AI Cybersecurity Engineer
Location
Egypt
Posted
4 days ago
Salary
0
Seniority
Mid Level
Job Description
AI Cybersecurity Engineer
Xenon7
Role Description As a leading financial institution in Egypt, we are heavily investing in localized AI and Machine Learning capabilities to drive innovation while maintaining total data sovereignty. Our Cybersecurity Department is looking for a highly skilled AI Cybersecurity Engineer with a deeply offensive mindset. Operating entirely within our secure, high-performance on-premises infrastructure, you will act as an internal adversary. Your mission is to proactively threat model, simulate advanced cyberattacks (Red Teaming), and manage algorithmic risks to detect and neutralize vulnerabilities in our AI systems before they can be exploited. Key Responsibilities - Predictive AI Threat Modeling: Lead advanced threat-modeling exercises across the bank’s localized AI/ML pipelines, data repositories, and training environments. Anticipate sophisticated attacker behaviors to design preemptive security guardrails before models are moved to production. - AI Red Teaming & Offensive Simulations: Conduct targeted offensive operations and ethical hacking against our on-premises AI infrastructure. Simulate real-world adversarial attacks, including data poisoning, model inversion, membership inference, evasion attacks, and prompt injection. - Framework Mapping with MITRE ATLAS: Implement and operationalize the MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) framework. Map identified vulnerabilities to ATLAS tactics and techniques to build a robust, AI-specific defensive matrix aligned with traditional MITRE ATT&CK. - On-Premises Infrastructure Hardening: Assess and secure the physical and virtual infrastructure hosting our AI workloads, including bare-metal GPU clusters, local containerized environments (Kubernetes/OpenShift), and private data registries, ensuring strict isolation from external threats. - Proactive Risk Management & Early Detection: Collaborate with the SOC and data engineering teams to build predictive detection use-cases and custom alerts. Identify the early warning signs of an AI-targeted attack or data exfiltration attempt before malicious actors can compromise model integrity. Qualifications - 5+ years of dedicated experience in Offensive Security, Red Teaming, or Advanced Penetration Testing, with a proven pivot and at least 2 years of hands-on experience securing or attacking AI/ML workloads. - Prior experience working within a regulated financial institution in Egypt. Understanding of the security constraints, compliance mandates, and audit rigor required by the Central Bank of Egypt (CBE) for on-premises operations. - Expert-level knowledge of MITRE ATLAS and the OWASP Top 10 for Large Language Models (LLMs). Proven track record of translating these theoretical frameworks into practical, automated offensive playbooks. - Strong proficiency in Python or bash scripting to build custom exploit or testing tools. - Deep understanding of on-premises infrastructure components (Linux administration, private networking, storage area networks). - Direct experience with container security (Docker, Kubernetes) and secure MLOps pipelines. Requirements - Bachelor’s degree in Computer Science, Cybersecurity, Computer Engineering, or a strictly related field. - Highly valued offensive certifications: OSCP, OSCE, CRTP, or GPEN, alongside any specialized AI/ML security credentials. - A relentlessly curious, adversarial mindset balanced with strong risk management disciplines. - The ability to clearly articulate complex, highly technical AI vulnerabilities into actionable remediation plans for data scientists and senior banking executives. - Fluency in English. Benefits - Attractive, market-leading salary package. - Clear career advancement path with professional development opportunities.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Role Description - Responsible for developing and executing penetration testing, red-blue confrontation, and practical attack and defense drills that simulate real attack scenarios, identifying potential security risks in enterprise networks, applications, cloud environments, work networks, and core business systems. - Lead or participate in red-blue confrontation exercises to evaluate the defense team's ability in attack detection, alarm analysis, traceability analysis, emergency response, and recovery. - Based on the real attack chain design exercise scenario, covering: - Extranet breakthrough - Web vulnerability exploitation - Phishing entrance - Privilege escalation - Lateral movement - Data discovery - Privilege maintenance - Defense bypass stages - Combining the attack review results, promote the continuous optimization of security detection rules, response processes, asset governance, and security baselines. - Identify enterprise network exposure, internet assets, cloud assets, APIs, supply chain components, and third-party access risks, evaluate attack paths, and provide mitigation recommendations. - Monitor and collect threat intelligence, track vulnerability exploitation trends, APT attack methods, red team toolchain changes, and apply them to enterprise attack and defense exercises. - Combining business scenarios to model attack paths and discover feasible attack chains from external exposure surfaces to core assets. - Tracking AI-related security risks, including security issues in large-scale model applications, RAG systems, Agent systems, plug-in/tool calls, MCP services, AI code generation, and automated workflows. - Responsible for the security evaluation of AI applications, intelligent agent systems, RAG Knowledge Base, AI Agent toolchain, and model services within the enterprise. - Research and verify large-scale model-related attack techniques, including: - Prompt Injection - Jailbreak - Indirect Prompt Injection - Data leakage - Unauthorized tool invocation - Security risks caused by model illusions - RAG poisoning - Vector library pollution - Sensitive information leakage - Design AI red team test cases and evaluation framework, and conduct security verification on model input and output, context isolation, permission control, tool call chain, and data access boundary. - Participate in the construction of AI security protection plan, including: - Prompt word security policy - Content security detection - Tool call permission constraints - Sensitive data desensitization - Audit tracking - Agent sandbox isolation and security evaluation benchmark construction - Explore the application of AI in red team automation, vulnerability analysis, attack path planning, PoC verification, and report generation, and promote the platformization, automation, and intelligence of attack and defense capabilities. - Develop and optimize Red Team-specific tools and scripts for: - Vulnerability mining - Information collection - Privilege escalation - Lateral movement - Credential analysis - Traffic disguise - Defense bypass - Automated report generation - Research and validate new attack techniques, and simulate real threats in combination with enterprise business scenarios. - Build or participate in the construction of automated security evaluation platform, integrated vulnerability scanning, audio fingerprint recognition, asset mapping, PoC verification, attack path analysis, AI Agent arrangement and other capabilities. - Combining LLM/Agent technology to explore automated penetration testing, intelligent vulnerability verification, code security auditing, and red team task scheduling. - Conduct security evaluations on critical business systems, internal networks, cloud environments, work endpoints, API services, and AI applications, and output detailed technical reports, attack paths, impact analysis, and repair recommendations. - Output AI security evaluation reports for AI applications, including: - Attack examples - Risk levels - Exploitable paths - Data leakage risks - Permission boundary issues - Governance recommendations - Assist in improving enterprise security protection mechanisms, promote optimization of WAF, EDR, SIEM, NDR, HIDS, zero trust, identity permissions, and log auditing capabilities. - Transform attack and defense discovery into security detection rules, baseline specifications, develop security requirements, and continuous governance mechanisms. - Collaborate with the blue team, security operation, infrastructure, R&D, algorithm, data, and business teams to complete attack review, vulnerability repair, detection rule optimization, and security capability building. - Provide security support to other departments of the enterprise, including emergency response drills, development security consulting, AI application pre-launch security review, and security training. - Participate in the security design review of AI applications and security products, and promote the advance of security capabilities in R&D, testing, and Pushonline. Qualifications - Proficient in basic knowledge of cyber security, including TCP/IP protocol, network architecture, identity authentication, access control, principles and configurations of common security devices. - Proficient in common attack techniques and red team toolchains, such as Sliver, Cobalt Strike, NPS, Burp Suite, Metasploit, Nmap, Masscan, Frida, Impacket, etc. - Familiar with mainstream operating systems Windows, Linux, macOS security mechanism, log system, permission model and common use. - Familiar with common web frameworks, API architectures, microservice structures, containers, and security risks in Kubernetes environments. - Proficient in penetration testing and red team processes, including: - Information collection - Vulnerability scanning - Vulnerability exploitation - Intranet penetration - Privilege escalation - Lateral movement - Privilege maintenance - Data discovery - Trace cleaning - Familiar with the working principles and adversarial methods of enterprise-level security products, including WAF, EDR, SIEM, NDR, HIDS, zero-trust gateway, bastion host, and identity authentication system. - Possess independent vulnerability analysis and PoC writing capabilities, able to reproduce, verify, and assess the impact of public vulnerabilities and 0day/1day risks. - Proficient in one or more programming/scripting languages, such as Python, Go, Bash, PowerShell, JavaScript, etc., with experience in tool development and automation platform construction. - Familiar with the basic architecture of large-scale model applications, familiar with technical forms such as Prompt, RAG, Embedding, vector databases, Agent, Function Calling, MCP, plugin systems, etc. - Understand or practice AI security testing methods, including: - Prompt Injection - Jailbreak - RAG data poisoning - Sensitive information leakage - Unauthorized tool invocation - Model output security - Agent permission escape - Able to design security test cases for AI applications, evaluate model input/output, context isolation, data boundaries, permission control, and tool invocation chain risks. - Experience in using AI to assist security work, including: - Vulnerability analysis - Code auditing - Intelligence analysis - Attack path planning - Report generation - Automated testing - Familiar with AI application security governance ideas, including: - Model call auditing - Prompt word security - Sensitive data protection - Content security detection - Permission minimization - Sandbox isolation Requirements - More than 5 years of experience in red team, penetration testing, security research, or offensive and defensive exercises. - Candidates with experience in large-scale enterprise attack and defense drills, red-blue confrontation, HW/major support, cloud attack and defense, or intranet penetration are preferred. - Candidates with experience in AI security, large-scale model security, intelligent agent security, automated penetration testing platform or security tool platform construction are preferred. - Familiar with enterprise security construction system, able to promote defense capability, detection capability, and governance process optimization from an attack perspective. Other capabilities - Priority will be given to those who hold security-related certifications such as P, OSCE, CISSP, CISP, CEH, CISSP, CCSP, etc. - Possess strong document writing and expression abilities, able to output high-quality technical reports, review documents, attack chain analysis, and security construction plans. - Possess good problem analysis ability, learning ability, teamwork ability, and stress resistance. - Be sensitive to new technologies, new attack surfaces, and new tools, and be able to proactively research and share internally. Bonus points - Familiar with Cloud Computing Platform security and cloud attack and defense technologies, such as AWS, Azure, GCP, Tencent Cloud, Alibaba Cloud, etc. - Familiar with Kubernetes, containers, Service Mesh, CI/CD, DevSecOps and supply chain security. - Possess experience in zero trust, secure operation, threat hunting, attack surface management, and vulnerability management platform construction. - Familiar with MCP Server, AI Agent framework, RAG system, vector database, LLM API gateway, model security evaluation framework. - Experience in Automated Red Team, AI Penetration Testing, Intelligent Vulnerability Verification, Agent Orchestration, Security Knowledge Base or Security RAG System Construction. - Experience in vulnerability submission, CVE, technical articles, open source projects, topic sharing, or tool release in the security community. - Familiar with security frameworks such as MITRE ATT&CK, OWASP Top 10, OWASP LLM Top 10, NIST AI RMF, etc. Benefits - Study Growth Fund: We support your professional development and continuous learning. - Internal Events: Participate in regular team-building activities, workshops, and events designed to promote collaboration and innovation. - Global Collaboration: Be part of a diverse, international team, working alongside colleagues from around the world. - Career Advancement: Access opportunities for growth and advancement within a rapidly expanding global company. - Internal Mobility: Grow with us - Your long-term development is important to us. We offer internal job opportunities to help build your career path.
Role Description The Sr. Security Engineer is responsible for testing physical, logical, and electronic protection of data, including: - Cloud - Corporate - Web application - Access control - Intrusion detection/prevention - Virus protection Additionally, the role involves: - Digital Forensics - Software Development - Vulnerability Research - Reverse Engineering - Software/Hardware Engineering - Operational Consultancy (e.g., Red Teaming/Hunt, Mission Evaluation) - Performing incident response - Working in the global security operations center - Identifying current and emerging cyber events - Developing countermeasures with known and/or discovered indicators Qualifications - Bachelor's degree preferred. Three additional years of related experience beyond the minimum may be substituted in lieu of a degree. - Three years of IT engineering experience - 5+ years of cybersecurity incident response participation (Preferred) - Certified Information Systems Security Professional (CISSP) certification (Preferred) - Knowledge of operating systems internals and endpoint security experience - General knowledge of APT campaigns, Tools, Techniques, & Procedures (TTP), malware attack vectors, memory injection techniques, and malware persistence mechanisms - Ability to obtain at least a Top Secret clearance Requirements - Resolve incidents and problem tickets, escalated to the Incident Response Team, issued against supported devices within published SLAs - Identify opportunities for process improvement and automation of repetitive tasks leveraging a SOAR platform - Operate security operations technology (SIEM/EDR) and provide ongoing system support and advice to other users of this technology - Devise and implement approaches to monitor applications and data flows via effective information dashboards for operational metrics, end-to-end system data processing, incident management, change control, and compliance - Use monitoring data in combination with other sources to analyze the risk of a successful attack - Proactively recommend new tools, techniques, and procedures to enhance SOC performance and quickly learn new tools as they are introduced - Actively search all areas of the internal network for hidden threats and vulnerabilities - Assist in the development and documentation of policies and processes - Support audits and compliance efforts - Participate in red/blue/purple team exercises as needed to analyze threat scenarios and assess internal defenses. Document results - Engage positively across multiple teams to establish clarity, vision, and mutual trust in order to achieve business goals - Adhere to industry-specific local, state, and federal regulations, as applicable - Other duties as assigned Benefits - Constellis offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflect its commitment to creating a diverse and supportive workplace.
• Manage, monitor, and maintain network security infrastructure with a focus on Fortinet solutions (FortiGate, FortiManager, FortiAnalyzer, FortiSwitch/FortiAP as applicable) • Perform day-to-day security operations: firewall policy management, VPN configuration and troubleshooting, traffic analysis, and incident response support • Design, implement, and maintain routing, switching, and network segmentation configurations in coordination with the client's network team • Monitor security events and logs, triage alerts, and escalate/respond to incidents per client protocols • Conduct firewall rule audits, policy optimization, and security posture reviews • Support patching, firmware upgrades, and change management processes for Fortinet devices • Troubleshoot complex network and security issues across LAN/WAN, VPN, and perimeter security layers • Document configurations, standard operating procedures, and incident reports • Collaborate with client stakeholders remotely, ensuring clear communication and timely delivery within the project's operational hours
Role Description The Cloud Security Engineer provides support for the implementation, troubleshooting, and maintenance of information security infrastructure and any process related to these systems in a Security Operations / IT Infrastructure environment. They will have a detailed understanding of cloud platforms, such as Microsoft Office 365 and Azure, on-premises infrastructure for policy maintenance, software/hardware security implementation and best practices, as well as scripting and relevant development skills to leverage automation and create custom connectors and analytics rules in a Microsoft Sentinel Environment. A successful candidate will also be well versed in security threats, exploits, and vulnerabilities which impact systems, networks, and assets and will utilize their abilities and experience to protect client environments. Thorough experience with Security Hardening across multiple products (Azure, O365, Active Directory), Endpoint Detection and Response technologies and understanding the implementation and support for those technologies is imperative to the success in this role. Essential Responsibilities (include but are not limited to): - Architect, establish and maintain best practices of implementation for our products/services. - Configure, implement, and support all production security tools and technologies. - Maintain excellent documentation (SOPs) for all security tooling implementation, support, troubleshooting, etc. - Troubleshoot issues with security toolsets within client environments. - Execute projects related to client onboarding – portal configuration, agent deployment, best practices configuration, systems auditing. - Actively work with other team members on security events that require urgent response, containment and remediation. - Provide ongoing recommendations on toolset tuning and best practices. - Ability to discuss security posture with multiple clients and make recommendations to better their holistic security approach. - Triage incoming support tickets and requests related to security tools managed by CyberSheath. - Take part in daily shift changeover meetings at the beginning and end of shifts. - Provide support for cloud-based SIEM, EDR, and Anti-Spam/Phishing products. - Provide support for additional security tools such as, but not limited to: SOAR, MFA, Encryption, and Vulnerability Management platforms. - Assist with triage of alerts as necessary. Qualifications - Minimum of 5 years’ experience with successful implementation of security products, security best practices, security device policies for small and large enterprises. - Minimum of 3 years' experience in Security Administration, and a deep understanding of how security interfaces/impacts with other IT teams/business objectives. - Deep understanding of Office 365 / Azure AD security tooling, policies and implementation, Azure AD / O365 reporting. - Networking understanding / working experience (TCP/IP, Routing, VPN). - Must be a U.S. Citizen and reside within the United States or its Territories. - Exceptional analytical and problem-solving skills. - Excellent communication skills to communicate with support personnel, customers, and managers. - Ability to work independently, remotely, and as part of a team. Requirements - Thorough working experience with the following products/technologies: KnowBe4, CrowdStrike, SAML/SSO, Okta, Intune, Cisco Umbrella, Rapid7, Defender for Endpoint, Defender for Office 365, Abnormal Security, Avanan. - Understanding of CIS (Center for Internet Security) benchmarks and implementation. - Working experience with DLP technologies/software (Office 365 native or third-party) is a plus. - Experience with Business Intelligence software for reporting (Power BI, BrightGauge, etc.). - Software development, coding, and/or advanced scripting experience is a plus. - Working expertise with Microsoft Sentinel, Google Chronicle, or Splunk. - Certifications related to Microsoft Azure and Microsoft Security products. Work Environment - Remote. - Please note that this role will be part of our SOC on-call rotation. Budgeted Pay Range $85,000 — $100,000 USD

