About Stone Cybersecurity
Stone Cybersecurity is a CREST-accredited cybersecurity company and a Cyber Security Agency (CSA) licensed provider, delivering advanced cybersecurity services across Offensive Security, AI Security, Governance, Risk & Compliance (GRC), and Managed Security Services.
Our consultants work with organisations across government, healthcare, financial services, critical infrastructure, manufacturing, education, and multinational enterprises to strengthen their cyber resilience through cutting-edge security assessments and advisory services.
Our service offerings include:
- AI Red Teaming
- Red Teaming & Adversary Simulation
- Vulnerability Assessment & Penetration Testing (Web, Mobile, API, Network, Cloud, OT & IoT)
- Secure Source Code Review
- Security Architecture Review
- Threat Modelling
- AI Security Assessments
- ISO/IEC 27001 Consulting & Internal Audits
- Cyber Essentials Mark (CEM)
- Cyber Trust Mark (CTM)
- Data Protection Trustmark (DPTM)
- Virtual CISO (vCISO)
- Managed Detection & Response (MDR)
- Security Operations Centre (SOC)
- Security Awareness Training & Phishing Simulation
About the Role
We are looking for a highly skilled, strategic, and detail-oriented Senior Offensive Security Consultant (AI Red Teaming) to join our growing Offensive Security team.
If you’re passionate about offensive security, enjoy thinking like an adversary, and want to help organisations secure next-generation AI systems alongside traditional enterprise environments, we’d love to hear from you.
In this role, you will lead and execute advanced AI Red Teaming engagements, penetration testing, secure source code reviews, and offensive security assessments across AI applications, cloud environments, enterprise infrastructure, web applications, APIs, mobile applications, and networks.
You will work directly with clients to identify security weaknesses, demonstrate real-world attack scenarios, and deliver practical remediation recommendations that strengthen their overall cybersecurity posture.
Key Responsibilities
AI Red Teaming
- Lead and execute end-to-end AI Red Teaming engagements against Large Language Models (LLMs), Retrieval-Augmented Generation (RAG) systems, AI Agents, and AI-powered applications.
- Conduct comprehensive multi-stage adversarial assessments including:ReconnaissancePrompt InjectionIndirect Prompt InjectionJailbreak TestingTool AbuseData ExfiltrationModel ManipulationPrivilege EscalationBusiness Logic Abuse
- Assess AI systems for:Prompt LeakageSensitive Data LeakageExcessive AgencyInsecure Output HandlingAI Supply Chain RisksUnsafe Tool UsageInsecure Integrations
Offensive Security
- Conduct Web Application Penetration Testing.
- Perform API Security Assessments.
- Conduct Mobile Application Penetration Testing (Android & iOS).
- Perform Thick Client Application Security Assessments.
- Conduct Internal and External Network Penetration Testing.
- Conduct Active Directory security assessments and privilege escalation testing.
- Perform secure source code reviews across modern programming languages.
- Execute Red Team exercises where required.
Client Engagement
- Produce high-quality technical reports with clear, actionable remediation recommendations.
- Present findings to technical teams, management, and executive stakeholders.
- Support remediation validation and retesting activities.
- Provide security advisory throughout client engagements.
Research & Innovation
- Stay current with emerging AI attack techniques, offensive security research, and cybersecurity trends.
- Contribute to internal methodologies, tooling, automation, and knowledge sharing.
- Assist in developing new AI Security and Offensive Security service offerings.
Requirements
Experience
- Minimum 3 years of hands-on experience in offensive security or penetration testing.
- Demonstrated experience conducting and leading enterprise AI Red Teaming engagements.
- Proven experience leading multi-stage offensive security assessments from reconnaissance through impact validation.
- Hands-on experience performing secure source code reviews.
- Experience conducting Web, API, Mobile, Thick Client, Infrastructure, Cloud, and Network Penetration Testing.
Technical Knowledge
Strong understanding of:
- OWASP Web Security Testing Guide (WSTG)
- OWASP ASVS
- OWASP API Security Top 10
- OWASP Top 10 for LLM Applications
- MITRE ATT&CK Framework
Hands-on experience with:
- Prompt Injection
- Indirect Prompt Injection
- Jailbreaking
- RAG Security
- AI Agent Security
- Tool Abuse
- Model Manipulation
- Sensitive Data Leakage
- AI Supply Chain Security
Experience using industry-standard offensive security tools including:
- Burp Suite Professional
- Nmap
- Metasploit
- Nessus
- BloodHound
- Impacket
- OWASP ZAP
- Mobile security testing tools
- AI security testing frameworks
Soft Skills
- Excellent analytical and problem-solving skills.
- Strong technical report writing and presentation abilities.
- Excellent verbal and written communication skills.
- Able to work independently and collaboratively in a client-facing consulting environment.
Certifications
Required
- OSCP (or equivalent offensive security certification)
- OffSec AI-300 or equivalent AI Offensive Security certification
- Certified Offensive AI Expert (COAE) – Hack The Box or equivalent
Preferred
- OSWE
- OSEP
- BSCP
- CREST CRT
- CREST CCSAS
- Cloud security certifications (AWS, Azure or GCP Security)
What We Offer
- Competitive remuneration with performance-based incentives.
- 20 days Annual Leave.
- Medical (Outpatient & Hospitalisation).
- Dental Benefits.
- Flexi-Benefits Scheme.
- Professional training budget and certification sponsorship.
- Opportunity to work on cutting-edge AI Security, AI Red Teaming, Red Teaming, and Offensive Security projects.
- Exposure to government agencies, financial institutions, healthcare organisations, critical infrastructure, and multinational enterprises.
- Clear technical and leadership career progression.
Why Join Stone Cybersecurity?
At Stone Cybersecurity, we believe great consultants are built through continuous learning, challenging engagements, and collaboration.
You’ll work alongside experienced offensive security professionals, contribute to pioneering AI Red Teaming engagements, and help organisations defend against the next generation of cyber threats.
If you’re passionate about pushing the boundaries of offensive security and making a real impact in cybersecurity, we’d love to have you on our team.