AppSec Engineer

We're looking for a hands-on Cyber Security Engineer to sit at the intersection of AI-driven tooling and real-world security research. In this role, you'll own the end-to-end triage and validation lifecycle for vulnerability reports generated by our AI-powered static analysis platform, separating true positives from noise, writing proof-of-concept exploits, and reporting vulnerabilities upstream to the appropriate vendor. This is a deeply technical role built for someone who thinks like an attacker, thrives in ambiguous environments, and has a track record of finding and exploiting vulnerabilities.

What You'll Do

Triage and validate vulnerability reports produced by our AI static analysis tool, verifying severity, exploitability, and business impact Write proof-of-concept exploits for critical vulnerabilities to confirm true positives Analyze false positives to identify patterns and provide structured feedback to engineering Author detailed vulnerability reports that will be submitted to upstream vendors and open source projects

What We're Looking For

Experience in a security engineering, vulnerability research, or penetration testing role Demonstrated CTF experience through participation in competitive CTFs (e.g. DEFCON, PlaidCTF) with writeups Hands-on real-world vulnerability research and exploitation experience is preferred Proficiency reading and auditing code across multiple programming languages Prior bug bounty participation is preferred Based in US or Canada Apply To This Job