Cybersecurity Engineer, Offensive Security

Mistral AI Mistral AI · AI Frontier · Paris, France · Engineering & Infra

Security Researcher focused on offensive security for agentic AI systems, cloud infrastructure, and foundational models. Responsibilities include vulnerability hunting, red/purple teaming, penetration testing, and building offensive tooling. Requires deep knowledge of AI/ML security risks and experience with modern tech stacks.

What you'd actually do

  1. Proactively hunt for vulnerabilities in the interactions between our agentic applications, cloud infrastructure, and foundational models, with a focus on realistic, high-impact attack vectors.
  2. Design and execute red and purple team exercises, simulating sophisticated adversarial scenarios to stress-test our defenses and refine our detection capabilities.
  3. Partner with defensive teams to translate offensive insights into actionable improvements, from detection engineering to incident response.
  4. Conduct in-depth penetration testing across our product suite, including AI-driven workflows, custom infrastructure, and user-facing interfaces.
  5. Build and automate offensive tooling to scale your impact, leveraging cutting-edge techniques to stay ahead of emerging threats.

Skills

Required

  • 7+ years of offensive security experience
  • Deep knowledge of AI/ML security risks
  • Hands-on experience assessing modern technology stacks (Kubernetes, cloud-native, CI/CD, macOS/Linux internals, Python/React, data science toolchains, AI/ML infrastructure)
  • Ability to write robust tools and automate offensive workflows
  • Strong intuition for trust boundaries and risk assessment
  • Outstanding communication skills

Nice to have

  • Background in AI, data science, or related fields
  • Experience in high-growth startups or research-driven organizations
  • Expertise in adjacent disciplines (software engineering, detection engineering, SRE, security architecture)

What the JD emphasized

  • AI/ML security risks
  • prompt injection
  • data leakage
  • model manipulation
  • abuses of dynamic UI components
  • offensive security experience
  • identifying and exploiting subtle vulnerabilities

Other signals

  • AI safety
  • agentic systems
  • offensive security