Jobs · Information Technology · Illinois

Senior AI Penetration Tester (Chicago)

Fitch Group, Inc. · Chicago, IL · 2 wk ago
HybridInformation Technology$140k–$160k/yrFull-time

As a leading, global financial information services provider, Fitch Group delivers vital credit and risk insights, robust data, and dynamic tools to champion more efficient, transparent financial markets.

About the role

Fitch's Technology & Data Team is a dynamic department where innovation meets impact. Our team includes the Chief Data Office, Chief Software Office, Chief Technology Office, Emerging Technology, Shared Technology Services, Technology, Risk and the Executive Program Management Office (EPMO). Driven by our investment in cutting-edge technologies like AI and cloud solutions, we’re home to a diverse range of roles and backgrounds united by a shared passion for leveraging modern technology to drive projects that matter to our organization and clients. We are also proud to be recognized by Built In as a Best Place to Work in Technology 3 years in a row. Whether you're an experienced professional or just starting your career, we offer an exciting and supportive environment where you can grow, innovate, and make a difference.

Responsibilities

  • Conduct security assessments of AI systems and implementations — including AI chatbots, MCP (Model Context Protocol) servers, and enterprise deployments of Claude, ChatGPT, and Azure OpenAI Studio — identifying risks such as prompt injection, model abuse, data exfiltration etc. Execute continuous adversarial testing of AI platforms and guardrails to validate controls keep pace with evolving vendor capabilities.
  • Plan, scope, and execute penetration testing engagements across network infrastructure (servers, firewalls, endpoints, Active Directory) and perform comprehensive web application security assessments covering OWASP Top 10 vulnerabilities, business logic flaws, authentication weaknesses, and API security issues — following OWASP, and MITRE ATT&CK and other methodologies.
  • Leverage AI agents and AI-assisted tooling (such as Claude and ChatGPT) to augment testing workflows and automate reconnaissance, while developing and maintaining custom scripts and exploit code for attack chain automation, payload generation, and post-exploitation tasks.
  • Document and communicate assessment outcomes — including findings, risk context, and remediation guidance — clearly for both technical teams and senior stakeholders; collaborate with Vulnerability Management, Application, and Infrastructure teams to ensure findings are handed off with clear remediation ownership.
  • Stay current with the latest offensive security research, CVEs, exploitation techniques, and AI security threats; support red team exercises and threat simulation activities; and maintain detailed records of testing activities, methodologies, and evidence per internal documentation standards.

Requirements

  • Hands-on AI red-teaming experience covering prompt injection (direct and indirect), jailbreaking, tool-use abuse, insecure output handling, training/context data exfiltration, and model DoS; familiarity with OWASP Top 10 for LLMs and MITRE ATLAS expected.
  • Hands-on penetration testing experience across network infrastructure (servers, endpoints, network devices, Active Directory), web applications (OWASP Top 10, API security, manual and automated testing), and AI/LLM-based systems — with a solid grounding in TCP/IP, DNS, HTTP/S, VPNs, and firewalls.
  • Strong scripting proficiency in Python, Bash, or PowerShell — able to write custom exploit scripts, develop attack tooling from scratch, and adapt public PoCs — with working knowledge of Metasploit, Burp Suite (including Burp AI extensions), Nmap, Nessus/OpenVAS, BloodHound, Cobalt Strike and other similar tools
  • Experience using AI tools (such as Claude, ChatGPT, or similar) for penetration testing activities including reconnaissance, vulnerability analysis, payload crafting, and exploit development.
  • Ability to produce clear, well-structured assessment reports that translate findings, risk ratings, and remediation guidance into actionable insights for both technical teams and senior stakeholders.

Qualifications

  • Hands-on AI red-teaming experience covering prompt injection (direct and indirect), jailbreaking, tool-use abuse, insecure output handling, training/context data exfiltration, and model DoS; familiarity with OWASP Top 10 for LLMs and MITRE ATLAS expected.
  • Hands-on penetration testing experience across network infrastructure (servers, endpoints, network devices, Active Directory), web applications (OWASP Top 10, API security, manual and automated testing), and AI/LLM-based systems — with a solid grounding in TCP/IP, DNS, HTTP/S, VPNs, and firewalls.
  • Strong scripting proficiency in Python, Bash, or PowerShell — able to write custom exploit scripts, develop attack tooling from scratch, and adapt public PoCs — with working knowledge of Metasploit, Burp Suite (including Burp AI extensions), Nmap, Nessus/OpenVAS, BloodHound, Cobalt Strike and other similar tools
  • Experience using AI tools (such as Claude, ChatGPT, or similar) for penetration testing activities including reconnaissance, vulnerability analysis, payload crafting, and exploit development.
  • Ability to produce clear, well-structured assessment reports that translate findings, risk ratings, and remediation guidance into actionable insights for both technical teams and senior stakeholders.

Skills

  • Hands-on AI red-teaming experience covering prompt injection (direct and indirect), jailbreaking, tool-use abuse, insecure output handling, training/context data exfiltration, and model DoS; familiarity with OWASP Top 10 for LLMs and MITRE ATLAS expected.
  • Hands-on penetration testing experience across network infrastructure (servers, endpoints, network devices, Active Directory), web applications (OWASP Top 10, API security, manual and automated testing), and AI/LLM-based systems — with a solid grounding in TCP/IP, DNS, HTTP/S, VPNs, and firewalls.
  • Strong scripting proficiency in Python, Bash, or PowerShell — able to write custom exploit scripts, develop attack tooling from scratch, and adapt public PoCs — with working knowledge of Metasploit, Burp Suite (including Burp AI extensions), Nmap, Nessus/OpenVAS, BloodHound, Cobalt Strike and other similar tools
  • Experience using AI tools (such as Claude, ChatGPT, or similar) for penetration testing activities including reconnaissance, vulnerability analysis, payload crafting, and exploit development.
  • Ability to produce clear, well-structured assessment reports that translate findings, risk ratings, and remediation guidance into actionable insights for both technical teams and senior stakeholders.

Benefits

  • Hybrid Work Environment: 2 to 3 days a week in office required based on your line of business and location
  • Dedicated trainings, leadership development and mentorship programs designed to ensure that your time at Fitch will be a continuous learning opportunity
  • Retirement planning, financial wellness and tuition reimbursement programs that empower you to achieve your short and long-term goals
  • Comprehensive healthcare offerings that prioritize a healthy body & mind
  • Family-first policies, including a generous global parental leave plan, designed to help you balance career and family life effectively
  • Paid volunteer days and support for community engagement initiatives

Pay

Expected base pay rates for the role will be between $140,000 and $160,000 per year. Actual salaries will be determined on an individualized basis and may vary based on factors including but not limited to education, training, experience, past performance, and other job-related factors. Base pay is one part of Fitch’s total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, long-term incentives, and other benefits sponsored by Fitch.

Schedule

Hybrid Work Environment: 2 to 3 days a week in office required based on your line of business and location

Similar jobs