lead to drive the development and operation of that harness from the ground up.
Responsibilities
- Design, build, and operate an AI-augmented red teaming harness using frontier LLM APIs
- Implement a control loop architecture (Plan | Act | Observe | Adjust) for autonomous and semi-autonomous vulnerability discovery
- Integrate the harness with purpose-built SBOM tooling (Endor Labs), CVE monitoring feeds (NVD, OSV.dev, EPSS/KEV, GitHub Advisory Database, and vendor-specific bulletins), and our CI/CD pipeline (Snyk, SonarQube)
- Conduct adversarial testing across four attack perspectives: (Internal source code, External unauthenticated adversary, Internal authenticated user, and Internal unprivileged adversary)
- Chain findings identify exploitable paths and corresponding vulnerabilities
- Validate and prioritize findings using CVSS, EPSS, and KEV context before handing off to the patch management pipeline
- Support the development and day-to-day operation of Authentic8's internal Bug Bounty Program
- Collaborate with engineering on custom mitigation decisions when vendor patches are unavailable
- Assume ownership of security stage-gates within our CI/CD pipeline, integrating Snyk, SonarQube, and harness findings into the build process
- Work alongside the SOC Lead on CVE monitoring, alerting, and vulnerability prioritization workflows
- Partner with DevSecOps Engineers on harness architecture and pipeline integration
- Provide technical input to the Integrated Operations Center on detection use case design for our SIEM
- Regularly brief the VP of Information Security on findings, program health, and checkpoint criteria
Skills
- 5+ years in cybersecurity, penetration testing, or red team operations
- Demonstrated experience building tools: scripting exploits, automating workflows, or constructing test harnesses (Python and/or Go strongly preferred)
- Hands-on experience with LLM APIs in a security or agent context, including an understanding of tool use, control loops, and context management in agent architectures
- Proficiency with static and dynamic analysis (SAST/DAST) and the ability to interpret and chain findings from automated tooling
- Working knowledge of CVE and vulnerability data sources, including NVD, EPSS, KEV, OSV.dev, and the GitHub Advisory Database
- Experience testing cloud-hosted SaaS platforms (GCP familiarity preferred)
- Familiarity with container security (containered, Docker) and Linux-based infrastructure
- Ability to work independently, manage your own scope, and deliver against defined milestones
- Excellent documentation and communication skills
- Must be US citizen
- Experience with frontier AI model platforms in an agentic context
- OSCP, GXPN, GPEN, or equivalent offensive security certification
- Experience with SBOM tooling (Endor Labs, Syft, or similar) and software composition analysis
- Familiarity with CI/CD pipeline security tooling (Snyk, SonarQube, or equivalents)
- Experience with infrastructure-as-code or configuration management security (Chef/InSpec a plus)
- Bug bounty program operations experience (HackerOne, Bugcrowd, or similar platforms)
Benefits
- Medical
- Dental
- Vision
- Flexible PTO
- A 401k program
- Stock options
Company Overview