[Remote] Senior Offensive Security Engineer, Web and AI Systems

Note: The job is a remote job and is open to candidates in USA. The Mom Project is a Silicon Valley-based company engaged in researching emerging technologies, and they are seeking a Senior Offensive Security Engineer to enhance security across web platforms and AI systems. This role involves identifying and exploiting security weaknesses, leading penetration tests, and collaborating with various teams to implement secure designs. Responsibilities • Conduct offensive security assessments on large-scale web applications, REST APIs, and cloud-backed services • Identify and validate vulnerabilities, including injection flaws, access control issues, authentication and authorization weaknesses, server-side request forgery, deserialization flaws, and business logic bugs • Evaluate large language model–based systems and AI agents for prompt injection, data exfiltration, model abuse, and jailbreak vulnerabilities • Design and execute red team–style engagements that simulate real-world adversary behavior • Develop custom exploitation tools, proofs-of-concept, and fuzzers targeting web and AI attack surfaces • Identify systemic security weaknesses and collaborate with engineering teams to drive durable mitigations • Review system architectures and product designs with an attacker-focused perspective • Produce clear, actionable security reports and present findings to technical and executive stakeholders Skills • 5+ years of hands-on offensive security experience (senior level) • Deep expertise in web application security and API exploitation • Proven ability to identify and exploit critical/high-impact vulnerabilities • Strong attacker mindset with experience simulating real-world attack scenarios • Experience with red teaming and penetration testing (black-box and gray-box) • Hands-on full-stack testing (frontend, backend, APIs) • Proficiency in Python, JavaScript, or similar for exploitation, tooling, and code review • Experience with manual testing, fuzzing, and targeted code review • Ability to explain exploitation techniques, impact, and CVSS scoring • Comfortable working in secure lab environments with strict operational controls • Strong communication skills for presenting findings to global engineering teams • Master's degree in a relevant technical field preferred; exceptional hands-on experience may substitute • AI/LLM security exposure (prompt injection, jailbreaks) preferred • Experience with adversarial machine learning, AI red teaming, or secure large language model pipeline design • Experience securing cloud environments and containerized platforms • Background in security research, including published vulnerabilities, capture-the-flag participation, blogs, or conference presentations • Relevant offensive security certifications • Certifications (OSCP, OSWE, CRTO), bug bounty, CVEs, or security research nice to have Benefits • Medical • Dental • Vision • 401k Company Overview • The Mom Project is a digital talent marketplace helping women remain active in the workforce. It was founded in 2016, and is headquartered in Chicago, Illinois, USA, with a workforce of 51-200 employees. Its website is Company H1B Sponsorship • The Mom Project has a track record of offering H1B sponsorships, with 1 in 2023. Please note that this does not guarantee sponsorship for this specific role. Apply tot his job