Senior Security Engineer (AI Red Team & AI-Assisted Penetration Testing) (f/m/d)
About the Role
Location Germany Bayern Munich Company Siemens Energy Global GmbH & Co. KG Organization EVP Global Functions Business Unit Cybersecurity Full / Part time Full-time Experience Level Experienced Professional A Snapshot of Your Day
You start your day reviewing ongoing engagements and setting up AI-assisted reconnaissance and penetration tests in complex IT/OT environments. As you dig into systems, you combine automated insights with hands-on testing to uncover and validate vulnerabilities. Midday, you focus on evaluating and refining AI-driven security tools and workflows — checking their accuracy, validating results manually, and improving how they scale across projects. You also analyze AI-enabled applications, identifying risks like prompt injection or data leakage, and develop proof-of-concepts to demonstrate real impact. Throughout the day, you collaborate with engineers and stakeholders, translating findings into clear recommendations and helping teams strengthen their security posture. You wrap up by documenting results, sharing lessons learned, and contributing to better, more secure AI practices across the organization.
How You’ll Make an Impact
1. Assess IT/OT infrastructures, products and services using red team and penetration test methods with an explicit focus on AI-enabled/AI-targeting techniques (AI-assisted recon, vulnerability discovery, exploitation support, and reporting), while maintaining strong manual testing depth
2. Test and validate AI-driven security tools (, LLM-based pentest assistants, agentic scanning workflows, code-audit assistants) by defining evaluation criteria, benchmarking accuracy/coverage, and verifying results with reproducible manual validation
3. Design, build and continuously improve an AI-driven red team platform (workflow orchestration, knowledge base/RAG, tool integrations, auditability, …) to scale engagements safely and consistently across teams
4. Perform security assessments of AI-enabled products and AI including prompt injection, indirect prompt injection, tool/plugin abuse, data exfiltration, jailbreaks, insecure output handling, supply-chain risks, and model-level/ML pipeline threats
5. Drive vulnerability research and threat modeling for both classical and AI-specific attack paths; develop proof-of-concepts (scripts, harnesses, prompts, agent workflows) to demonstrate impact, rate findings (, CVSS where applicable), and provide clear remediation guidance
6. Communicate AI and security risks to engineers and management; run lessons learned; coach teams on secure-by-design AI adoption (guardrails, data handling, evaluation, monitoring) and contribute to internal standards, playbooks, and training
What You Bring
7. Bachelor’s degree (or higher) in Computer Science, IT, Engineering, Data Science, or related field; demonstrated specialization in cybersecurity and/or applied AI
8. Hands-on experience in penetration testing or red team, plus proven experience applying automation/AI to scale offensive security work (tooling, scripting, pipelines, or platforms)
9. Strong knowledge of modern attack methods and hands-on pentest toolchains (, Burp Suite, Nmap, Metasploit, Kali) combined with strong Python development skills and experience integrating/testing AI-based tools (LLM APIs, agent frameworks, retrieval, evaluation/benchmarking, and secure prompt engineering)
10. Ability to explain complex technical topics (security and AI) to both engineering teams and management, including limitations/uncertainty of AI-driven results and how they were validated
11. Practical experience assessing AI-enabled applications and architectures (APIs, microservices, cloud services, plugins/tools) and identifying AI-specific issues such as prompt injection, insecure tool invocation, data leakage via retrieval, and insecure output handling; experience with threat modeling is required
12. Proficiency in Python and at least one additional language (, C/C++, Java, .NET) plus solid understanding of ML/LLM fundamentals (training vs. inference, embeddings, retrieval, evaluation). Experience with CI/CD, containers, and MLOps/LLMOps concepts (model/prompt versioning, telemetry, secure deployment) is highly valued. OT/ICS know-how (PLC/SCADA) remains a plus
13. Fluent English (verbal and written) including security and AI terminology; German is a plus