AppSec Engineer

We're looking for a hands-on Cyber Security Engineer to sit at the intersection of AI-driven tooling and real-world security research. In this role, you'll own the end-to-end triage and validation lifecycle for vulnerability reports generated by our AI-powered static analysis platform, separating true positives from noise, writing proof-of-concept exploits, and reporting vulnerabilities upstream to the appropriate vendor.

This is a deeply technical role built for someone who thinks like an attacker, thrives in ambiguous environments, and has a track record of finding and exploiting vulnerabilities.

What You'll Do

• Triage and validate vulnerability reports produced by our AI static analysis tool, verifying severity, exploitability, and business impact

• Write proof-of-concept exploits for critical vulnerabilities to confirm true positives

• Analyze false positives to identify patterns and provide structured feedback to engineering

• Author detailed vulnerability reports that will be submitted to upstream vendors and open source projects

What We're Looking For

• Experience in a security engineering, vulnerability research, or penetration testing role

• Demonstrated CTF experience through participation in competitive CTFs (e.g. DEFCON, PlaidCTF) with writeups

• Hands-on real-world vulnerability research and exploitation experience is preferred

• Proficiency reading and auditing code across multiple programming languages

• Prior bug bounty participation is preferred

• Based in US or Canada