Offensive Security Researcher, SEAR

About The Position

Requirements

• Solid grounding in common vulnerability classes (memory corruption, logic flaws, auth bypass)
• Proven experience in security research, vulnerability discovery, or offensive security (e.g., browsers, 0-click, messaging systems, distributed systems, or AI platforms)
• Strong understanding of modern AI/LLM systems and their failure modes (e.g., prompt injection, data exfiltration, model misuse)
• Experience applying AI/ML tools (e.g., LLMs, agents) to automate or augment security research workflows

Nice To Haves

• Experience attacking or defending agentic systems (multi-step AI workflows, tool-using agents, MCP-style integrations)
• Familiarity with prompt injection techniques, obfuscation (e.g., encoding-based bypasses), and model manipulation strategies
• Experience building or evaluating AI-driven vulnerability discovery pipelines
• Understanding of browser-based AI integrations and risks (e.g., agentic browsing, data boundary violations)
• Knowledge of capability-based security models or policy enforcement systems for AI agents
• Experience with reverse engineering and low-level systems (IDA, Ghidra, LLDB)
• Proficiency in one or more: Python, C/C++, Swift, Objective-C
• Familiarity with Apple platforms (iOS, macOS) and their security architecture

Responsibilities

• Identify and exploit vulnerabilities in AI-powered features and agentic systems across Apple platforms.
• Build offensive capabilities against autonomous systems.
• Anticipate how adversaries may exploit AI enabled systems in the wild.
• Conduct offensive research into AI-specific attack classes, including prompt injection, agentic data exfiltration and lateral movement, persistence mechanisms in AI workflows, AI-assisted vulnerability discovery and exploitation.