Lead, Offensive Security
About the role
We're standing up a new AI & Offensive Tooling capability inside our Offensive Security organization, and we're looking for its founding engineer. As Lead, Offensive Security (AI & Tooling), you will own the in-house AI agent platform that powers our penetration testing and red team operations, and build the AI-driven tooling that makes every offensive service line faster, broader, and more autonomous.
Responsibilities
- Ramp on the agent platform and the three service lines (Red Team, BAS, Penetration Testing)
- Take operational ownership
- Ship one meaningful improvement to the agent's autonomous capability or reliability, measured against real engagements
- Deliver at least one AI-driven tool that a service line adopts into its live workflow, with metrics showing coverage or turnaround gains
- Establish the evaluation harness that tracks the agent's autonomous success rate against representative targets
- Publish the multi-quarter offensive-AI roadmap and KPIs
- Stand up repeatable adversarial testing for the enterprise's own AI systems
- Mentor 1–3 engineers as the capability grows toward its own function
Requirements
Offensive security depth: 6+ years in roles such as Red Team or Penetration Testing, including team- or program-level leadership, and the instinct to think like an attacker against systems that don't behave deterministically.
Production Python engineering: a strong track record of building and operating production-quality software and tooling, not only scripts.
You've built with agentic AI: hands-on designing, building, or operating AI agents or LLM applications: agentic workflows, tool/function-calling, and orchestration.
You've attacked AI: hands-on testing of AI/ML systems: prompt injection, jailbreaking, and adversarial techniques.
Cloud fluency: production experience with at least one major Cloud Service Provider (AWS, GCP, or Azure).
Qualifications
Required Qualifications:
- Offensive security depth: 6+ years in roles such as Red Team or Penetration Testing, including team- or program-level leadership, and the instinct to think like an attacker against systems that don't behave deterministically.
- Production Python engineering: a strong track record of building and operating production-quality software and tooling, not only scripts.
- You've built with agentic AI: hands-on designing, building, or operating AI agents or LLM applications: agentic workflows, tool/function-calling, and orchestration.
- You've attacked AI: hands-on testing of AI/ML systems: prompt injection, jailbreaking, and adversarial techniques.
- Cloud fluency: production experience with at least one major Cloud Service Provider (AWS, GCP, or Azure).
Skills
Built autonomous or semi-autonomous offensive agents, LLM-driven penetration-testing agents, or reinforcement-learning exploit and attack-path planners.
Hands-on with AI red-teaming frameworks such as PyRIT or Garak, and fluent in MITRE ATLAS, the OWASP Top 10 for LLM Applications, and the NIST AI Risk Management Framework.
Model Context Protocol (MCP): building clients/servers, or testing them and RAG pipelines for tool/prompt-injection abuse.
Demonstrated ability to test endpoints protected by modern EDR/XDR; experience across multiple cloud providers; threat-intelligence-driven operations.
Depth in an advanced offensive specialty: malware development, advanced Red Team operations and threat simulation, or adversarial ML research; experience building and breaking LLMs, ML models, and AI infrastructure.
Published research, open-source contributions, or talks at DEF CON, BSides, x33fcon, or Black Hat; expert-level certifications (e.g. OSEE, OSED, OSCE3, CRTL, CWEE, CAPE).
Benefits
Medical, dental and vision benefits
401(k) retirement savings plan
Time off (including paid time off, company and personal holidays, paid parental and caregiver leave)
Short-term and long-term disability
Life insurance
Many other opportunities
Pay
$142,300 - $195,700 per year
Schedule
Remote/WAH Requirements
- Must have the ability to provide a high speed DSL or cable modem for a home office.
- Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense.
- A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required.
- Satellite and Wireless Internet service is NOT allowed for this role.
- A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information
Work from Home Requirements
- To ensure Home or Hybrid Home/Office employees’ ability to work effectively, the self-provided internet service of Home or Hybrid Home/Office employees must meet the following criteria: At minimum, a download speed of 25 Mbps and an upload speed of 10 Mbps is required; wireless, wired cable or DSL connection is suggested.
- In certain roles, the minimum recommended internet speed required by Humana may not be sufficient for business needs. Humana reserves the right to require associates to upgrade their internet service if necessary.
- Work from a dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information.
Travel
While this is a remote position, occasional travel to Humana's offices for training or meetings may be required.
Scheduled Weekly Hours
40
Description Of Benefits
Humana, Inc. and its affiliated subsidiaries (collectively, “Humana”) offers competitive benefits that support whole-person well-being. Associate benefits are designed to encourage personal wellness and smart healthcare decisions for you and your family while also knowing your life extends outside of work. Among our benefits, Humana provides medical, dental and vision benefits, 401(k) retirement savings plan, time off (including paid time off, company and personal holidays, paid parental and caregiver leave), short-term and long-term disability, life insurance and many other opportunities.
About Us
About Humana: Humana Inc. (NYSE: HUM) is a leading U.S. healthcare company. Through our Humana insurance services and our CenterWell healthcare services, we make it easier for the millions of people we serve to achieve their best health – delivering the care and service they need, when they need it. These efforts are leading to a better quality of life for people with Medicare and Medicaid, families, individuals, military service personnel, and communities at large. Learn more about what we offer at Humana.com and at CenterWell.com.
Equal Opportunity Employer
It is the policy of Humana not to discriminate against any employee or applicant for employment because of race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, genetic information, disability or protected veteran status. It is also the policy of Humana to take affirmative action, in compliance with Section 503 of the Rehabilitation Act and VEVRAA, to employ and to advance in employment individuals with disability or protected veteran status, and to base all employment decisions only on valid job requirements. This policy shall apply to all employment actions, including but not limited to recruitment, hiring, upgrading, promotion, transfer, demotion, layoff, recall, termination, rates of pay or other forms of compensation and selection for training, including apprenticeship, at all levels of employment.