Staff Researcher - Security Expert Red Team

We are Lenovo. We do what we say. We own what we do. We WOW our customers.

Lenovo is a US$69 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).

This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub.

Lenovo Digital Trust Lab is hiring a hands-on Security Expert Red Team to lead offensive security efforts against our hybrid AI systems, LLM pipelines, and agentic architectures. This role combines expert manual red-teaming (threat emulation, adversarial testing, prompt-injection hunts) with building automation and tooling to scale repeatable adversary simulations across data, model, inference, tool integrations, and orchestration stages.

You will partner closely with the Hybrid AI Security team to discover real-world weaknesses, harden controls, and operationalize red-team findings into continuous testing and CI/CD guardrails. The ideal candidate is a creative attacker, strong engineer who can both run deep manual engagements and deliver tooling that brings red-team rigor into engineering lifecycles.

Job Responsibilities

• Plan and execute manual red-team engagements against AI assets: model inference endpoints, agent toolchains, orchestration flows, data ingestion pipelines, and developer portals.
• Develop automated red-teaming tooling and test suites (fuzzers, prompt-injection harnesses, model-fuzz pipelines, adversarial example generators) integrated into CI/CD and MLOps pipelines.
• Design realistic adversary scenarios (supply-chain abuse, model theft/extraction, prompt/corruption injection, toxic output inducement, tool impersonation) and measure their impact.
• Partner with DT Lab researchers and security developers to convert findings into mitigations, controls, and repeatable tests (unit + integration + staging).
• Contribute to threat models, playbooks, and knowledge-sharing (internal docs, demos, optionally external publications where appropriate).
  
  

• 5+ years of offensive security / red-team / applied research experience, with demonstrated hands-on penetration testing of web/cloud/embedded systems.
• Strong software engineering skills (Python or similar) and experience building automation tooling.
• Practical experience attacking or evaluating ML systems, model endpoints, or agent frameworks (e.g., prompt injection, model extraction, poisoning scenarios).
• Solid knowledge of logging/telemetry, reproduction workflows, and vulnerability reporting.
  
  

• Prior experience with adversarial ML, generative model attacks, or building adversarial example generators.
• Experience with MLOps platforms (Kubeflow, MLflow, SageMaker, Databricks) and embedding security testing into model lifecycle.
• Familiarity with agent orchestration frameworks (LangChain, AutoGen, etc.) and tactics for tool-level abuse/impersonation.
• Knowledge of fuzzing frameworks, dynamic analysis, and infrastructure for large-scale automated tests.
• Track record of publishing tooling or research (open source or papers) in offensive security or ML security.