Senior Security Engineer (AI Red Team & AI-Assisted Penetration Testing)

關於職位

地點
Portugal
Porto
Porto
遠程辦公或者公司辦公
混合模式(遠程辦公/公司辦公)
公司
Siemens Energy Unipessoal Lda.
組織
EVP Global Functions
業務單位
Cybersecurity
全職/兼職
全職
經驗等級
高級專業人士

A Snapshot of Your Day

In this role, you will perform advanced red team and penetration testing with a strong focus on AI‑enabled and AI‑targeting techniques. You will assess both classical IT/OT environments and AI‑driven systems, validate and scale AI‑assisted security tooling, and identify real‑world risks across models, pipelines, and applications. By combining deep manual testing with responsible AI adoption, you will help teams understand, mitigate, and securely deploy AI technologies in an international environment.

How You’ll Make an Impact

  • Assess IT/OT infrastructures, products and services using red team and penetration test methods with an explicit focus on AI-enabled/AI-targeting techniques (AI-assisted recon, vulnerability discovery, exploitation support, and reporting), while maintaining strong manual testing depth.
  • Test and validate AI-driven security tools (e.g., LLM-based pentest assistants, agentic scanning workflows, code-audit assistants) by defining evaluation criteria, benchmarking accuracy/coverage, and verifying results with reproducible manual validation.
  • Design, build and continuously improve an AI-driven red team platform (workflow orchestration, knowledge base/RAG, tool integrations, auditability, …) to scale engagements safely and consistently across teams.
  • Perform security assessments of AI-enabled products and AI including prompt injection, indirect prompt injection, tool/plugin abuse, data exfiltration, jailbreaks, insecure output handling, supply-chain risks, and model-level/ML pipeline threats.
  • Drive vulnerability research and threat modeling for both classical and AI-specific attack paths; develop proof-of-concepts (scripts, harnesses, prompts, agent workflows) to demonstrate impact, rate findings (e.g., CVSS where applicable), and provide clear remediation guidance.
  • Communicate AI and security risks to engineers and management; run lessons learned; coach teams on secure-by-design AI adoption (guardrails, data handling, evaluation, monitoring) and contribute to internal standards, playbooks, and training.

What You Bring

  • Bachelor’s degree (or higher) in Computer Science, IT, Engineering, Data Science, or related field; demonstrated specialization in cybersecurity and/or applied AI.
  • 3+ years of hands-on penetration testing or red team experience, plus proven experience applying automation/AI to scale offensive security work (tooling, scripting, pipelines, or platforms).
  • Strong knowledge of modern attack methods and hands-on pentest toolchains (e.g., Burp Suite, Nmap, Metasploit, Kali) combined with strong Python development skills and experience integrating/testing AI-based tools (LLM APIs, agent frameworks, retrieval, evaluation/benchmarking, and secure prompt engineering).
  • Ability to explain complex technical topics (security and AI) to both engineering teams and management, including limitations/uncertainty of AI-driven results and how they were validated.
  • Practical experience assessing AI-enabled applications and architectures (APIs, microservices, cloud services, plugins/tools) and identifying AI-specific issues such as prompt injection, insecure tool invocation, data leakage via retrieval, and insecure output handling; experience with threat modeling is required.
  • Proficiency in Python and at least one additional language (e.g., C/C++, Java, .NET) plus solid understanding of ML/LLM fundamentals (training vs. inference, embeddings, retrieval, evaluation). Experience with CI/CD, containers, and MLOps/LLMOps concepts (model/prompt versioning, telemetry, secure deployment) is highly valued. OT/ICS know-how (PLC/SCADA) remains a plus.
  • Fluent English (verbal and written) including security and AI terminology; German is a plus.
  • Experience with AI security guidance and testing methodologies (e.g., OWASP Top 10 for LLM Applications, NIST AI RMF, MITRE ATLAS) and translating them into practical red team playbooks.
  • Certifications such as OSCP/OSCE/CRTO, cloud security certifications, and/or AI/ML security coursework are preferred but not required.
  • Background in security standards and governance (e.g., ISO/IEC 27001, IEC 62443, CRA) and the ability to extend controls/assurance concepts to AI systems (data governance, logging, evaluation, and third-party model risk).
About the Team

Our Global Functions play a key role in advancing the company's central initiatives and maintaining operational excellence across different groups, business areas, and regions. These roles support our vision to become the most valued energy technology company in the world. As part of our team, you supply to our vision by shaping the global energy transition, partnering with our internal and external collaborators, and conducting business responsibly and in compliance with legal requirements and regulations.

Who is Siemens Energy?

At Siemens Energy, we are more than just an energy technology company. We meet the growing energy demand across 90+ countries while ensuring our climate is protected. With more than ~100,000 dedicated employees, we not only generate electricity for over 16% of the global community, but we’re also using our technology to help protect people and the environment.

Our cross-border team is committed to redefining the energy sector by exploring new possibilities to achieve balanced, reliable, and affordable energy solutions. We uphold a 150-year legacy of innovation that encourages our search for people who will support our focus on decarbonization, new technologies, and energy transformation.

Find out how you can make a difference at Siemens Energy: https://www.siemens-energy.com/employeevideo

Our Commitment to Diversity

Lucky for us, we are not all the same! Through diversity, we generate power. We run on inclusion and our combined creative energy is motivated by over 130 nationalities. Siemens Energy celebrates character – no matter what ethnic background, gender, age, religion, identity, or disability. We energize society, all of society, and we do not discriminate based on our differences.

Rewards/Benefits

  • In addition to an attractive remuneration package in line with the market, you can expect an attractive employer-financed company pension scheme
  • We also offer the opportunity to become a Siemens Energy shareholder
  • We offer our employees the opportunity to work flexibly and remotely, and our inspiring offices provide space for collaboration and creativity
  • The professional and personal development of our employees is very important to us. We provide them with the opportunities to learn and develop in a self-determined way, various attractive programmes and learning materials are available for this purpose
  • In relation to the "compatibility of family and work", we have a wide range of offers, e.g. flexible working time models, childcare places at many locations, the possibility of trial part-time work or even a sabbatical  

Jobs & Careers

#LI-GG1

#LI-Hybrid