Security Assurance (D)

Ovations Talent Sourcing

This is a 6 – month contract

Our client in the Fintech sector is seeking a AI Security Assurance. This is a highly technical, offensive security role focused entirely on testing, red-teaming, and verifying the security of an enterprise AI and Large Language Model (LLM) estate.

Rather than building the controls, you will act as the independent validator. You will exploit and break AI solutions—from the models themselves through to AI firewalls, retrieval-augmented generation (RAG) pipelines, and API gateways—providing evidence-based assurance that our systems are safe to deploy.

Responsibilities

  • AI Red-Teaming & Adversarial Testing: Design and execute advanced adversarial testing on LLMs and AI systems (including prompt injection, jailbreaks, data leakage, model poisoning, extraction, and evasion) mapping directly to OWASP Top 10 for LLM and MITRE ATLAS.
  • End-to-End Stack Verification: Test the complete AI infrastructure in production, validating that AI firewalls, API gateways, content moderation, rate limiting, and input/output guardrails function exactly as designed.
  • API & Integration Security: Perform deep security testing of AI/LLM API integrations, focus areas include authentication, authorization, token/secret handling, and abuse protection.
  • Supply Chain & Model Lineage: Conduct rigorous risk assessments on third-party foundation models, verifying model cards, dataset lineage, and provenance.
  • Governance & CAB Sign-Off: Provide independent, evidence-backed security-readiness reports and structural sign-off to the Change Advisory Board (CAB) prior to production deployments.
  • Automation & Threat tracking: Build automated testing pipelines for continuous AI red-teaming while monitoring the global threat landscape to update test cases against emerging exploit methods.

Requirements Include

  • Experience: Minimum 8–10 years in cybersecurity, with at least 5 years dedicated strictly to penetration testing, security testing, or red-teaming. Direct, demonstrable experience breaking AI/ML or LLM ecosystems is highly critical.
  • Technical Breadth: Strong hands-on exposure to API gateways (e.g., Azure API Management, Kong, Apigee), AI firewalls, content-filtering technologies, and securing data pipelines (RAG/vector stores).
  • Framework Mastery: Deep familiarity with OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, ISO/IEC 42001, and regulatory compliance mandates (POPIA, GDPR, PCI DSS).
  • Education & Certifications: Bachelor's or Master's degree in Computer Science or InfoSec. Highly preferred certifications include:
  • Offensive: OSCP, OSEP, GPEN, or CRTO.
  • General/Cloud: CISSP, CEH, and cloud-native security credentials (AWS/Azure/GCP).