AppSec Engineer

We're looking for a hands-on Cyber Security Engineer to sit at the intersection of AI-driven tooling and real-world security research. In this role, you'll own the end-to-end triage and validation lifecycle for vulnerability reports generated by our AI-powered static analysis platform, separating true positives from noise, writing proof-of-concept exploits, and reporting vulnerabilities upstream to the appropriate vendor.
 
This is a deeply technical role built for someone who thinks like an attacker, thrives in ambiguous environments, and has a track record of finding and exploiting vulnerabilities.
 
What You'll Do
Triage and validate vulnerability reports produced by our AI static analysis tool, verifying severity, exploitability, and business impact

Write proof-of-concept exploits for critical vulnerabilities to confirm true positives

Analyze false positives to identify patterns and provide structured feedback to engineering

Author detailed vulnerability reports that will be submitted to upstream vendors and open source projects

 
What We're Looking For
Experience in a security engineering, vulnerability research, or penetration testing role

Demonstrated CTF experience through participation in competitive CTFs (e.g. DEFCON, PlaidCTF) with writeups

Hands-on real-world vulnerability research and exploitation experience is preferred

Proficiency reading and auditing code across multiple programming languages

Prior bug bounty participation is preferred

Based in US or Canada