Senior Offensive Security Engineer

FocusKPI is seeking a Senior Offensive Security Engineer to proactively identify, exploit, and help eliminate security weaknesses across web platforms and AI/ML systems. The role requires an attacker-first mindset with strong engineering discipline and ability to go beyond scanners and find novel, high-impact vulnerabilities.

Requirements

• Conduct offensive security assessments on large-scale web applications, REST APIs, and cloud-backed services
• Identify and validate vulnerabilities, including injection flaws, access control issues, authentication/authorization weaknesses, SSRF, deserialization, and logic bugs
• Evaluate LLM-based systems and AI agents for prompt injection, data exfiltration, model abuse, and jailbreaks
• Design and execute red–team–style engagements that simulate real-world adversaries
• Develop custom exploitation tools, PoCs, and fuzzers for web and AI attack surfaces
• Identify systemic security weaknesses and collaborate with engineering teams to drive long-term mitigations
• Review architectures and designs for new products from an attacker's perspective
• Produce clear, actionable security reports and present findings to technical and executive stakeholders