Senior AI Security Engineer (Red & Blue Team)

St. Fox Consultancy (SFC) is launching a specialized Security in AI practice. We are moving beyond traditional cybersecurity to secure the next generation of Agentic AI, LLMs, and Autonomous Systems.

We are looking for a hybrid Security Engineer who refuses to pick a side. You are a Red Teamer who can craft sophisticated jailbreaks and prompt injections, but you are also a Blue Teamer who knows how to architect the guardrails to stop them.

As a Forward Deployed Engineer (FDE), you will not just write reports from a desk. You will embed with our enterprise clients, attacking their live AI agents to find vulnerabilities and then working side-by-side with their engineering teams to implement the fixes.

Key Responsibilities:

The Red (Adversarial Simulation)

AI Red Teaming: Conduct advanced adversarial testing on Large Language Models (LLMs) and Agentic AI workflows. Execute prompt injections, jailbreaking, model inversion, and data poisoning attacks.

Agentic Threat Simulation: Test autonomous agents for excessive agency vulnerabilitiesmanipulating agents into performing unauthorized actions (e.g., executing SQL commands, escalating privileges, or leaking PII).

Automated & Manual Testing: Leverage tools like Garak, PyRIT, or TextAttack for automated scanning, while applying manual creativity to find logic flaws in multi-agent orchestration.

Chain-of-Thought Exploitation: Analyze and exploit flaws in the reasoning loops of autonomous agents (e.g., LangChain or AutoGen workflows).

The Blue (Defense & Engineering)

Guardrail Engineering: Design and implement input/output filters using tools like NVIDIA NeMo Guardrails, Llama Guard, or Lakera.

Identity & Access Control: Architect Non-Human Identity policies for AI agents, ensuring they adhere to Least Privilege (e.g., preventing an agent from deleting DB records).

Detection Engineering: Build monitoring pipelines to detect real-time attacks (e.g., identifying a DAN attack pattern in live chat logs) and automate response triggers.

Remediation: Don't just report bugsfix them. Rewrite system prompts to be robust against social engineering and re-architect RAG pipelines to prevent data leakage.

The FDE (Client Engagement)

Embedded Problem Solving: Work on-site with client engineering teams to understand their specific business logic and deploy secure AI architectures.

Threat Modeling: Lead workshops to map the Blast Radius of a client's AI agents (i.e., if this agent is compromised, what can it destroy).

Skills and Qualifications:

Experience: 5+ years in Cybersecurity, with at least 2 years focused on Application Security, Penetration Testing, or ML Security.

AI/ML Depth: Deep understanding of LLM architectures (Transformers, RAG, Fine-tuning). You understand how a model thinks and where it hallucinates.

Technical Stack: Languages: Proficient in Python (mandatory for building custom attack scripts and harness). AI Frameworks: Experience with LangChain, Semantic Kernel, or Bedrock. Security Tools: Burp Suite, OWASP ZAP, plus AI-specific tools (Garak, PyRIT).

Offensive Mindset: Proven ability to think like an adversary (e.g., CVEs, Bug Bounties, or CTF wins).

Defensive Engineering: Experience implementing WAFs, API Gateways, or IAM policies (OAuth, OIDC)

Nice to Have:

Experience with Agentic Identity concepts (SPIFFE/SPIRE, Machine ID).

Certifications: OSEP, OSWE, or specific AI Security certifications (e.g., NVIDIA, SANS).

Contribution to open-source AI security projects or OWASP Top 10 for LLM.

Why St. Fox

Be a founding member of a cutting-edge Agentic AI Security practice.

Work in a true Purple Team environment where you own the full lifecycle of securitybreak it, then fix it. High-impact work with top-tier enterprise clients

What We Offer:

Competitive salary and benefits package.

Opportunities for professional growth and advancement.

Exposure to cutting-edge technologies and projects.

A collaborative and supportive work environment.

How to Apply: Interested candidates should submit a detailed resume outlining their qualifications and experience relevant to the role applied for. Applications should be sent via our careers portal or to [Confidential Information]

St. Fox is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.