Security, Identity & Intelligence On Every Voice
Senior Security Engineer, Red Team
Location
United States
Posted
4 days ago
Salary
$140K - $165K / year
Seniority
Senior
Job Description
Senior Security Engineer, Red Team
Pindrop
• As a Security Engineer (Red Team), you will help Pindrop proactively identify and exploit weaknesses across product, cloud, and AI-powered systems so we can strengthen defenses before adversaries do. • Design and execute red team operations against Pindrop’s GenAI systems, LLM pipelines, RAG architectures, autonomous agents, APIs, SaaS products, and cloud environments, simulating real-world attacks across both traditional and AI-specific attack surfaces. • Conduct adversarial testing focused on prompt injection, indirect prompt attacks, jailbreaking, model extraction, training-data poisoning, data leakage, inference abuse, and unauthorized output manipulation. • Use deepfake generation, voice synthesis, and related spoofing techniques to test and attempt to defeat Pindrop’s voice authentication and deepfake detection capabilities, helping identify model robustness and detection gaps. • Develop novel attack chains that combine GenAI vulnerabilities with infrastructure, application, identity, and API weaknesses to create realistic end-to-end threat scenarios. • Plan and execute full-scope penetration tests and support bug bounty efforts across Pindrop’s web applications, APIs, SaaS products, and AWS/GCP environments using commercial and open-source offensive tooling. • Perform architecture reviews, security code reviews, and threat modeling with emphasis on vulnerabilities introduced by AI/ML components, model integrations, and LLM-facing services. • Build automation for offensive security workflows, testing, compliance checks, alerting, and reporting using Python or similar scripting languages, including AI-native attack tooling where useful. • Partner closely with SecOps and security engineering to improve detections, tune response workflows, and translate red team findings into practical remediation and defensive improvements. • Stay current on GenAI security research, adversarial ML techniques, evolving threat intelligence, and relevant regulatory developments, then apply those insights to Pindrop’s security program.
Job Requirements
- 3+ years of hands-on penetration testing and red team experience across SaaS applications, cloud infrastructure, APIs, and web applications.
- Demonstrable experience attacking GenAI or LLM-based systems, including prompt injection, jailbreaking, indirect prompt attacks, model extraction, or adversarial input generation.
- Hands-on experience with deepfake tools, voice synthesis, or audio/visual spoofing technologies in an offensive or research context.
- Strong proficiency with offensive security tooling such as Burp Suite, OWASP ZAP, Nmap, Metasploit, Cobalt Strike, or equivalent frameworks.
- Experience configuring and operating SAST and DAST tools and integrating them into CI/CD pipelines.
- Proficiency in at least one scripting or programming language, with Python strongly preferred, for custom attack tooling and workflow automation.
- Familiarity with AI-specialized security tools or frameworks such as Garak, PyRIT, Claude Security, or similar adversarial ML tooling.
- Strong understanding of cloud security architecture, container security, API security, and common security standards including ISO 27001/27002, NIST, CIS, PCI DSS, OWASP, and SOC 2.
Benefits
- Competitive compensation package, including RSUs (Restricted Stock Units) for all employees, so everyone shares in our long-term success.
- Remote-first environment - giving you flexibility and autonomy in how you structure your day.
- While we work flexibly, we prioritize meaningful in-person moments through regular team on-sites, company-wide events, and intentional gatherings that foster connection, collaboration, and shared success.
- Unlimited Paid Time Off (PTO)
- Generous health and welfare plans to choose from - including one employer-paid “employee-only” plan!
- Best-in-class Health Savings Account (HSA) employer contribution
- Low-cost vision and dental plans for you and your family, providing comprehensive coverage and peace of mind.
- Paid Parental Leave - Including birth, adoptive & foster parents
- One year of diaper delivery for your newest addition to the family! It’s our way of welcoming new Pindroplets to the family!
- Recurring monthly phone and internet allowance to help cover essential connectivity costs and support flexible work.
- Enhanced fertility and GLP-1 benefits to support family-building journeys and personalized health needs.
- Annual Learning & Development stipend to support your professional growth, skill-building, certifications, and continued education.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Junior Hearing Attorney – Social Security Disability
MindSetA great culture leads to a dominantly successful business. We provide insights and techniques to build this culture.
• Client Consultation: Meet with clients to evaluate their eligibility for SSI/SSDI benefits, discuss case strategy, and prepare them for the disability hearing process. • Application & Appeals Assistance: Assist clients throughout the Social Security Disability claims and appeals process, ensuring applications and supporting documentation are accurate, complete, and positioned for success. • Hearing Representation: Represent clients during hearings before Administrative Law Judges (ALJs), advocating on their behalf throughout the appeals process. • Evidence Gathering: Review and analyze medical records, employment history, vocational evidence, and other supporting documentation to strengthen disability claims. • Legal Research: Stay informed on SSA regulations, policies, and relevant case law to effectively advocate for clients and provide sound legal guidance. • Communication: Serve as the primary legal point of contact for clients while communicating with the Social Security Administration and other agencies as needed. • Advocacy: Passionately advocate for individuals living with disabilities, ensuring they receive the benefits they deserve. • Technology & Case Management: Utilize cloud-based legal technology, digital case management systems, Google Workspace, Slack, and AI-assisted tools to efficiently manage caseloads in a fully remote environment. • Collaboration: Partner closely with case managers, legal support staff, and fellow attorneys to deliver exceptional client service and achieve successful outcomes.
Staff Product Security Engineer
SailPointAt SailPoint, we believe enterprise security must start with identity at the foundation. Today’s enterprise runs on a diverse workforce of not just human but also digital identities—and securing them all is critical. Through the lens of identity, SailPoint empowers organizations to seamlessly manage and secure access to applications and data at speed and scale. Our unified, intelligent, and extensible platform delivers identity-first security, helping enterprises defend against dynamic threats while driving productivity and transformation. Trusted by many of the world’s most complex organizations, SailPoint secures the modern enterprise.
Staff Product Security Engineer Overview SailPoint’s Cybersecurity organization is seeking a Staff Product Security Engineer with a passion for cybersecurity and protecting the organization. The ideal candidate combines strong application security expertise with practical software engineering experience and can effectively influence to build secure, resilient products at scale. This position reports to the Director of Cyber Product Security (CPS) and the successful candidate will join a team of security engineers who collaborate with stakeholders across the organization. This role will partner closely with Engineering and the other security teams within the Cyber organization to identify security risks, drive remediation efforts, and embed security throughout the product development process. Central to SailPoint’s product security program is the implementation of a shared security model that impacts all software developed by SailPoint. Under this model, CPS is responsible for multiple key areas affecting product security and collaborates with SailPoint's Engineering Product Security (EPS) team on areas of mutual responsibility. The shared responsibility model was developed to shift product security left, moving security checks to the earliest phases of our secure software development lifecycle. The staff product security engineer will have the opportunity to shape our future through process and technology optimization, capability acquisition and development, and maturation of our existing activities. They’ll already be comfortable with the 4 I’s at SailPoint (individual, Impact, Innovation, and Integrity) even if they’re new to the concept. They will embrace new challenges and will be a positive contributor to an already positive work culture and environment. Location is remote with the ability to work from anywhere within the continental United States. Key Responsibilities - Partner with Engineering teams throughout the software development lifecycle to identify and mitigate security risks, and implement secure deployment practices - Support threat modeling activities and help engineering teams implement appropriate security controls - Define and promote secure coding standards, security policies, best practices, and secure-by-design principles - Participate in the Cyber organization’s efforts to leverage AI across the team, as well as the use of AI in our SSDLC. - Partner with Engineering on improving security testing programs - Coordinate internal and external application and penetration testing initiatives - Validate vulnerability findings and prioritize remediation based on risk - Perform root cause analysis and recommend long-term security improvements - Collaborate with the Security Operations team on security monitoring and detection capabilities for applications and services - Triage, coordinate, and oversee remediation for security researcher disclosures via our bug bounty program - Develop security training, guidance, and technical documentation - Interact with other organizations at SailPoint as a consultant on security-related matters Required Qualifications Successful candidate will meet most, if not all of the following requirements: - 5-7 years of experience in product security, application security, software engineering, or a related field - Experience with security testing tools such as: SAST, SCA, DAST, Container security scanners - Experience with CI/CD security controls and DevSecOps practices - Familiarity with one or more programming languages such as Python, Go, Java, JavaScript/TypeScript, Ruby - Demonstrated ability to effectively use AI-powered tools and automation to enhance security engineering productivity, research, analysis, and remediation efforts - Knowledge of emerging AI security risks and best practices for securing AI-enabled applications, services, and development workflows - Deep expertise in threat modeling, secure architecture design, and vulnerability management - Experience influencing engineering organizations and driving security initiatives across multiple teams - Knowledge of artificial intelligence software security frameworks is strongly preferred, including OWASP AI Security and Privacy Guide, NIST AI Risk Management Framework, Cybersecurity AI (CAI), Open SSF AI/ML Security Framework. Core Competencies The successful candidate will: - Be a highly active observer of industry security trends and threats, remaining up to date on current cyber issues - Have a continuous learning mindset and passion for security - Have strong analytical and problem-solving skills - Be flexible, with the ability to balance security vs the needs of the business - Have excellent written and oral communications skills with demonstrated commitment to producing high quality documentation - Be able to translate technical risks into business impact - Be collaborative and able to foster relationships with teams we partner with First 90 Days: Discovery, Strategic Alignment, and Partnership - Strategic Alignment & Planning Integration: Deepen collaboration with key engineering and tooling leads by Day 90, reinforcing recurring touchpoints to integrate product security proactively into early planning cycles, roadmaps, and feature designs. - SDLC Optimization Assessment: Review the end-to-end Software Development Life Cycle (SDLC) by Day 60 to identify enhancement opportunities, accelerate "shift-left" practices, and further standardize secure-by-design deployment pipelines. - Asset & Dependency Inventory: Refine and centralize the inventory of supported products, underlying architecture, and third-party dependencies by Day 90 to deliver a highly visible, comprehensive single source of truth. First 6 Months: Advanced Tooling, Training, and Scalable Frameworks - Modernizing Tool Stack & AI Integration (Q3): Evaluate the current security tooling and implement state-of-the-art AI-assisted scanning across product code (utilizing tools like Cursor and Claude Enterprise) to further automate and scale security workflows. - Optimized Remediation & Board Metrics (Q4): Implement a highly scalable, risk-based vulnerability prioritization framework, optimizing Time to Remediate (TTR) metrics to provide clear, actionable risk visibility for executive leadership and the Board. - Security Champions & Developer Empowerment: Elevate developer security education and launch a formal "Security Champions" program by Day 180, embedding security advocates across core product lines to champion secure development practices. First 12 Months: Systemic Security Advancements and "Paved Roads" - Systemic Architecture Enhancements: Conduct comprehensive reviews of the production environment (including Kubernetes and containerized applications) to systematically address complex architectural security opportunities and build long-term environment resilience. - Standardizing "Paved Road" Configurations: Define, document, and roll out standardized, secure "paved road" configurations and guardrails, making secure deployment the friction-free path of least resistance for product teams. - Program Scaling & Mentorship: Maintain and scale updated product architecture documentation while continuously elevating team capabilities, autonomy, and cross-functional alignment through active, hands-on mentorship. Benefits and Compensation listed vary based on the location of your employment and the nature of your employment with SailPoint. As a part of the total compensation package, this role may be eligible for the SailPoint Corporate Bonus Plan or a role-specific commission, along with potential eligibility for equity participation. SailPoint maintains broad salary ranges for its roles to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect SailPoint’s differing products, industries, and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. We estimate the base salary, for US-based employees, will be in this range from (min-mid-max, USD): $174,200 - $293,702.00Base salaries for employees based in other locations are competitive for the employee’s home location. Benefits Overview 1. Health and wellness coverage: Medical, dental, and vision insurance 2. Disability coverage: Short-term and long-term disability 3. Life protection: Life insurance and Accidental Death & Dismemberment (AD&D) 4. Additional life coverage options: Supplemental life insurance for employees, spouses, and children 5. Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account 6. Financial security: 401(k) Savings and Investment Plan with company matching 7. Time off benefits: Flexible vacation policy 8. Holidays: 8 paid holidays annually 9. Sick leave 10. Parental support: Paid parental leave 11. Employee Assistance Program (EAP) and Care Counselors 12. Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options 13. Health Savings Account (HSA) with employer contribution SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law. Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact applicationassistance@sailpoint.com or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations. NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.
Identity and Access Management (IAM) Specialist
GovCIOGovCIO is a service-disabled-veteran-owned small business (SDVOSB) that offers technology services to improve business performance for government organizations.
Role Description GovCIO is currently hiring for an Identity and Access Management (IAM) Specialist to support enterprise identity, authentication, and access management services across cloud and SaaS environments. This position is responsible for designing and supporting enterprise identity solutions, integrating applications with Identity Providers (IdPs), implementing secure authentication frameworks, and establishing access governance policies. The IAM Specialist works closely with cybersecurity, infrastructure, application, and compliance teams to ensure secure, compliant, and scalable identity management solutions. This position will be fully remote within the United States. - Support the design, implementation, and administration of enterprise identity and access management solutions. - Establish secure authentication and authorization frameworks. - Integrate enterprise applications with identity services. - Support compliance with organizational security requirements. - Design and implement enterprise Identity and Access Management (IAM) solutions across cloud and SaaS environments. - Integrate applications with enterprise Identity Providers (IdPs) to support Single Sign-On (SSO), Multi-Factor Authentication (MFA), and identity lifecycle management. - Develop and maintain role-based access control (RBAC) models and access governance processes. - Collaborate with infrastructure, cybersecurity, and application teams to implement secure authentication and authorization services. - Support security compliance initiatives by implementing identity-related controls and maintaining required documentation. - Assist with continuous monitoring, access reviews, and remediation activities to support regulatory compliance. - Utilize SIEM platforms and log analysis tools to support identity-related monitoring, troubleshooting, and security investigations. - Develop technical documentation, implementation procedures, and operational guidance for IAM services. - Serve as a liaison between technical teams and security stakeholders to support secure identity management practices. Qualifications - Bachelor's with 0 - 2 years (or commensurate experience) - Experience designing and implementing enterprise Identity and Access Management (IAM) solutions. - Experience integrating applications with Identity Providers (IdPs) and supporting Single Sign-On (SSO) and Multi-Factor Authentication (MFA). - Experience implementing role-based access control (RBAC) and identity governance processes. - Knowledge of identity lifecycle management and enterprise authentication technologies. - Experience supporting security compliance, access reviews, and audit activities. - Familiarity with SIEM platforms such as Splunk, ELK Stack, or Microsoft Sentinel. - Understanding of log analysis, security event monitoring, and incident investigation. - Strong analytical, problem-solving, and communication skills. Requirements - Clearance Required: Preferred Skills and Experience - Experience supporting AWS, Azure, or other cloud environments. - Familiarity with NIST SP 800-53, Zero Trust Architecture, and federal cybersecurity requirements. - Experience with Microsoft Entra ID (Azure AD), Okta, SailPoint, Ping Identity, CyberArk, or similar IAM platforms. - Direct experience supporting the Department of Veterans Affairs. Posted Salary Range USD $70,000.00 - USD $80,000.00 /Yr.
Information Security Specialist – Detection, Response and Engineering
PortobelloExciting New Fashion Game - forward Thinking in a Changing World
• Technical owner of the information security operations platform, responsible for the architecture, strategy, and maintenance of detection controls, incident response, vulnerability management, identity management, and perimeter governance. • Primary technical reference for the area, contributing to the evolution of process maturity and the technical development of the team.




