Overview
Our CompanyChanging the world through digital experiences is what Adobe’s all about. We give everyone—from emerging artists to global brands—everything they need to design and deliver exceptional digital experiences! We’re passionate about empowering people to create beautiful and powerful images, videos, and apps, and transform how companies interact with customers across every screen.
We’re on a mission to hire the very best and are committed to creating exceptional employee experiences where everyone is respected and has access to equal opportunity. We realize that new ideas can come from everywhere in the organization, and we know the next big idea could be yours!
About The Role
Adobe’s Internal Pentest team is seeking a skilled and motivated Penetration Tester to conduct comprehensive security assessments across Adobe's product portfolio and infrastructure. Responsibilities include testing web, mobile, and desktop applications, as well as cloud environments, AI/LLM systems, and supporting infrastructure for security vulnerabilities. The successful candidate will report findings with clear risk assessments and provide actionable remediation guidance. This is a hands-on technical position focusing on identifying weaknesses and collaborating to enhance the security of Adobe’s products and platforms.
What You’ll Do
- Conduct penetration tests on AI/LLM systems (prompt injection, model poisoning, jailbreaks etc), web applications, APIs, mobile apps, cloud infrastructure, containers, and infrastructure
- Identify and exploit vulnerabilities including authentication/authorization flaws, business logic issues, and chained attacks
- Develop custom scripts and tools using Python, Go, or PowerShell to automate testing processes
- Deliver clear, actionable reports and provide remediation guidance to engineering and product teams
- Manage full lifecycle of penetration testing engagements from scoping to execution and delivery
- Collaborate with engineering and product teams
- Research emerging AI/ML exploits and attack techniques to stay ahead of threats
- Enhance testing methodologies and contribute to internal knowledge base
- Requirements
- Experience & Skills
- 3-7 years of penetration testing experience across various asset types
- Understanding of AI/ML security, LLM vulnerabilities, and prompt engineering attacks
- Strong knowledge of OWASP Top 10, OWASP API Top 10, and OWASP LLM Top 10
- Programming/scripting in at least one language: Python, Bash, PowerShell, Go, JavaScript/React.
- Ability to read and understand source code, trace execution flows, and dynamically exploit vulnerabilities during live assessments
- Understanding of secure coding practices and common code-level vulnerabilities
- Experience with cloud security (AWS, Azure, GCP) and containers (Docker, Kubernetes)
- Knowledge of attack vectors, exploits, vulnerability exploitation, and chained attacks
- Strong written and verbal communication skills with ability to explain findings to technical and non-technical audiences
- Strong academic history (Master degree) in IT, Computer Science or other related fields; certifications such as GIAC GPEN, OSCP, OSWE, CRTP, eJPT, CREST, etc. are a plus.
- Certifications: OSCP, GXPN, GPEN, GWAPT, OSWE, CISSP, CEH, or equivalent
- Published CVEs demonstrating research capability
- Bug bounty or Capture The Flag (CTF) experience
- AI/ML security research experience
- Red Teaming and advanced exploitation experience
- Threat modeling and secure DevOps knowledge
Adobe is proud to be an Equal Employment Opportunity employer. We do not discriminate based on gender, race or color, ethnicity or national origin, age, disability, religion, sexual orientation, gender identity or expression, veteran status, or any other applicable characteristics protected by law. Learn more.
Adobe aims to make Adobe.com accessible to any and all users. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email accommodations@adobe.com or call (408) 536-3015.