Security Researcher

***Candidate must be willing to work onsite three days a week in our Tel-Aviv, Israel office. ***

Lenovo Digital Trust Lab seeks for a hands-on and innovative Security Researcher with expertise in emerging AI/LLM threats to join our cutting-edge research team. This role will directly support our Hybrid AI initiative as well as our Device, Infrastructure, and Services security programs, focusing on advancing security, privacy, and trust through innovative research and applied AI.

You will work across disciplines to identify emerging threats and develop effective, AI-driven defenses—translating theoretical ideas into practical, real-world impact.

Job Responsibilities:

• Conduct in-depth research into AI/LLM threats, including model exploitation, prompt injection, MCP vulnerabilities, RAG risks.
• Evaluate attack vectors against AI systems (data poisoning, model extraction, jailbreaks, etc.) and propose defensive strategies.
• Conduct adversarial testing and security assessments on AI agents deployed on endpoints, identify vulnerabilities, and develop exploitation scenarios to evaluate system resilience
• Collaborate with researchers, engineers, and product leaders to integrate security features into real-world systems.
• Maintain awareness of the latest research and technologies in security, AI, and trust, and evaluate their relevance for our innovation pipeline.

Minimum Requirements:

• 3+ years of experience as Security Researcher.
• Familiarity with AI/LLM architectures and integration patterns (LLM, RAG, MCP, tool orchestration).
• Solid understanding of Windows internals (kernel, memory, processes, services, registry, drivers).
• Familiarity with cyber kill chain, MITRE ATT&CK tactics and techniques, and threat modeling methodologies.
• Hands-on experience with malware post-exploitation (Process Injection, DLL Hijacking, Privilege Escalation…)

Preferred Requirements:

• Experience with LLM-specific attack techniques (Prompt Injection, Jailbreak, RAG Pipeline Abuse, Model Extraction).
• Knowledge of agentic AI frameworks (LangChain, AutoGen, Semantic Kernel, etc.) and associated security risks.
• Familiarity with AI security toolkits (e.g., LLM-Guard, Garak, NeMo Guardrails, etc.).