Profile cover
A

Senior AI Red Team Researcher

Aiko Yamamoto

Full-time · Senior · Washington

About the role

Our team exists to break AI systems before adversaries do. We are a cybersecurity firm's AI research division, and our work falls into two categories: red teaming ML systems deployed by our clients — finding the ways they fail under adversarial conditions — and building the detection and hardening tooling that makes those failures less likely or less damaging. This is not a conventional ML role. The question we ask every day is not "how do we maximise accuracy?" but "how would a motivated adversary make this model fail, and what does that failure look like when it happens at scale?" We work on adversarial examples, model inversion, membership inference, prompt injection in LLM deployments, and data poisoning scenarios. If those concepts are familiar to you from a defensive or offensive research context, we'd like to talk. The team is small — six researchers and two engineers. We publish occasionally when the work is complete enough and when publication doesn't compromise client engagements. We engage with the research community at venues like IEEE S&P and USENIX Security. We are funded and serious.

Responsibilities

  • Conduct adversarial red team evaluations of client ML systems and produce written reports with severity ratings and remediation recommendations
  • Research and implement novel attack techniques against production ML systems
  • Build tooling to automate components of the red team workflow for common attack classes
  • Contribute to our internal knowledge base of attack patterns, model architectures, and mitigations
  • Present findings to client security teams and, where appropriate, contribute to publications and conference presentations

Requirements

  • 5+ years of ML engineering or research, with a demonstrable focus on adversarial robustness, security, or safety
  • PyTorch — you implement attacks from scratch, not just run existing libraries against pre-trained checkpoints
  • Deep understanding of adversarial ML: FGSM, PGD, and more recent threat models for both vision and language systems
  • Python for attack implementation, evaluation pipelines, and automation of red team workflows
  • AWS for deploying, testing, and isolating adversarial evaluation environments
  • Docker for reproducible attack environments and client-deployable tooling
  • Bonus: experience with LLM-specific vulnerabilities — jailbreaking, prompt injection, and indirect prompt injection in agentic systems

Benefits

  • Work on the most interesting failure modes in deployed ML — real systems, real adversaries, real consequences
  • Full remote with occasional client travel (covered)
  • $140,000 – $170,000 base salary + annual bonus
  • $3,000 annual conference and research budget
  • Publication support — time and resources to write and present significant findings

Job Type

Full-time

Level

Senior

Language

English

Salary Range

$140,000 – $170,000

AI Expertise

AI & Machine Learning Engineers

Ready to apply for this role?

Create a free talent account in under 2 minutes.

  • Apply to verified AI companies
  • Get AI-matched job recommendations
  • Message hiring managers directly
  • Build your public AI talent profile
Create free account & apply Log in