FocusKPI, Inc.
Senior Offensive Security Engineer - Web & AI Systems
FocusKPI, Inc., Mountain View, California, us, 94039
FocusKPI is seeking a
Senior Offensive Security Engineer (Web & AI systems)
to join one of our clients, a high-tech SaaS company.
Work Location:
Mountain View, CA (Onsite role, 4 days/week onsite) Duration:
12-month contract with potential to convert depending on the candidate's performance Pay Range:
$85 - 100/hr
No C2C resumes are considered
Position Responsibilities
Conduct offensive security assessments on large-scale web applications, REST APIs, and cloud-backed services.
Identify and validate vulnerabilities, including injection flaws, access control issues, authentication/authorization weaknesses, SSRF, deserialization, and logic bugs.
Evaluate LLM-based systems and AI agents for prompt injection, data exfiltration, model abuse, and jailbreaks.
Design and execute red‑team‑style engagements that simulate real‑world adversaries.
Develop custom exploitation tools, PoCs, and fuzzers for web and AI attack surfaces.
Identify systemic security weaknesses and collaborate with engineering teams to drive long‑term mitigations.
Review architectures and designs for new products from an attacker’s perspective.
Produce clear, actionable security reports and present findings to technical and executive stakeholders.
Required Qualifications
Master’s degree
in Computer Science, Computer Engineering, Information Security, or a closely related technical field.
A doctorate (PhD)
in a relevant field is a plus, but not required.
5+ years of experience
in offensive security, penetration testing, or red teaming.
Deep expertise in
web application security .
Strong understanding of
API security .
Vulnerability findings: Identifying and prioritizing vulnerabilities across a network of 1,000+ devices to support risk management efforts and conducting regular vulnerability assessments to detect and address security weaknesses in various systems and applications.
Hands‑on experience
testing AI/ML or LLM‑based systems , or strong motivation with demonstrated research in this area.
Proficiency in at least one scripting or programming language ( Python, Go, JavaScript, or similar ).
Strong knowledge of
common exploitation techniques
and
attacker tooling .
Preferred Qualifications
Prior work on adversarial ML, red‑teaming AI systems, or secure LLM pipeline design.
Experience with cloud security (AWS, GCP, Azure) and containerized environments.
Background in security research, published CVEs, CTF experience, blog posts, or conference talks.
OSCP, OSEP, OSWE, CRTO, or similar.
What team is looking for
An attacker‑first mindset
with strong engineering discipline.
Ability to go beyond scanners and find novel, high‑impact vulnerabilities.
Clear communicator
who can translate complex exploits into actionable fixes.
Curiosity about
emerging threats, especially in AI security .
Ownership mentality and comfort operating in ambiguous problem spaces.
Thank you!
FocusKPI Hiring Team
#J-18808-Ljbffr
Senior Offensive Security Engineer (Web & AI systems)
to join one of our clients, a high-tech SaaS company.
Work Location:
Mountain View, CA (Onsite role, 4 days/week onsite) Duration:
12-month contract with potential to convert depending on the candidate's performance Pay Range:
$85 - 100/hr
No C2C resumes are considered
Position Responsibilities
Conduct offensive security assessments on large-scale web applications, REST APIs, and cloud-backed services.
Identify and validate vulnerabilities, including injection flaws, access control issues, authentication/authorization weaknesses, SSRF, deserialization, and logic bugs.
Evaluate LLM-based systems and AI agents for prompt injection, data exfiltration, model abuse, and jailbreaks.
Design and execute red‑team‑style engagements that simulate real‑world adversaries.
Develop custom exploitation tools, PoCs, and fuzzers for web and AI attack surfaces.
Identify systemic security weaknesses and collaborate with engineering teams to drive long‑term mitigations.
Review architectures and designs for new products from an attacker’s perspective.
Produce clear, actionable security reports and present findings to technical and executive stakeholders.
Required Qualifications
Master’s degree
in Computer Science, Computer Engineering, Information Security, or a closely related technical field.
A doctorate (PhD)
in a relevant field is a plus, but not required.
5+ years of experience
in offensive security, penetration testing, or red teaming.
Deep expertise in
web application security .
Strong understanding of
API security .
Vulnerability findings: Identifying and prioritizing vulnerabilities across a network of 1,000+ devices to support risk management efforts and conducting regular vulnerability assessments to detect and address security weaknesses in various systems and applications.
Hands‑on experience
testing AI/ML or LLM‑based systems , or strong motivation with demonstrated research in this area.
Proficiency in at least one scripting or programming language ( Python, Go, JavaScript, or similar ).
Strong knowledge of
common exploitation techniques
and
attacker tooling .
Preferred Qualifications
Prior work on adversarial ML, red‑teaming AI systems, or secure LLM pipeline design.
Experience with cloud security (AWS, GCP, Azure) and containerized environments.
Background in security research, published CVEs, CTF experience, blog posts, or conference talks.
OSCP, OSEP, OSWE, CRTO, or similar.
What team is looking for
An attacker‑first mindset
with strong engineering discipline.
Ability to go beyond scanners and find novel, high‑impact vulnerabilities.
Clear communicator
who can translate complex exploits into actionable fixes.
Curiosity about
emerging threats, especially in AI security .
Ownership mentality and comfort operating in ambiguous problem spaces.
Thank you!
FocusKPI Hiring Team
#J-18808-Ljbffr