Job Description
· Lead and execute AI security assessments of Copilot-like apps, LLM applications, RAG pipelines, and agent/tool integrations.
· Formalize and operationalize an AI testing methodology (scope → test plan → execution → reporting → retest) suitable for regulated enterprise use.
· Stand up and mature non-prod AI testing infrastructure and repeatable workflows (safe test data, access patterns, evidence capture, reusable harnesses).
· Enable existing pentesters via training, playbooks, reusable test packs, and quality review of findings/evidence.
· Drive governance and defensibility: human-in-the-loop decisions, safe testing constraints, reproducible evidence, and consistent severity rationale.
· Communicate outcomes to technical teams and leadership: themes, control gaps, remediation priorities, and validation results.
· Demonstrated hands-on experience assessing AI-enabled applications, including one or more of:
o LLM application security testing (prompt injection, data leakage, insecure output handling)
o RAG security testing (retrieval manipulation, ingestion risks, exposure paths)
o Agent/tool integration testing (tool boundary violations, unintended actions, privilege misuse)
· Strong understanding of AI/LLM risk categories and how they translate into enterprise impact (confidentiality, integrity, availability, operational risk, and regulatory/audit concerns).
· Ability to design safe, controlled testing approaches for AI systems (rules of engagement, non-prod usage, safe test inputs, rate/cost controls where applicable).
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Required Skills & Experience
· 10+ years in penetration testing, red teaming, and/or application security, including end-to-end delivery (scoping, execution, reporting, retest).
· Deep hands-on capability in web and API security testing, including authentication/authorization, session management, access control, and data flow analysis.
· Experience testing complex enterprise environments (SSO/IdP integrations, tokens, service-to-service auth, secrets management, logging/telemetry considerations).
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.