Job Overview

You’ll help build Clearwing: an AI-native cybersecurity system for autonomous vulnerability discovery, exploit validation, pen-testing, reverse engineering, and security reporting. You’ll combine hands-on offensive security work with LLM agent development, eval design, and product engineering. The ideal candidate can chase real bugs, validate exploitability, write production-quality Python, and turn exploratory research into repeatable security capabilities.

Responsibilities

Develop AI-assisted vulnerability discovery workflows for source code, binaries, networks, and live systems.
Build and improve Clearwing’s source-code hunting, network pen-testing, N-day exploit, reverse engineering, and validation pipelines.
Design agentic workflows for reconnaissance, static analysis, dynamic testing, exploit development, patch validation, and reporting.
Perform static analysis to identify vulnerable patterns, reachable attack surfaces, and exploitability conditions.
Conduct authorized live testing against networks, services, containers, lab targets, and operational environments.
Develop and validate proof-of-concept exploits in controlled, authorized settings.
Build evaluation harnesses for vulnerability discovery quality, false positives, exploitability, reproducibility, and model/tool performance.
Improve safety, authorization, auditability, guardrails, and human-in-the-loop controls for dual-use cybersecurity capabilities.
Work with AI researchers and engineers to improve prompts, tools, agent loops, memory systems, scoring systems, and model-routing strategies.
Produce clear technical reports with evidence, reproduction steps, impact analysis, and remediation guidance.

Requirements

3+ years of hands-on cybersecurity experience in vulnerability research, penetration testing, exploit development, reverse engineering, or security engineering.
Practical experience with at least two of:
- Static analysis
- Dynamic analysis
- Binary exploitation
- Web application security
- Network penetration testing
- Cloud/container security
- Malware analysis or reverse engineering
- Detection engineering
Strong Python skills and comfort building automation around security tools
Familiarity with Linux, Docker, Kali/security tooling, Git, CI, and shell workflows
Ability to reason from vulnerability signal to exploitability, impact, evidence quality, and remediation
Experience working with LLMs, agents, prompt engineering, evals, or AI-assisted security workflows
Strong written communication skills for technical findings, customer-facing reports, and internal research notes
Clear judgment around authorization, responsible disclosure, and dual-use security tooling

Nice-to-haves

Experience with Ghidra, IDA, Binary Ninja, angr, Semgrep, CodeQL, Joern, AFL++, libFuzzer, ASan/UBSan, or OSS-Fuzz
Experience developing exploits for memory corruption, deserialization, auth bypass, SSRF, RCE, sandbox escape, or supply-chain vulnerabilities
Experience with CVE reproduction, N-day analysis, patch diffing, or exploit validation
Experience building LLM agents, tool-using systems, ReAct loops, eval harnesses, or synthetic-data pipelines
Familiarity with SARIF, CVSS, CWE, MITRE ATT&CK, MITRE CVE workflows, HackerOne/Bugcrowd-style disclosure, or government security reporting
Experience with Rust, Go, C/C++, or systems programming
Prior work with security products, autonomous agents, fuzzing infrastructure, or government/security customers

Benefits

Comprehensive benefits package, including health, dental, and vision insurance, as well as retirement savings plans
Opportunities for growth and professional development
A collaborative and supportive company culture that values diversity and inclusion
Access to cutting-edge technology and resources for research and development
Compensation (commensurate with experience): $180,000 - $200,000 (base salary) + equity

Preferred Locations: AZ, CA, CO, CT, DC, FL, KS, ME, MD, MA, MN, NV, NH, NJ, NM, NY, PA, SC, TX, VA, WA

Applied Cybersecurity AI Researcher

Description

Stack