Note: The job is a remote job and is open to candidates in USA. NetSPI is a leader in Penetration Testing as a Service (PTaaS), specializing in modern pentesting with a focus on AI and automation. They are seeking a Security Consultant II to conduct advanced penetration testing on AI and machine learning systems, delivering actionable reports and contributing to security best practices.
Responsibilities
• Conduct engagements on Web Applications and API’s independently, providing technical oversight as needed, including those which contain AI/ML components and features
• Perform prompt injection techniques against a variety of models, including text, voice, image, video, and multi-modal processing models
• Present comprehensive penetration test findings to clients while emphasizing AI/ML risks, and collaborate on remediation strategies with model hardening, adversarial training, and threat mitigation
• Create, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client-specific processes, reporting standards, and access protocols to help improve their security posture
• Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes
• Participate in development, implementation, and oversight of testing, delivery, and management strategies for key client accounts
• Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations
Skills
• Bachelor's degree or higher, with a focus on IT, Computer Science, Engineering or Math or equivalent experience
• Minimum of 2-4 years of work experience in Penetration Testing
• Familiarity with attack techniques utilized against text, voice, image, video, and multi-modal models
• Proficiency in using and customizing offensive toolkits for network, application, and AI/ML penetration testing
• Understanding of Adversarial Machine Learning and its practical applications
• Familiarity with offensive tools, based on applicable skillset (e.g., Kali Linux, Burp Suite, Metasploit, Nessus)
• Familiarity with offensive and defensive IT concepts and protocols
• Extensive understanding of the OWASP Top 10 for both web applications and large language models, MITRE ATT&CK framework, and various security frameworks
• Working knowledge of Windows, Linux and MacOS operating systems internals
• Experience mentoring or coaching to growing team members
• Ability to work independently and as part of a team
• Proficient communication skills, both written and verbal
• This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs
• Ability to provide technical and QA oversight on AI/ML service line
• Comprehensive knowledge of secure AI/ML development protocols and architecture
• Strong problem-solving skills and the ability to think like both an attacker and a defender
• A continuous learning mindset to keep up to date with the rapidly evolving AI/ML and cybersecurity landscapes
• Experience with model interpretability and explainability tools to understand model behavior and potential biases
• Experience in ML model development, feature engineering, and data pre-processing
• Experience in one or more of the following programming or scripting languages: Ruby, Python, Perl, C, C++, Java, and C#
• Offensive Security Certifications (e.g., GXPN, GPEN, OSCP, GWAPT)
Company Overview
• NetSPI is a cybersecurity company that offers enterprise security testing and attack surface management services. It was founded in 2001, and is headquartered in Minneapolis, Minnesota, USA, with a workforce of 501-1000 employees. Its website is https://www.netspi.com.
Company H1B Sponsorship
• NetSPI has a track record of offering H1B sponsorships, with 1 in 2025, 3 in 2024, 1 in 2023, 2 in 2022, 5 in 2021, 5 in 2020. Please note that this does not guarantee sponsorship for this specific role.
Apply Now
Apply Now