Applied Cybersecurity AI Researcher
Job Overview
Responsibilities
Requirements
Benefits
Pay
Schedule
The ideal candidate can chase real bugs, validate exploitability, write production-quality Python, and turn exploratory research into repeatable security capabilities.
- Develop AI-assisted vulnerability discovery workflows for source code, binaries, networks, and live systems.
- Build and improve Clearwing’s source-code hunting, network pen-testing, N-day exploit, reverse engineering, and validation pipelines.
- Design agentic workflows for reconnaissance, static analysis, dynamic testing, exploit development, patch validation, and reporting.
- Conduct authorized live testing against networks, services, containers, lab targets, and operational environments.
- Develop and validate proof-of-concept exploits in controlled, authorized settings.
- Develop evaluation harnesses for vulnerability discovery quality, false positives, exploitability, reproducibility, and model/tool performance.
- Improve safety, authorization, auditability, guardrails, and human-in-the-loop controls for dual-use cybersecurity capabilities.
- Work with AI researchers and engineers to improve prompts, tools, agent loops, memory systems, scoring systems, and model-routing strategies.
- Produce clear technical reports with evidence, reproduction steps, impact analysis, and remediation guidance.
You’ll help build Clearwing: an AI-native cybersecurity system for autonomous vulnerability discovery, exploit validation, pen-testing, reverse engineering, and security reporting.
You’ll combine hands-on offensive security work with LLM agent development, eval design, and product engineering.
3+ years of hands-on cybersecurity experience in vulnerability research, penetration testing, exploit development, reverse engineering, or security engineering.
- Practical experience with at least two of: Static analysis, Dynamic analysis, Binary exploitation, Web application security, Network penetration testing, Cloud/container security, Malware analysis or reverse engineering, Detection engineering.
- Strong Python skills and comfort building automation around security tools.
- Familiarity with Linux, Docker, Kali/security tooling, Git, CI, and shell workflows.
- Experience working with LLMs, agents, prompt engineering, evals, or AI-assisted security workflows.
- Strong written communication skills for technical findings, customer-facing reports, and internal research notes.
- Clear judgment around authorization, responsible disclosure, and dual-use security tooling.
Nice-to-haves:
- Experience with Ghidra, IDA, Binary Ninja, angr, Semgrep, CodeQL, Joern, AFL++, libFuzzer, ASan/UBSan, or OSS-Fuzz.
- Experience developing exploits for memory corruption, deserialization, auth bypass, SSRF, RCE, sandbox escape, or supply-chain vulnerabilities.
- Experience with CVE reproduction, N-day analysis, patch diffing, or exploit validation.
- Experience building LLM agents, tool-using systems, ReAct loops, eval harnesses, or synthetic-data pipelines.
- Familiarity with SARIF, CVSS, CWE, MITRE ATT&CK, MITRE CVE workflows, HackerOne/Bugcrowd-style disclosure, or government security reporting.
- Experience with Rust, Go, C/C++, or systems programming.
- Prior work with security products, autonomous agents, fuzzing infrastructure, or government/security customers.
Comprehensive benefits package, including health, dental, and vision insurance, as well as retirement savings plans.
Opportunities for growth and professional development.
A collaborative and supportive company culture that values diversity and inclusion.
Access to cutting-edge technology and resources for research and development.
Career path opportunities.
Compensation (commensurate with experience): $180,000 - $200,000 (base salary) + equity.
Preferred Locations: AZ, CA, CO, CT, DC, FL, KS, ME, MD, MA, MN, NV, NH, NJ, NM, NY, PA, SC, TX, VA, WA.