Lead, Offensive Security
About the role
We're standing up a new AI & Offensive Tooling capability inside our Offensive Security organization. We're looking for a founding engineer to lead this initiative.
Responsibilities
- Own the in-house AI agent platform that powers our penetration testing and red team operations.
- Build the AI-driven tooling that makes every offensive service line faster, broader, and more autonomous.
- Set the technical direction for offensive AI at the company and ship the software that proves it.
- Operate this as a production, event-driven cloud platform at real scale, dozens of serverless functions, change-stream data pipelines, hundreds of operational alarms, and integrated LLM inference.
Requirements
- 6+ years in roles such as Red Team or Penetration Testing, including team- or program-level leadership.
- A strong track record of building and operating production-quality software and tooling.
- Hands-on designing, building, or operating AI agents or LLM applications.
- Hands-on testing of AI/ML systems: prompt injection, jailbreaking, and adversarial techniques.
- Production experience with at least one major Cloud Service Provider (AWS, GCP, or Azure).
Qualifications
- Offensive security depth: 6+ years in roles such as Red Team or Penetration Testing, including team- or program-level leadership, and the instinct to think like an attacker against systems that don't behave deterministically.
- Production Python engineering: a strong track record of building and operating production-quality software and tooling, not only scripts.
- You've built with agentic AI: hands-on designing, building, or operating AI agents or LLM applications: agentic workflows, tool/function-calling, and orchestration.
- You've attacked AI: hands-on testing of AI/ML systems: prompt injection, jailbreaking, and adversarial techniques.
- Cloud fluency: production experience with at least one major Cloud Service Provider (AWS, GCP, or Azure).
Skills
- Built autonomous or semi-autonomous offensive agents, LLM-driven penetration-testing agents, or reinforcement-learning exploit and attack-path planners.
- Fluent in MITRE ATLAS, the OWASP Top 10 for LLM Applications, and the NIST AI Risk Management Framework.
- Model Context Protocol (MCP): building clients/servers, or testing them and RAG pipelines for tool/prompt-injection abuse.
- Demonstrated ability to test endpoints protected by modern EDR/XDR; experience across multiple cloud providers; threat-intelligence-driven operations.
- Depth in an advanced offensive specialty: malware development, advanced Red Team operations and threat simulation, or adversarial ML research; experience building and breaking LLMs, ML models, and AI infrastructure.
- Published research, open-source contributions, or talks at DEF CON, BSides, x33fcon, or Black Hat; expert-level certifications (e.g. OSEE, OSED, OSCE3, CRTL, CWEE, CAPE).
Benefits
Includes medical, dental and vision benefits, 401(k) retirement savings plan, time off (including paid time off, company and personal holidays, paid parental and caregiver leave), short-term and long-term disability, life insurance, and many other opportunities.
Pay
$142,300 - $195,700 per year
Schedule
Remote/WAH Requirements: Must have the ability to provide a high speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense. A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required. Satellite and Wireless Internet service is NOT allowed for this role. Work from a dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information. Travel: While this is a remote position, occasional travel to Humana's offices for training or meetings may be required. Scheduled Weekly Hours: 40