About the role
TLDR: We're looking for an AI Red Team Engineer to break LLM-powered systems responsibly, automate the repetitive attacks, and turn their findings into clear evidence that powers customer demos, security reviews, and sales conversations. You'll own hands-on adversarial testing end to end: find the failure, prove it, script it, and write it up.
About us
White Circle is an AI Safety company building the safety, reliability, and optimization layer for AI systems. At the core of our platform are policies – simple natural-language rules that define what an AI model should and shouldn’t do. We automatically test, enforce, and continuously improve these policies at scale.
We’ve raised $11M from top funds, founders, and senior leaders at OpenAI, Anthropic, HuggingFace, Mistral, DeepMind, Datadog, Sentry, and others
We process over one hundred million API calls every month
We fine-tune and train our own LLMs so they run faster and cheaper than any open or proprietary model
We’re a small, highly focused team. If you want to work deeply on hard problems, see your work ship to production quickly, and influence how AI safety is actually built – you’re the one we need.
You will:
Red-team LLM-powered systems: chatbots, copilots, RAG pipelines, AI agents, tool-calling workflows, and API-based AI products.
Test for jailbreaks, prompt injection, system-prompt and tool leakage, sensitive-data and context leakage, unsafe outputs, policy bypass, tool misuse, excessive agency, resource and token-cost abuse, and business-logic abuse.
Write lightweight Python to automate attacks, run prompt sets, call model APIs, collect and score responses, and generate repeatable reports.
Build and maintain an internal attack library: prompts, scenarios, test cases, regression tests, scoring rubrics, and reusable demo cases.
Turn model failures into clear reports: what happened, why it matters, how to reproduce it, how severe it is, and how to fix it.
Convert successful attacks into regression tests and product requirements.
Track new red-team and safety techniques and fold the useful ones into our tests.
Support GTM by producing strong, credible evidence for customer demos, security reviews, and sales conversations.
You'll fit right in if you:
Genuinely love breaking things and reasoning adversarially.
Have a background in QA automation, AppSec, API/security/pen testing, or bug bounty.
Have strong Python scripting skills.
Have experience testing APIs, web apps, backends, or SaaS products.
Are hands-on with LLMs, prompts, system instructions, RAG, agents, and tool/function calling.
Understand LLM-specific abuse vectors (prompt injection, jailbreaks, data leakage, tool misuse, excessive agency, token-cost exhaustion).
Can find bypasses, abuse edge cases, chain failures, and reason about real-world impact.
Can separate real customer risk from low-impact prompt tricks.
Write clear, reproducible bug reports in clear English.
Can move fast without perfect requirements.
Hold a firm ethical line: you red-team to make systems safer, operate within scope and the law, and don't produce or traffic in genuinely harmful material.
A big plus:
Experience with Burp Suite, Postman, Playwright, pytest.
Experience with modern LLM red-teaming automated agents and pipelines.
Familiarity with LangChain, LangGraph, LlamaIndex, RAG pipelines, AI agents, tool/function calling, and LLM-as-judge evaluation.
Familiarity with OWASP LLM Top 10, OWASP Web Top 10, MITRE ATLAS, or other AI security taxonomies.
Experience testing RAG systems, AI agents, tool-calling workflows, browser agents, or internal copilots.
Experience writing customer-facing security reports.
Experience with trust & safety, abuse prevention, fraud, moderation, or platform security.
Experience building eval pipelines, regression suites, dashboards, or CI-friendly security tests.
A track record in CTFs, red-team competitions, or responsible-disclosure / bounty programs.
Why White Circle
Paid time off in line with your local regulations, no matter where you work from
Work from Paris (hybrid) + relocation package
Best medical insurance in France
All the hardware, tools, and services you need
Covered subscriptions for AI agents
Team off-sites twice a year: we've recently been to the Alps and to Saint-Tropez
How we hire
Intro call with HR (25 min)
Take-home test task
Technical interview (60 min)
Final call with CEO (45 min)
Please submit your application in English