Active

Quick Apply

Posted: 4 days ago

Senior AI Security Engineer

Argentina

Cashea

Verified employer

Location

Argentina

Remote

Job type

Full-time

Industry

Other

Financial Services

Why This Role Matters

Hello! We are Cashea 👋 and our mission is to give Venezuelans back the opportunity to access credit through a BNPL business model. Since our launch in 2022, we have been dedicated to promoting financial inclusion. Today we have more than 9 million active users, both consumers and merchants, and we have become a trusted brand in Venezuela, winning hearts and minds.

About the role

The Senior AI Security Engineer is responsible for testing, attacking, and defending the company's generative AI implementations: proprietary AI products, internal platforms, agents, integrations, and coding assistants. Combines an offensive profile (prompt injection, jailbreaking, LLM and agent red teaming) with a defensive profile (guardrails, input/output controls, best practices and guidance to teams). Works with AppSec, DevSecOps, product and engineering.

Responsabilities:

Perform red teaming and penetration testing on AI deployments: proprietary products using LLMs, agents, chatbots, coding assistants and any generative interface. This includes direct and indirect prompt injection, jailbreaking, data exfiltration via outputs, system prompt leakage, excessive agency and tool misuse.
Assess the security of AI agents in production: permissions, tool use, function calling, plugins and autonomous action capabilities — identify abuse paths and confused-deputy scenarios.
Design and implement guardrails and defensive controls based on offensive findings: input/output validation, content filtering, hardening of system prompts, context-based access controls and action limits for agents.
Apply and operationalize controls from the OWASP Top 10 for LLM Applications, OWASP Top 10 for Agentic Applications and MITRE ATLAS across the organization’s products and platforms.
Test and validate the robustness of existing guardrails in internal platforms and in products that expose AI to end users.
Develop and maintain tools, scripts and automations for LLM red teaming, focusing on continuous and repeatable testing.
Document findings with actionable remediation playbooks and support development teams in fixing and preventing AI vulnerabilities.
Create and maintain best-practice standards for secure development with generative AI: how to build secure agents, how to integrate LLMs without exposing data, how to perform code review of AI-generated code.
Collaborate with the SOC to define alerts and detection based on attack patterns against LLMs and agents.

Requirements:

4+ years in Application Security, Penetration Testing or Security Engineering with demonstrable offensive testing experience.
Strong knowledge of OWASP: Top 10 Web, LLM Applications, API Security.
Hands-on experience attacking and/or defending systems with LLMs and generative AI: prompt injection, jailbreaking, data exfiltration, output manipulation, indirect prompt injection.
Understanding of generative AI architectures: how an LLM works, RAG, embeddings, function calling/tool use, context windows, system prompts, autonomous agents.
Experience in web application and API security.
Python for tooling development, testing scripts and automation.
Ability to document technical findings clearly and translate them into concrete actions for development teams.
Advanced English.

Why you'll love working at Cahsea

At Cashea, we have a work culture based on trust and purpose. If you need a clue as to why we are a good choice, these are our core values:

We don't work on autopilot. Everything we do is intentional. We love to develop ideas with full awareness of the impact they can have on our users.
Your creativity and curiosity are our most important assets.
Your voice matters. We listen and make space for ideas and feedback. Everyone belongs, and what's important to you is important to us.
We value transparency. Clarity keeps us connected and grounded.
Last but not least, we focus on real impact.

If you want to work with us, fill out the application. We'd love to meet you!

Who We Are, What We Stand For

Hello! We’re Cashea 👋, and we're on a mission to bring optimism back to Venezuelans 🇻🇪 by building innovative financial products. Since our launch in 2022, we've been dedicated to democratizing financial inclusion through cutting-edge technology. In that time, we've grown to serve over 10 million customers, developed a range of products for both consumers and merchants, and become a trusted name in Venezuela—winning both minds and hearts 💛.

Bring optimism back to Venezuelans 🇻🇪 by building innovative financial products.

Frequently Asked Questions

Is the Senior AI Security Engineer role at Cashea remote?

Yes, the position is fully remote.

What will I be doing day to day in this role?

Red team and pen test LLMs/agents, implement guardrails, automate testing in Python, and guide dev teams on remediation.

Which AI security frameworks and standards will I work with?

OWASP Top 10 (Web, LLM Applications, API Security) and MITRE ATLAS.

What offensive AI security testing is expected?

Prompt injection (direct/indirect), jailbreaking, data exfiltration, output manipulation, and system prompt leakage.

What defensive controls will I implement for LLMs and agents?

Input/output validation, content filtering, hardened system prompts, context-based access controls, and agent action limits.

What skills and experience are required for this role?

4+ years in AppSec/PenTest/SecEng, strong OWASP knowledge, web/API security, Python, and hands-on LLM/genAI attack/defense.

Who will I collaborate with across Cashea?

AppSec, DevSecOps, product, engineering, and the SOC for detections.

Where is this role based and what market does Cashea serve?

The role is remote; Cashea operates in Venezuela with a BNPL model and a large user base.

Posted by Cashea

At a glance

Workplace

Remote · Argentina

Employment

Full-time

Industry

Other · Financial Services

Language

English

Posted

4 days ago

Similar roles