Security Researcher

XBOW

1d•Remote

About The Position

Build the future of offensive security with XBOW. Attackers are already using AI to move faster than defenders can react—we’re creating the platform that puts security ahead in the arms race. Our AI-powered system autonomously discovers, validates, and even exploits vulnerabilities, giving organizations proof-backed results in hours instead of weeks. Founded by Oege de Moor, creator of GitHub Copilot, and backed by Sequoia, Altimeter, and other leading investors, XBOW is applying cutting-edge AI to one of the world’s most urgent problems. In just over a year, our AI, built by a world-class AI team and legendary security researchers — has uncovered thousands of real-world zero-days across the software billions rely on, and achieved the #1 ranking on HackerOne’s global leaderboard. We’re a team of builders, hackers, and researchers who thrive on solving problems others think are impossible. If you want to push the boundaries of AI, reshape how security is done, and join the group defining this new era of defense — we’d love to talk. Your Role: Security Researcher In this role, the individual will oversee and operate a continuous initiative deploying XBOW across public bug bounty programs and selected open-source projects, ensuring all activity stays within defined scope and platform guidelines. They will assess and rank targets based on exposure and potential impact, coordinate the rollout of new attack capabilities, and manage the flow of testing activity to balance coverage and capacity. A core part of the day-to-day involves reviewing and confirming vulnerabilities, preparing clear and credible disclosure reports, and maintaining strong relationships with bug bounty platforms and open-source communities. They will also contribute high-quality technical write-ups of notable discoveries for public or marketing use.

Requirements

Professional, hands-on, pentest or cybersecurity research skills.
Strong professional written English with a cybersecurity focus. Researchers will have an editor available before publication, but written work should be strong enough to be edited.

Nice To Haves

Experience working either side of a bug-bounty program
Professional writing in other languages

Responsibilities

Ownership and execution of a continuous program running XBOW against public bug bounty programs, e.g. companies using HackerOne.
Ownership and execution of a program running XBOW in collaboration with open-source projects (program to be launched in Q2).
Ensuring that targets are attackable and our activities would be within their bug-bounty scope.
Prioritizing targets based on attack surface and target value.
Incorporation of pre-release XBOW software (e.g. new attack techniques or validators) into the program schedule.
Managing the attack pipeline, including criteria for target prioritization and program capacity planning.
Validating findings and submitting disclosure reports. This includes a particular responsibility to make sure that our reports are high quality, free of “AI slop”, and well received by the target company.
Working with public bug-bounty platforms to ensure that our activity is well-understood by them and within their platform rules.
Working with open-source communities to build a public testing program.
Professional write-up of interesting findings or exploits, for marketing (e.g. blogs), or public presentation (e.g. Black Hat / DEFCON).

Benefits

Compensation & Equity: Competitive salary and a generous equity package, making you a true owner of the company.
Career Growth: Shape your role, lead the function, and grow with the company as we redefine cybersecurity.
Meaningful Work: You will tackle technically complex challenges and play a pivotal role in the growth of our business, working alongside an amazing team and some of the world’s experts to shape how AI transforms cybersecurity.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume