Security Researcher

About The Position

Let’s cut to the chase. The world is waiting for a true Agentic Pentester - an autonomous entity that doesn’t just "scan" but thinks, reasons, and exploits like a human expert.

AI without context is just hallucination. OX is the Context King. We are an ASPM (Application Security Posture Management) powerhouse sitting on the ultimate offensive weapon: the Ground Truth. We have the full graph - code, infrastructure, lineage, and runtime state.

We don't need you to guess. We need you to architect the brain that uses this unfair data advantage to build the smartest, most lethal offensive engine the market has ever seen.

We’re looking for an Application Security Researcher with strong penetration testing skills and a solid development or research background to join our Security Research group. This is a critical role where you’ll work closely with developers and researchers to build OX application security platform.

Responsibilities

What You’ll Be Doing

You aren't coming here to maintain a tool. You are coming here to solve the problem of Autonomous Offense.

• Architect the "Mind": You will design the decision-making core of our Agent. You’ll teach it how to look at our massive data graph and leverage it for precise attacks.
• Weaponize the Context: You will invent new classes of automated attacks that are only possible because we have ASPM data. You are turning "observability" into "exploitability."
• Break New Ground: You will lead research on chaining logic flaws and complex vulnerabilities, moving the industry far beyond simple pattern matching.
• Engineer the Future: You will prototype, code, and ship. This is a hands-on role for a builder who wants to see their research running in production environments globally.
• Key member in a world-class security research group: Take active part of the ideation process and prototyping of new features and product offerings.
  
  

• 4+ years of experience in Application Security, Penetration Testing, or Secure Development
• Strong knowledge of common vulnerabilities (OWASP Top 10, etc.) and remediation techniques
• Experience with code-level analysis and familiarity with modern development stacks
• Team player who can communicate clearly with technical and non-technical stakeholders
• You have a deep background in Application Security or Red Teaming and the engineering chops to codify your intuition.
• You thrive in elite, fast-moving environments where the path forward isn't always mapped, and you are driven by the opportunity to define it yourself
• Familiarity with DevSecOps practices or security automation tools
  
  

• You Are a Builder-Breaker: You don’t just find bugs; you write the tools to find them faster. You are fluent in code and dangerous in a shell.
• You Have Deep Offensive Instincts: You’ve spent years in the trenches of AppSec, Red Teaming, or high-end Pentesting. You know how systems break, and you know how to teach a machine to spot those fractures.
• You Think in Graphs: You understand that modern security isn't a list of bugs; it's a web of connections. You get excited about traversing relationships between Code and Cloud.
• You Are Fearless: You want to work on the bleeding edge of AI and Security. You aren't afraid of hard engineering problems that have no Stack Overflow or ChatGPT answers.
  
  

• A track record of high-impact CVEs, public security research, podium appearances at elite conferences (BlackHat, DEFCON, etc.), or experience with bug bounty programs or red teaming.
• Proven software engineering experience or hands-on experience experimenting with LLMs or autonomous agents to solve complex security or automation puzzles.
• Passion for building secure products and empowering developers to do the same