Sr Principal Security Researcher (AI-Assisted Vulnerability Research)

About The Position

Requirements

• Master's degree in Computer Science, Cybersecurity, or a related technical field, or equivalent practical experience.
• Demonstrated ability to independently drive a technical research project from problem formulation to implementation, evaluation, and written results.
• Evidence of original security research or high-signal technical output, such as CVEs, responsible disclosures, bug bounty findings, security conference papers, technical writeups, GitHub projects, fuzzers, harnesses, exploit analyses, AI/security benchmarks, open-source security tools, or comparable research artifacts.
• 10+ years of experience in vulnerability research, offensive security research, reverse engineering, fuzzing, exploit development, program analysis, security automation, or a closely related security research role.
• Demonstrated experience in one or more of the following: vulnerability research, reverse engineering, fuzzing, exploit development, root-cause analysis, exploitability assessment, PoC development, patch analysis, program analysis, or security tooling.
• Experience designing or building reproducible security experiments, including target setup, harness development, validation logic, oracle design, evaluation metrics, false-positive analysis, or reporting workflows.
• Strong programming skills.
• Strong knowledge of modern operating systems, network protocols, application security, software vulnerability classes, and common exploitation or validation techniques.
• Strong written communication skills, including the ability to document methods, evidence, limitations, reproduction steps, impact, and remediation guidance clearly.

Nice To Haves

• PhD in Computer Science, Cybersecurity, AI/ML, Systems, Programming Languages, or a related field, or equivalent demonstrated research experience.
• Experience building AI agent harnesses, fuzzing harnesses, evaluation harnesses, vulnerability validation workflows, exploitability triage systems, patch validation pipelines, security benchmarks, or open-source vulnerability research tooling.
• Experience handling real vulnerabilities end-to-end, including target selection, environment setup, harnessing, reproduction, root-cause analysis, exploitability assessment, patch comparison, responsible disclosure, and maintainer communication.
• Knowledge of security in one or more of the following areas: Web Security, OS & Kernel Security, Browser Security, Software Supply Chain Security, OT/IoT Security, Network/Protocol Security, Cloud Security, Application Security, file parser security, or protocol parser security.
• Strong practical artifacts are highly valued.
• A public track record of security research, such as conference presentations, publications, CVEs, responsible disclosures, bug bounty results, technical blogs, GitHub projects, open-source security tools, AI/security benchmarks, agent frameworks, or security research artifacts.
• High-impact maintainer relationships, experience reporting vulnerabilities to major open-source projects, or a track record of clear, actionable, well-received vulnerability disclosures is a strong plus.

Responsibilities

• Design, build, and improve AI/security harnesses for vulnerability research, with emphasis on reproducibility, validation quality, exploitability clarity, false-positive reduction, and stable evidence generation.
• Produce high-quality research and security artifacts, such as improved harness capabilities, validated findings, root-cause analyses, technical reports, benchmarks, internal research artifacts, open-source tools, responsible disclosures, publications, or CVEs where appropriate.
• Conduct deep technical analysis across real-world software and open-source projects, including reverse engineering, fuzzing, root-cause analysis, exploitability assessment, patch analysis, variant analysis, and PoC validation.
• Build reusable research infrastructure, including target setup automation, fuzzing harnesses, AI agent workflows, benchmark environments, validation oracles, triage pipelines, evaluation metrics, and maintainer-facing reporting workflows.
• Use LLMs, AI agents, fuzzing, static/dynamic analysis, program analysis, reverse engineering automation, and security automation to improve the quality, speed, coverage, and reliability of vulnerability research workflows.
• Analyze large-scale harness outputs, including successful findings, failed attempts, crash clusters, validation traces, false positives, patch comparisons, and target patterns, to identify new research opportunities and improve future harness capabilities.

Benefits

• Restricted stock units
• Bonus
• Employee benefits may be found here.