We’re looking for an
Application Security Researcher with strong penetration testing skills and a solid development or research background to join our Security Research group. This is a critical role where you’ll work closely with developers, researchers and AI & data scientists to build OX application security platform; working on cutting-edge autonomous agentic pentests 🚀
Responsibilities:
What You’ll Be Doing
You are coming here to
solve the problem of Autonomous Offense.
- Architect the "Mind": You will design the decision-making core of our Agents. You’ll architect detection engines, design how to look at our massive data graph and leverage it for precise attacks.
- Weaponize the Context: You will invent new classes of automated attacks that are only possible because we have ASPM data. You are turning "observability" into "exploitability."
- Break New Ground: You will lead research on chaining logic flaws and complex vulnerabilities, moving the industry far beyond simple pattern matching.
- Engineer the Future: You will prototype, code, and ship. This is a hands-on role for a builder who wants to see their research running in production environments globally.
- Key member in a world-class security research group: Take active part of the ideation process and prototyping of new features and product offerings.
Requirements:
What We’re Looking For
- 4+ years of experience in Application Security, Penetration Testing, or Secure Development
- Strong knowledge of common vulnerabilities (OWASP Top 10, etc.) and remediation techniques
- Experience with code-level analysis and familiarity with modern development stacks
- Team player who can communicate clearly with technical and non-technical stakeholders
- You have a deep background in Application Security or Red Teaming and the engineering chops to codify your intuition.
- You thrive in elite, fast-moving environments where the path forward isn't always mapped, and you are driven by the opportunity to define it yourself
- Familiarity with DevSecOps practices or security automation tools
The DNA We Are Looking For
We are looking for the
Top 1%. The outliers. The people who are bored by standard security roles.
- You Are a Builder-Breaker: You don’t just find bugs; you write the tools to find them faster. You are fluent in code and dangerous in a shell.
- You Have Deep Offensive Instincts: You’ve spent years in the trenches of AppSec, Red Teaming, or high-end Pentesting. You know how systems break, and you know how to teach a machine to spot those fractures.
- You Think in Graphs: You understand that modern security isn't a list of bugs; it's a web of connections. You get excited about traversing relationships between Code and Cloud.
- You Are Fearless: You want to work on the bleeding edge of AI and Security. You aren't afraid of hard engineering problems that have no Stack Overflow or ChatGPT answers.
Bonus Points For
- A track record of high-impact CVEs, public security research, podium appearances at elite conferences (BlackHat, DEFCON, etc.), or experience with bug bounty programs or red teaming.
- Proven software engineering experience or hands-on experience experimenting with LLMs or autonomous agents to solve complex security or automation puzzles.
- Passion for building secure products and empowering developers to do the same