Security Researcher

About XBOW

XBOW is building the future of offensive security, leveraging AI to enable security teams to move faster than attackers. Our AI-powered system autonomously discovers, validates, and exploits vulnerabilities, delivering proof-backed results in hours. Founded by Oege de Moor (creator of GitHub Copilot) and backed by leading investors like Sequoia and Altimeter, XBOW applies cutting-edge AI to critical security problems. In just over a year, our AI has uncovered thousands of zero-days and achieved the #1 ranking on HackerOne’s global leaderboard. We are a team of builders, hackers, and researchers passionate about solving impossible problems and redefining cybersecurity with AI.

Your Role: Security Researcher

As a Security Researcher at XBOW, you will be instrumental in overseeing and operating a continuous initiative to deploy XBOW across public bug bounty programs and selected open-source projects. This role demands careful adherence to defined scope and platform guidelines. You will be responsible for assessing and prioritizing targets based on their exposure and potential impact, coordinating the rollout of new attack capabilities, and managing the flow of testing activity to ensure a balance of coverage and capacity.

A core part of your day-to-day will involve meticulously reviewing and confirming vulnerabilities, preparing clear and credible disclosure reports, and fostering strong relationships with bug bounty platforms and open-source communities. Additionally, you will contribute high-quality technical write-ups of notable discoveries for public and marketing purposes, showcasing XBOW's impact and expertise.

Responsibilities

• Own and execute a continuous program deploying XBOW against public bug bounty programs, e.g. companies using HackerOne.
• Own and execute a program deploying XBOW in collaboration with open-source projects (program to be launched in Q2).
• Ensure targets are attackable and activities remain within bug-bounty scope.
• Prioritize targets based on attack surface and target value.
• Incorporate pre-release XBOW software (e.g., new attack techniques, validators) into the program schedule.
• Manage the attack pipeline, including target prioritization criteria and program capacity planning.
• Validate findings and submit high-quality, "AI slop"-free disclosure reports well-received by target companies.
• Collaborate with public bug-bounty platforms to ensure activity is understood and within rules.
• Work with open-source communities to build a public testing program.
• Produce professional write-ups of interesting findings/exploits for marketing (blogs) or public presentation (e.g., Black Hat/DEFCON).

Skills and Qualifications

Essential

• Professional, hands-on pentest or cybersecurity research skills.
• Strong professional written English with a cybersecurity focus (editor available, but writing must be strong).

Advantageous

• Experience working either side of a bug-bounty program.
• Professional writing in other languages.

What XBOW Offers

• Compensation & Equity: Competitive salary and generous equity, making you a true owner.
• Career Growth: Shape your role, lead the function, and grow as we redefine cybersecurity.
• Meaningful Work: Tackle complex challenges, play a pivotal role in business growth, and work with world experts.

Key skills/competency

• Offensive Security
• Vulnerability Research
• Penetration Testing
• Bug Bounty Programs
• AI Security
• Cybersecurity Disclosure
• Technical Writing
• Risk Assessment
• Open Source Security
• Exploit Development