Designation: AI Penetration Testing (LLM/ ML/Gen AI) Years: 3-7 years Nationality: Kuwait Nationals
Job Brief3–7 years (with at least 1+ year hands-on testing AI/LLM systems)
We are hiring an AI Penetration Tester to join VMPT team and lead hands-on security testing for LLM/Gen AI, ML, and AI-enabled applications (chatbots, RAG, AI agents, model APIs, and AI-assisted business workflows). The role blends traditional penetration testing + secure code review + vulnerability assessment with AI red teaming focused on modern AI risks such as prompt injection and insecure output handling as documented by OWASP’s Top 10 for LLM Applications. Candidate is expected to have experience in assessing Python-based AI development and Azure AI / Azure Open AI / Microsoft Foundry-hosted model endpoints. The role will build repeatable testing, automation, and reporting that “shifts left” into delivery pipelines.
Key Responsibilities
AI / LLM penetration Testing & Red Teaming• Plan and execute AI penetration tests for LLM/Gen AI and ML solutions across the bank (AI apps,AI gateways, model endpoints, orchestration layers, RAG pipelines, plugins/tools).
• Design test cases aligned to OWASP Top 10 for LLM Applications (e.g., prompt injection, insecureoutput handling, sensitive info disclosure, supply-chain risks).
• Perform adversarial testing using threat-informed techniques and references such as MITRE ATLAS (adversary tactics/techniques for AI systems).
• Validate security of agentic workflows (tool invocation, function calling, permissions, memory,connectors) and verify least privilege + authorization boundaries.
Automation & Tooling• Build Python-based test harnesses for repeatable AI security testing (fuzzing prompts, jailbreaksuites, regression tests, evaluation scoring).
• Use and extend PyRIT (Python Risk Identification Tool) or equivalent frameworks to probe forjailbreaks/harms and automate adversarial scanning.
• Where applicable, leverage Microsoft Foundry capabilities such as the AI Red Teaming Agent(preview) that integrates PyRIT red teaming features.
Secure code review & App Sec• Conduct secure code review (particularly Python) for AI application layers: prompt templates, RAG retrieval logic, output post-processing, input validation, secrets handling, auth Z checks, andlogging.• Identify and help fix design flaws enabling data leakage, prompt manipulation, unsafe tool usage,or insecure output flows.
Traditional PT• Perform web/API/cloud penetration testing for AI-enabled applications (auth, session, API abuse,SSRF, injection, misconfigurations, secrets).
• Run vulnerability assessments, triage findings, define severity, and validate remediation (re-test). Education and Qualification
• Bachelor’s degree in computer science, Cybersecurity, Software Engineering, or related discipline.
Core Experience• 3–7 years in penetration testing / application security / red teaming.• Demonstrated experience testing LLM/Gen AI systems (prompt injection, jailbreaks, dataexfiltration patterns, agent/tool abuse).• Strong hands-on Python for security automation and test harness development. Platform knowledge• Practical experience with Azure security concepts (identity, networking, secrets, logging) andexposure to Azure AI / Azure Open AI / Foundry style deployments.
Professional Skills• Strong policy and standards writing (clear, measurable “shall” requirements).• Strong stakeholder engagement with engineering, data science, VMPT, and risk teams.• Ability to produce audit-ready documentation and evidence packs with minimal rework. Soft skills• Strong report writing, clear communication, ability to work with developers on remediation.
A Must Certificates (at least one)• Off Sec OSCP / OSCP+• GIAC GPEN• Microsoft Certified: Azure Security Engineer Associate (AZ-500)• ISC2 CCSP
Strongly Preferred (advantageous)• Off Sec OSWE (advanced web exploitation)• Burp Suite Certified Practitioner (BSCP)• Microsoft Certified: Azure AI Engineer Associate (AI-102) (helps align with Azure AIimplementation patterns).
Tools & Technologies Skills (Typical)• Python, Git, CI/CD integration• Burp Suite, common PT toolchains (Kali, scanners, API tooling)• Azure security controls (identity, key management, logging/monitoring)• AI red teaming tooling (e.g., PyRIT / Foundry scans)