Senior Red Team Consultant (Offensive Security & AI Security)
Posted: 7/12/2026, 4:33:50 PM
Experience Level(s): Senior
Field(s): Consulting ⋅ IT & Security ⋅ Software Engineering
Workplace Type: On-site
Ensign is hiring !
Key Responsibilities
Serve as the primary technical point of contact for client engagements from scoping and kickoff through execution, reporting, and debrief.
Lead engagement scoping conversations, set rules of engagement, and manage client expectations on timelines, access, and deliverables.
Present findings, business-risk impact, and remediation guidance directly to client stakeholders, including technical teams and senior/executive audiences.
Manage the client relationship throughout the engagement, handling sensitive findings with discretion and professionalism.
Plan and execute full-scope red team engagements simulating advanced persistent threats (APTs): reconnaissance, initial access, privilege escalation, lateral movement, persistence, and exfiltration.
Conduct adversary emulation aligned to recognised frameworks (e.g., MITRE ATT&CK).
Perform penetration testing across network, web/mobile application, cloud (AWS/Azure/GCP), wireless, and Active Directory environments.
Deliver engagements and provide structured feedback to improve its capability and workflow.
Carry out social engineering assessments (phishing, vishing, physical access) where in scope.
Develop, customise, and maintain offensive tooling, scripts, and payloads.
Identify, chain, and safely exploit vulnerabilities to demonstrate realistic business impact.
Adversarially test AI and ML systems for weaknesses including prompt injection, jailbreaks, data poisoning, model evasion, model extraction, and sensitive-data leakage.
Assess the security of LLM-integrated applications, agentic systems, and AI pipelines, including supply-chain and integration risks.
Apply emerging AI security frameworks (e.g., OWASP Top 10 for LLM Applications, MITRE ATLAS, NIST AI RMF) to structure engagements.
Contribute to developing methodology, tooling, and service offerings.
Stay current with the evolving threat landscape, new attack techniques, and AI security research.
Required Qualifications
At least 4 years years of hands-on offensive security experience (penetration testing, red teaming, or equivalent),
Proven ability to lead engagements and present technical findings credibly to both technical and executive audiences.
Strong, demonstrable understanding of common attack vectors, exploitation techniques, and the full attack lifecycle.
Proficiency in at least one scripting/programming language (e.g., Python, PowerShell, Go, C#).
Solid grasp of networking, OS internals (Windows/Linux), Active Directory, and cloud security fundamentals.
Familiarity with common offensive tooling (e.g., Cobalt Strike, Metasploit, BloodHound, Burp Suite, C2 frameworks) and adaptability to proprietary platforms.
Genuine interest in AI/ML security and a clear appetite to build AI red teaming expertise.
Excellent written and verbal communication; strong stakeholder-management instincts.
High ethical standards, sound judgement, and the ability to handle sensitive findings responsibly.
Preferred / Advantageous
Prior exposure to AI/ML systems, LLMs, or adversarial machine learning.
Experience working with or building internal/proprietary security tooling.
Vulnerability research, exploit development, or CTF experience.
Cloud or container security depth (Kubernetes, serverless).