Senior Penetration Tester / Red Team Security Engineer

About Ascendion

Ascendion is an AI-native software engineering disruptor helping businesses innovate faster, smarter, and with greater impact. We partner with enterprise clients across North America, the UK, Europe, and APAC to solve complex challenges in data, experience design, software product engineering, and workforce transformation. Powered by expert engineers, thousands of AI agents, and our Engineering to the Power of AI (EngineeringAI) method, we deliver measurable outcomes that build trust, unlock value, and accelerate growth.
Learn more at  https://ascendion.com/.

Engineering to the Power of AI™, AAVA™, Engineering^AI, Engineering to Elevate Life™, Enterprise Platforms^AI, Data & Insights^AI, Experience^AI, GCC^AI, Operations^AI, Platform Engineering^AI, Product^AI, and Quality Engineering^AIare trademarks or service marks of Ascendion^®. AAVA™ is pending registration. Unauthorized use is strictly prohibited.

Ascendion | Engineering to elevate life

We have a culture built on opportunity, inclusion, and a spirit of partnership. Come, change the world with us:

• Build the coolest tech for the world’s leading brands
• Solve complex problems - and learn new skills
• Experience the power of transforming digital engineering for Fortune 500 clients
• Master your craft with leading training programs and hands-on experience

Experience a community of change makers!

Join a culture of high-performing innovators with endless ideas and a passion for tech. Our culture is the fabric of our company, and it is what makes us unique and diverse. The way we share ideas, learning, experiences, successes, and joy allows everyone to be their best at Ascendion.

About the RoleJob Title: Penetration Tester / Red Team Security Engineer1. Review and Validate Agent Outputsa. Review AI-agent outputs, including findings, reports, logs, tool outputs, execution traces, code-review results, design-review results, and remediation recommendations.
b. Assess validity, evidence quality, severity, exploitability, false positives, missed issues, and actionability.2. Assess Remediation Qualitya. Review proposed or implemented fixes to determine whether they address the underlying issue.
b. Identify incomplete or bypassable fixes, regressions, residual risks, and cases where additional defense-in-depth controls are needed.3. Analyze Agent Behavior and Recommend Improvementsa. Analyze gaps in agent behavior, including exploration, validation, reasoning, tool use, evidence collection, prioritization, reporting, and remediation guidance.
b. Recommend practical improvements to assessment quality, workflows, validation methods, tool usage, task design, remediation guidance, and reporting.4. Perform Security Assessments and Benchmarkinga. Perform hands-on security testing and review for benchmarking or evaluation purposes, including penetration testing, secure code review, design review, and remediation validation.
b. Configure, run, troubleshoot, and evaluate tools, platforms, competitor offerings, or AI-assisted systems being benchmarked.
c. Document methodology, coverage, findings, evidence, reproduction steps, severity, exploitability, and remediation recommendations. Help ensure benchmark comparisons are fair, reproducible, well-scoped, and grounded in realistic security expectations.5. Support Benchmark and Evaluation Designa. Create, review, or refine benchmark and evaluation materials, including realistic security tasks, vulnerable targets, code-review examples, design-review scenarios, remediation-validation tasks, ground-truth labels, scoring rubrics, and evaluation criteria.
b. Define standards for correct findings, false positives, missed vulnerabilities, partial or complete remediation, acceptable evidence, assessment trajectory, and high-quality reporting.6. Provide Security Domain Expertisea. Advise on practitioner workflows, assessment methodology, threat-modeling assumptions, exploitability expectations, remediation best practices, domain knowledge, and evaluation criteria.   Required QualificationsCandidates should have:

• 7+ years of hands-on experience in one or more areas, such as penetration testing, application/API security, cloud security, infrastructure security, red teaming, secure code review, product security, security architecture/design review, or security consulting.
• Strong practical knowledge of vulnerability discovery, validation, exploitability analysis, severity assessment, remediation validation, and security risk communication.
• Ability to conduct hands-on security assessments and clearly document methodology, coverage, findings, evidence, reproduction steps, severity, exploitability, and remediation recommendations.
• Ability to review security findings, source code, system designs, logs, tool outputs, execution traces, and technical reports.
• Ability to identify false positives, missed vulnerabilities, incomplete fixes, bypassable mitigations, residual risks, and appropriate defense-in-depth recommendations.
• Ability to configure, run, troubleshoot, and evaluate security tools, scanners, agentic systems, competitor offerings, or other automated or AI-assisted assessment platforms.
• Ability to diagnose gaps in AI-agent or automated-assessment outputs and provide practical recommendations for improvement.
• Familiarity with common security references and classification frameworks, such as OWASP, CWE, CVSS, MITRE ATT&CK, and cloud security best practices.

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Strong written and verbal communication skills, including the ability to explain technical findings clearly to engineering and security teams.
• Ability to work independently and collaborate effectively with technical teams.

Desired Profile

• Ideal candidates are hands-on security practitioners who can reason deeply about real-world vulnerabilities, validate evidence, assess practical exploitability, and communicate clearly with technical teams.
• They should be comfortable reviewing security artifacts, AI-agent outputs, and benchmarked tools, and able to provide pragmatic recommendations that improve security quality, agent behavior, and evaluation rigor.
• Location :: 100% Remote in USA

Salary and Other Compensation:The annual salary for this position is between [$135,000- $140,000k annually]. Factors which may affect pay within this range may include geography/market, skills, education, experience and other qualifications of the successful candidate.

Benefits: The Company offers the following benefits for this position, subject to applicable eligibility requirements: [medical insurance] [dental insurance] [vision insurance] [401(k) retirement plan] [long-term disability insurance] [short-term disability insurance] [personal days accrued each calendar year. The Paid time off benefits meet the paid sick and safe time laws that pertains to the City/ State] [12-15 days of paid vacation time] [6-8 weeks of paid parental leave after a year of service] [9 paid holidays and 2 floating holidays per calendar year] [Ascendion Learning Management System] [Tuition Reimbursement Program]

Want to change the world? Let us know.

Tell us about your experiences, education, and ambitions. Bring your knowledge, unique viewpoint, and creativity to the table. Let’s talk!