Tetrad Digital Integrity

Role Description We are seeking a highly skilled and knowledgeable Post-Quantum Cryptography (PQC) Evaluation Expert to join our team. The successful candidate will be responsible for creating and evaluating question-answer pairs to assess the understanding and application of post-quantum cryptography concepts by test subjects. This role requires a deep understanding of cryptographic principles, particularly in the context of quantum computing, and the ability to craft scenarios that test the test subject's ability to provide accurate and forward-thinking cryptographic advice. - Develop comprehensive question and answer pairs that assess the test subject’s understanding of post-quantum cryptography concepts. - Evaluate the quantum resistance of classical and post-quantum algorithms presented by the test subject. - Suggest appropriate quantum-safe alternatives for various cryptographic scenarios. - Analyze and explain the implications of quantum computing on current cryptographic standards. - Assess the test subject’s ability to reason about future attack scenarios and the trade-offs involved in PQC implementations. Qualifications - Advanced degree in Mathematics, Cryptography, Computer Science or a related field. - 5+ years in applied cryptography with a specific focus on the theoretical vulnerabilities of public-key infrastructure in the context of quantum computing. - Knowledge of cryptographic libraries and tools such as OpenSSL, Libsodium, or similar. - Familiarity with programming languages commonly used in cryptography, such as Python, C/C++, or Java. - Understanding of quantum computing principles and their impact on cryptography. Requirements - Extensive knowledge of cryptographic principles, with a focus on post-quantum cryptography. - Familiarity with quantum-resistant algorithms such as lattice-based, hash-based, code-based, and multivariate polynomial cryptography. - Experience with cryptographic standards and protocols, including NIST's post-quantum cryptography standardization efforts. - Ability to reason about and articulate the trade-offs and implications of different cryptographic approaches in a post-quantum world. - Strong analytical and problem-solving skills, with the ability to evaluate complex cryptographic scenarios. - Excellent written and verbal communication skills, with the ability to clearly explain technical concepts. - Familiarity with cryptographic software and tools used in the evaluation and implementation of PQC. - Participation in cryptographic research or contributions to academic publications in the field of post-quantum cryptography. Company Description Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age. TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States. TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.

Role Description We are seeking a highly skilled LLM Security Evaluation Expert to join our team. In this role, you will be responsible for rigorously testing the security and integrity of Large Language Models (LLMs). Your primary focus will be on designing and executing sophisticated adversarial prompt attacks to identify potential vulnerabilities, assess the model's resistance to exploitation, and ensure it maintains consistent, secure behavior. This is a critical role in safeguarding our AI systems and ensuring they operate responsibly. Responsibilities - Adversarial Prompt Design & Execution: - Develop and implement a comprehensive suite of adversarial prompts, ranging from basic to more sophisticated, targeting known and potential LLM vulnerabilities. - Craft prompts specifically designed to: - Bypass security filters and content moderation policies. - Induce the LLM to reveal sensitive, confidential, or proprietary information. - Manipulate the LLM's output to generate harmful, biased, or unintended content. - Test for prompt injection, jailbreaking, and other emerging attack vectors. - Vulnerability Assessment & Analysis: - Systematically test LLMs against the designed adversarial prompts. - Analyze LLM responses to identify successful exploits, security weaknesses, and patterns of failure. Qualifications - Strong knowledge of how LLMs work, including their architecture, training processes, capabilities, and inherent limitations. - Familiarity with prominent LLM families (e.g., GPT series, Claude, Llama, PaLM) and their common characteristics. - Proven experience in crafting and refining prompts to elicit specific behaviors or bypass restrictions in LLMs. - Demonstrable understanding of techniques like jailbreaking, prompt injection, role-playing attacks, and exploiting model biases. - Strong understanding of cybersecurity principles and common attack vectors, particularly as they apply to AI/ML systems. - Ability to think like an attacker and anticipate potential exploits. - Excellent ability to analyze complex systems, identify subtle vulnerabilities, and systematically test hypotheses. - Clear and concise written and verbal communication skills, with the ability to document technical findings thoroughly. - Understanding of the ethical implications of AI security and commitment to responsible testing practices. - Offensive Security Certified Professional (OSCP) - Certified Ethical Hacker (CEH) Preferred Qualifications - Prior experience in AI red teaming, penetration testing of AI/ML systems, or a dedicated LLM security research role. - Familiarity with specific LLM security evaluation frameworks or benchmarks (e.g., those developed by NIST, Stanford HELM, or other research institutions). - Knowledge of common LLM fine-tuning and alignment techniques (e.g., RLHF) and how they might impact security. - Contributions to the AI security community (e.g., research papers, open-source tools, conference presentations). Requirements - TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States. Equal Opportunity Statement TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description TDI is hiring an exceptional DoW Cloud Security Engineer to strengthen the security engineering posture of a mission-critical, cloud-hosted defense system treated as a high-value target. This is a high-visibility engagement with frequent change, heavy stakeholder involvement, and a system operating under elevated adversary interest. This is not a “watch-the-console” role. We need a hands-on engineer who can build and mature cloud security telemetry, logging pipelines, detections, and automation, enabling faster, higher-confidence response by the CSSP while measurably improving the system’s defensibility. - Comply with currently mandated national and DoD-approved policies, directives, architectures, programs, standards, and guidelines. - Design, implement, and sustain security telemetry/logging architecture in GCP, ensuring high-fidelity signals are collected, normalized, and delivered to the VDSS/SIEM/SOAR stack. - Own logging coverage and quality for cloud and platform signals, including: - Cloud Audit Logs (Admin Activity, Data Access, System Event) - IAM/service account activity and privileged actions - VPC Flow Logs, load balancer/WAF/proxy signals - GKE audit logs and Kubernetes control-plane events - Security-relevant application/service logs - Build detection engineering content: queries, correlation logic, alert rules, and dashboards aligned to cloud threat scenarios (IAM abuse, suspicious API usage, workload compromise, data access anomalies, lateral movement paths). - Develop automation and guardrails to reduce toil and accelerate investigations/response: - API-driven enrichment and evidence capture (e.g., asset inventory, IAM bindings, network path/context, log exports) - Repeatable runbooks/workflows and integration into ticketing/notification pipelines - Partner with teams to implement and validate security controls that improve defensibility: - Secure configuration baselines and drift detection - Identity and access telemetry improvements - Network segmentation signals and policy validation - Container/GKE security instrumentation and runtime visibility - Execute continuous control-health checks and instrumentation validation (telemetry completeness, parsing quality, alert fidelity, logging pipeline reliability). - Coordinate cleanly with the CSSP: provide engineered signals, detection content, and automation that improves downstream monitoring and response outcomes. - Produce clear technical deliverables (engineering notes, detection documentation, dashboards/coverage maps, stakeholder-ready updates) with minimal editing. Qualifications - Active DoD Secret secret clearance. - Role-required security certification such as: CFR, CCNA Cyber Ops, CCNA-Security, CHFI, CySA+, GCFA, GCIH, SCYBER. - Demonstrated experience in cloud security engineering or security-focused platform engineering in enterprise/mission environments. - GCP strongly preferred (AWS/Azure acceptable with ability to ramp quickly in GCP). - Strong proficiency in cloud logging/telemetry design, including integration into VDSS/SIEM/SOAR platforms. - Hands-on experience with automation and APIs (Python/Go/Bash, REST/JSON, gcloud/SDKs) to build repeatable security workflows. - Experience with Kubernetes/container security concepts; ability to instrument and operationalize GKE audit/runtime telemetry. - Practical incident-response awareness (evidence preservation and containment guidance) — not a primary duty, but able to support when needed. - Strong writing/briefing skills; can deliver precise, customer-ready outputs with minimal oversight. - Comfort operating in a high-change environment with competing priorities and frequent stakeholder engagement. - Cloud certification preferred (e.g., CCSP or Google Professional Cloud Security Engineer, Professional Cloud DevOps Engineer, Professional Cloud Network Engineer). Company Description Tetrad Digital Integrity (TDI) is a cybersecurity firm built for high-consequence environments where mission, complexity, and trust intersect. Our single focus has been delivering cyber solutions to effectively manage risk & the business of cyber for 25 years! TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States. TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.