AI Penetration Testing Specialist
Job in
Kuwait City, Kuwait
Listed on 2026-07-07
Listing for:
International Turnkey Systems - ITS
Full Time
position Listed on 2026-07-07
Job specializations:
-
Software Development
AI Engineer (Applied/Software), AI QA / Validation Engineer, Python
Job Description & How to Apply Below
For a well-known Islamic Bank in Kuwait
, we are hiring an AI Penetration Tester to join VMPT team and lead hands‑on security testing for LLM/GenAI, ML, and AI‑enabled applications (chatbots, RAG, AI agents, model APIs, and AI‑assisted business workflows). The role blends traditional penetration testing + secure code review + vulnerability assessment with AI red teaming focused on modern AI risks such as prompt injection and insecure output handling as documented by OWASP’s Top 10 for LLM Applications.
Candidate is expected to have experience in assessing Python‑based AI development and Azure AI / Azure OpenAI / Microsoft Foundry‑hosted model endpoints
.
- Plan and execute AI penetration tests for LLM/GenAI and ML solutions across the bank (AI apps, AI gateways, model endpoints, orchestration layers, RAG pipelines, plugins/tools).
- Design test cases aligned to OWASP Top 10 for LLM Applications (e.g., prompt injection, insecure output handling, sensitive info disclosure, supply‑chain risks).
- Perform adversarial testing using threat‑informed techniques and references such as MITRE ATLAS (adversary tactics/techniques for AI systems).
- Validate security of agentic workflows (tool invocation, function calling, permissions, memory, connectors) and verify least privilege + authorization boundaries.
- Build Python‑based test harnesses for repeatable AI security testing (fuzzing prompts, jailbreak suites, regression tests, evaluation scoring).
- Use and extend PyRIT (Python Risk Identification Tool) or equivalent frameworks to probe for jailbreaks/harms and automate adversarial scanning.
- Where applicable, leverage Microsoft Foundry capabilities such as the AI Red Teaming Agent (preview) that integrates PyRIT red‑teaming features.
- Conduct secure code review (particularly Python) for AI application layers: prompt templates, RAG retrieval logic, output post‑processing, input validation, secrets handling, authZ checks, and logging.
- Identify and help fix design flaws enabling data leakage, prompt manipulation, unsafe tool usage, or insecure output flows.
- Perform web/API/cloud penetration testing for AI‑enabled applications (auth, session, API abuse, SSRF, injection, misconfigurations, secrets).
- Run vulnerability assessments, triage findings, define severity, and validate remediation (re‑test).
- Bachelor’s degree in computer science, Cybersecurity, Software Engineering, or related discipline.
- 3–7 years in penetration testing / application security / red teaming.
- Demonstrated experience testing LLM/GenAI systems (prompt injection, jailbreaks, data exfiltration patterns, agent/tool abuse).
- Strong hands‑on Python for security automation and test harness development.
- Practical experience with Azure security concepts (identity, networking, secrets, logging) and exposure to Azure AI / Azure OpenAI / Foundry style deployments.
- Strong report writing, clear communication, ability to work with developers on remediation.
- Off Sec OSCP / OSCP+
- GIAC GPEN
- Microsoft Certified:
Azure Security Engineer Associate (AZ-500) - ISC2 CCSP
- Off Sec OSWE (advanced web exploitation / white‑box testing)
- Burp Suite Certified Practitioner (BSCP)
- Microsoft Certified:
Azure AI Engineer Associate (AI-102) (helps align with Azure AI implementation patterns).
- Python, Git, CI/CD integration
- Burp Suite, common PT tool chains (Kali, scanners, API tooling)
- Azure security controls (identity, key management, logging/monitoring)
- AI red‑teaming tooling (e.g., PyRIT / Foundry scans)
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×