TLDR: We're looking for an AI Red Team Engineer to break LLM-powered systems responsibly, automate the repetitive attacks, and turn their findings into clear evidence that powers customer demos, security reviews, and sales conversations. You'll own hands-on adversarial testing end to end: find the failure, prove it, script it, and write it up.
About us
White Circle https://whitecircle.ai/ is an AI Safety company building the safety, reliability, and optimization layer for AI systems. At the core of our platform are policies – simple natural-language rules that define what an AI model should and shouldn’t do. We automatically test, enforce, and continuously improve these policies at scale.
- We’ve raised $11M from top funds, founders, and senior leaders at OpenAI, Anthropic, HuggingFace, Mistral, DeepMind, Datadog, Sentry, and others
- We process over one hundred million API calls every month
- We fine-tune and train our own LLMs so they run faster and cheaper than any open or proprietary model
We’re a small, highly focused team. If you want to work deeply on hard problems, see your work ship to production quickly, and influence how AI safety is actually built – you’re the one we need.
You will:
- Red-team LLM-powered systems: chatbots, copilots, RAG pipelines, AI agents, tool-calling workflows, and API-based AI products.
- Test for jailbreaks, prompt injection, system-prompt and tool leakage, sensitive-data and context leakage, unsafe outputs, policy bypass, tool misuse, excessive agency, resource and token-cost abuse, and business-logic abuse.
- Write lightweight Python to automate attacks, run prompt sets, call model APIs, collect and score responses, and generate repeatable reports.
- Build and maintain an internal attack library: prompts, scenarios, test cases, regression tests, scoring rubrics, and reusable demo cases.
- Turn model failures into clear reports: what happened, why it matters, how to reproduce it, how severe it is, and how to fix it.
- Convert successful attacks into regression tests and product requirements.
- Track new red-team and safety techniques and fold the useful ones into our tests.
- Support GTM by producing strong, credible evidence for customer demos, security reviews, and sales conversations.
You'll fit right in if you:
- Genuinely love breaking things and reasoning adversarially.
- Have a background in QA automation, AppSec, API/security/pen testing, or bug bounty.
- Have strong Python scripting skills.
- Have experience testing APIs, web apps, backends, or SaaS products.
- Are hands-on with LLMs, prompts, system instructions, RAG, agents, and tool/function calling.
- Understand LLM-specific abuse vectors (prompt injection, jailbreaks, data leakage, tool misuse, excessive agency, token-cost exhaustion).
- Can find bypasses, abuse edge cases, chain failures, and reason about real-world impact.
- Can separate real customer risk from low-impact prompt tricks.
- Write clear, reproducible bug reports in clear English.
- Can move fast without perfect requirements.
- Hold a firm ethical line: you red-team to make systems safer, operate within scope and the law, and don't produce or traffic in genuinely harmful material.
A BIG PLUS:
- Experience with Burp Suite, Postman, Playwright, pytest.
- Experience with modern LLM red-teaming automated agents and pipelines.
- Familiarity with LangChain, LangGraph, LlamaIndex, RAG pipelines, AI agents, tool/function calling, and LLM-as-judge evaluation.
- Familiarity with OWASP LLM Top 10, OWASP Web Top 10, MITRE ATLAS, or other AI security taxonomies.
- Experience testing RAG systems, AI agents, tool-calling workflows, browser agents, or internal copilots.
- Experience writing customer-facing security reports.
- Experience with trust & safety, abuse prevention, fraud, moderation, or platform security.
- Experience building eval pipelines, regression suites, dashboards, or CI-friendly security tests.
- A track record in CTFs, red-team competitions, or responsible-disclosure / bounty programs.
Why White Circle
- Paid time off in line with your local regulations, no matter where you work from
- Work from Paris (hybrid) + relocation package
- Best medical insurance in France
- All the hardware, tools, and services you need
- Covered subscriptions for AI agents
- Team off-sites twice a year: we've recently been to the Alps and to Saint-Tropez
How we hire
1. Intro call with HR (25 min)
2. Take-home test task
3. Technical interview (60 min)
4. Final call with CEO (45 min)
Please submit your application in English