Application Security Researcher

We’re looking for an Application Security Researcher with strong penetration testing skills and a solid development or research background to join our Security Research group. This is a critical role where you’ll work closely with developers, researchers and AI & data scientists to build OX application security platform; working on cutting-edge autonomous agentic pentests 🚀

Responsibilities:

What You’ll Be Doing

You are coming here to solve the problem of Autonomous Offense.

• Architect the "Mind": You will design the decision-making core of our Agents. You’ll architect detection engines, design how to look at our massive data graph and leverage it for precise attacks.
• Weaponize the Context: You will invent new classes of automated attacks that are only possible because we have ASPM data. You are turning "observability" into "exploitability."
• Break New Ground: You will lead research on chaining logic flaws and complex vulnerabilities, moving the industry far beyond simple pattern matching.
• Engineer the Future: You will prototype, code, and ship. This is a hands-on role for a builder who wants to see their research running in production environments globally.
• Key member in a world-class security research group: Take active part of the ideation process and prototyping of new features and product offerings.
  
  

• 4+ years of experience in Application Security, Penetration Testing, or Secure Development
• Strong knowledge of common vulnerabilities (OWASP Top 10, etc.) and remediation techniques
• Experience with code-level analysis and familiarity with modern development stacks
• Team player who can communicate clearly with technical and non-technical stakeholders
• You have a deep background in Application Security or Red Teaming and the engineering chops to codify your intuition.
• You thrive in elite, fast-moving environments where the path forward isn't always mapped, and you are driven by the opportunity to define it yourself
• Familiarity with DevSecOps practices or security automation tools
  
  

• You Are a Builder-Breaker: You don’t just find bugs; you write the tools to find them faster. You are fluent in code and dangerous in a shell.
• You Have Deep Offensive Instincts: You’ve spent years in the trenches of AppSec, Red Teaming, or high-end Pentesting. You know how systems break, and you know how to teach a machine to spot those fractures.
• You Think in Graphs: You understand that modern security isn't a list of bugs; it's a web of connections. You get excited about traversing relationships between Code and Cloud.
• You Are Fearless: You want to work on the bleeding edge of AI and Security. You aren't afraid of hard engineering problems that have no Stack Overflow or ChatGPT answers.
  
  

• A track record of high-impact CVEs, public security research, podium appearances at elite conferences (BlackHat, DEFCON, etc.), or experience with bug bounty programs or red teaming.
• Proven software engineering experience or hands-on experience experimenting with LLMs or autonomous agents to solve complex security or automation puzzles.
• Passion for building secure products and empowering developers to do the same