Pentest Automation Engineer

XBOW

1d•Remote

About The Position

Build the future of offensive security with XBOW. Attackers are already using AI to move faster than defenders can react—we’re creating the platform that puts security ahead in the arms race. Our AI-powered system autonomously discovers, validates, and even exploits vulnerabilities, giving organizations proof-backed results in hours instead of weeks. Founded by Oege de Moor, creator of GitHub Copilot, and backed by Sequoia, Altimeter, and other leading investors, XBOW is applying cutting-edge AI to one of the world’s most urgent problems. In just over a year, our AI, built by a world-class AI team and legendary security researchers — has uncovered thousands of real-world zero-days across the software billions rely on, and achieved the #1 ranking on HackerOne’s global leaderboard. We’re a team of builders, hackers, and researchers who thrive on solving problems others think are impossible. If you want to push the boundaries of AI, reshape how security is done, and join the group defining this new era of defense — we’d love to talk. Your Role: Pentest Automation Engineer This role is responsible for designing, running, and maintaining an always-on testing program that applies XBOW across public bug bounty environments and partnered open-source projects. Day to day, the individual will build and operate fully automated systems that handle everything from reconnaissance and safety validation to target selection, attack execution, and results analysis. They will continuously evaluate which systems to test based on exposure and business impact, integrate new and experimental XBOW capabilities into live workflows, and ensure all activity stays compliant with program rules. A major focus of the role is developing and maintaining robust automation, internal tooling, and shared dashboards that give visibility into active testing efforts across the company.

Requirements

Profession experience with Typescript in automation tooling
Professional experience with AWS
Professional expertise in Linux, and CI/CD pipelines (in particular GitHub Actions) and other Infrastructure & DevOps tooling

Nice To Haves

Professional experience with Go or Python in automation tooling
Professional experience with additional cloud providers (GCP, Azure etc.)
Professional experience with DevOps and IaC technologies such as Kubernetes, Docker, Terraform

Responsibilities

Ownership and execution of a continuous program running XBOW against public bug bounty programs, e.g. companies using HackerOne.
Ownership and execution of a program running XBOW in collaboration with open-source projects (program to be launched in Q2).
Ensuring that targets are attackable and our activities would be within their bug-bounty scope.
Prioritizing targets based on attack surface and target value.
Incorporation of pre-release XBOW software (e.g. new attack techniques or validators) into the program schedule.
Full end-to-end automation of the attack pipeline, including: Scanning and reconnaissance infrastructure
Safety / compliance checks
Automated target prioritization and selection
Automated attack dispatch and management.
Tooling for triage and analysis of findings.
Company-wide dashboard for all active programs.

Benefits

Compensation & Equity: Competitive salary and a generous equity package, making you a true owner of the company.
Career Growth: Shape your role, lead the function, and grow with the company as we redefine cybersecurity.
Meaningful Work: You will tackle technically complex challenges and play a pivotal role in the growth of our business, working alongside an amazing team and some of the world’s experts to shape how AI transforms cybersecurity.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume