Note: The job is a remote job and is open to candidates in USA. Humana is a leading U.S. healthcare company, and they are seeking a Senior Engineer in Offensive Security. The role involves building AI-driven tooling for offensive operations, conducting penetration tests, and validating security measures in collaboration with defensive teams.
Responsibilities
- Build agentic offensive tooling
- Run penetration tests
- Run purple-team exercises
- Run red-team operations and test the enterprise's own AI
Skills
- Offensive operations experience: 4+ years in roles such as Red Team, Penetration Testing, Purple Team / control validation, or Bug Bounty, with a track record of delivering engagements end to end: scoping, execution, and clear written findings
- Production Python engineering: you build and operate real tooling, not only one-off scripts
- You've built with agentic AI: hands-on designing, building, or operating AI agents or LLM applications: agentic workflows, tool/function-calling, and orchestration. (We care about what you've shipped and operated, not years on a particular framework—these frameworks are only a few years old.)
- You've attacked AI: hands-on testing of AI/ML systems: prompt injection, jailbreaking, and adversarial techniques
- Cloud fluency: production experience with at least one major Cloud Service Provider (AWS, GCP, or Azure)
- Built autonomous or semi-autonomous offensive agents, LLM-driven penetration-testing agents, or reinforcement-learning exploit and attack-path planners
- Red-team tradecraft: C2 frameworks (e.g. Cobalt Strike, Sliver, Mythic), evasion and OPSEC, and testing endpoints protected by modern EDR/XDR
- Purple-team and adversary-emulation fluency: MITRE ATT&CK, and platforms such as VECTR or Atomic Red Team
- Hands-on with AI red-teaming frameworks such as PyRIT or Garak, and fluent in MITRE ATLAS, the OWASP Top 10 for LLM Applications, and the NIST AI Risk Management Framework
- Model Context Protocol (MCP), building clients/servers, or testing them and RAG pipelines for tool/prompt-injection abuse
- Cloud penetration-testing depth or multi-cloud breadth; threat-intelligence-driven operations; depth in an advanced offensive specialty (malware development, advanced red-team operations, or adversarial ML research)
- Published research, open-source contributions, or talks at DEF CON (incl. the AI Village / Generative Red Team), BSides, x33fcon, or Black Hat, or strong showings in AI-security competitions like HackAPrompt
- Certifications are a plus, not a gate, offensive (e.g. OSCP, OSEP, OSED, OSCE3, CRTO, CRTL, CPTS, CWES, CWEE, CAPE) and emerging AI-security (e.g. the OffSec AI Red Teamer (OSAI / AI-300), the SANS/GIAC AI security line, the HTB AI Red Teamer path)
Benefits
- Bonus incentive plan. This incentive opportunity is based upon company and/or individual performance.
- Medical, dental and vision benefits
- 401(k) retirement savings plan
- Time off (including paid time off, company and personal holidays, paid parental and caregiver leave)
- Short-term and long-term disability
- Life insurance
- Hack The Box Pro Labs
- All HTB role-based paths and certifications
- Discretionary certification funding
- Conference/training budgets
- Work at Home Requirements: To ensure Home or Hybrid Home/Office employees’ ability to work effectively, the self-provided internet service of Home or Hybrid Home/Office employees must meet the following criteria: At minimum, a download speed of 25 Mbps and an upload speed of 10 Mbps is required; wireless, wired cable or DSL connection is suggested. In certain roles, the minimum recommended internet speed required by Humana may not be sufficient for business needs. Humana reserves the right to require associates to upgrade their internet service if necessary.
- Work from a dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information.
Company Overview
Company H1B Sponsorship