Security Researcher

Build the future of offensive security with XBOW. Attackers are already using AI to move faster than defenders can react—we’re creating the platform that puts security ahead in the arms race. Our AI-powered system autonomously discovers, validates, and even exploits vulnerabilities, giving organizations proof-backed results in hours instead of weeks. Founded by Oege de Moor, creator of GitHub Copilot, and backed by Sequoia, Altimeter, and other leading investors, XBOW is applying cutting-edge AI to one of the world’s most urgent problems. In just over a year, our AI, built by a world-class AI team and legendary security researchers — has uncovered thousands of real-world zero-days across the software billions rely on, and achieved the #1 ranking on HackerOne’s global leaderboard. We’re a team of builders, hackers, and researchers who thrive on solving problems others think are impossible. If you want to push the boundaries of AI, reshape how security is done, and join the group defining this new era of defense — we’d love to talk. Your Role: Security Researcher In this role, the individual will oversee and operate a continuous initiative deploying XBOW across public bug bounty programs and selected open-source projects, ensuring all activity stays within defined scope and platform guidelines. They will assess and rank targets based on exposure and potential impact, coordinate the rollout of new attack capabilities, and manage the flow of testing activity to balance coverage and capacity. A core part of the day-to-day involves reviewing and confirming vulnerabilities, preparing clear and credible disclosure reports, and maintaining strong relationships with bug bounty platforms and open-source communities. They will also contribute high-quality technical write-ups of notable discoveries for public or marketing use. Responsibilities:

• Ownership and execution of a continuous program running XBOW against public bug bounty programs, e.g. companies using HackerOne.
• Ownership and execution of a program running XBOW in collaboration with open-source projects (program to be launched in Q2).
• Ensuring that targets are attackable and our activities would be within their bug-bounty scope.
• Prioritizing targets based on attack surface and target value.
• Incorporation of pre-release XBOW software (e.g. new attack techniques or validators) into the program schedule.
• Managing the attack pipeline, including criteria for target prioritization and program capacity planning.
• Validating findings and submitting disclosure reports. This includes a particular responsibility to make sure that our reports are high quality, free of “AI slop”, and well received by the target company.
• Working with public bug-bounty platforms to ensure that our activity is well-understood by them and within their platform rules.
• Working with open-source communities to build a public testing program.
• Professional write-up of interesting findings or exploits, for marketing (e.g. blogs), or public presentation (e.g. Black Hat / DEFCON).

Skills and Qualifications Essential:

• Professional, hands-on, pentest or cybersecurity research skills.
• Strong professional written English with a cybersecurity focus. Researchers will have an editor available before publication, but written work should be strong enough to be edited.

Advantageous:

• Experience working either side of a bug-bounty program
• Professional writing in other languages

What we offer

• Compensation & Equity: Competitive salary and a generous equity package, making you a true owner of the company.
• Career Growth: Shape your role, lead the function, and grow with the company as we redefine cybersecurity.
• Meaningful Work: You will tackle technically complex challenges and play a pivotal role in the growth of our business, working alongside an amazing team and some of the world’s experts to shape how AI transforms cybersecurity.

What else you should know

• Location: Remote (all team members are remote but we meet regularly and you’re supported to travel to collaborate with colleagues in person)
• Contract: Full-time.

We aren't focused on seniority titles at XBOW—so if you’re worried about “leveling,” don’t be. We care a lot more about mission fit, capability, and impact than what’s on your LinkedIn headline. We believe in people who are driven by curiosity and a willingness to learn. Even if you don't check every box, we encourage you to apply if you're excited about the role and our mission. Apply tot his job Apply To this Job