Application Security Researcher

Description:

About the Position

Ox Security is the pioneer of Active ASPM, purpose-built to secure the modern software supply chain in the age of AI. While traditional tools overwhelm teams with endless alerts, Ox cuts through the noise to identify the critical 5% of risks - those that are truly reachable and exploitable. From GenAI-generated code to cloud runtime, we provide developers and security teams with the visibility and automation needed to ship secure software, faster.

We’re looking for a highly skilled Application Security Researcher to join our Security Research group and help us push the boundaries of modern AppSec. This is a critical, hands-on role where you’ll work closely with engineers, researchers, and AI & data scientists to build the next generation of application security - including autonomous, agentic pentesting capabilities.

This is not a typical AppSec role. You’ll be building, breaking, and redefining how offensive security works at scale.

What You’ll Be Doing

• Design and build detection engines and decision-making logic for autonomous security systems
• Develop new classes of automated attacks leveraging deep application and infrastructure context
• Conduct advanced research on chaining vulnerabilities, logic flaws, and complex attack paths
• Prototype, build, and ship security capabilities into production environments
• Collaborate with Product, Engineering, and Data teams to shape next-gen security features
• Analyze large-scale data to identify attack opportunities and improve detection accuracy
• Actively contribute to research direction, ideation, and innovation within the team

What We’re Looking For

• 4+ years of experience in Application Security, Penetration Testing, Red Teaming, or Secure Development
• Strong knowledge of common vulnerabilities (OWASP Top 10, etc.) and remediation techniques
• Experience with code-level analysis and modern development stacks
• Strong programming skills and hands-on technical capabilities
• Deep understanding of how systems break and how to exploit them
• Ability to communicate complex technical concepts clearly
• Team player who thrives in fast-paced, high-impact environments
• Familiarity with DevSecOps practices or security automation tools

The DNA We’re Looking For

• Builder–Breaker mindset: You don’t just find vulnerabilities - you build tools and systems to find them at scale
• Offensive instincts: Strong background in AppSec, Red Teaming, or advanced pentesting
• Systems thinker: You understand security as interconnected systems, not isolated issues
• Curious and fearless: You’re excited about working on cutting-edge problems in AI and security
• Ownership-driven: You thrive in environments with ambiguity and take initiative to define the path forward

Bonus Points For

• Public research, CVEs, or speaking experience (BlackHat, DEFCON, etc.)
• Experience with bug bounty programs or red teaming
• Strong software engineering background
• Hands-on experience with LLMs, autonomous agents, or security automation
• Passion for building secure products and empowering developers