Applied Cybersecurity AI Researcher

You’ll help build Clearwing: an AI-native cybersecurity system for autonomous vulnerability discovery, exploit validation, pen-testing, reverse engineering, and security reporting. You’ll combine hands-on offensive security work with LLM agent development, eval design, and product engineering. The ideal candidate can chase real bugs, validate exploitability, write production-quality Python, and turn exploratory research into repeatable security capabilities.

• →Develop AI-assisted vulnerability discovery workflows for source code, binaries, networks, and live systems.
• →Build and improve Clearwing’s source-code hunting, network pen-testing, N-day exploit, reverse engineering, and validation pipelines.
• →Design agentic workflows for reconnaissance, static analysis, dynamic testing, exploit development, patch validation, and reporting.
• →Perform static analysis to identify vulnerable patterns, reachable attack surfaces, and exploitability conditions.
• →Conduct authorized live testing against networks, services, containers, lab targets, and operational environments.
• →Develop and validate proof-of-concept exploits in controlled, authorized settings.
• →Build evaluation harnesses for vulnerability discovery quality, false positives, exploitability, reproducibility, and model/tool performance.
• →Improve safety, authorization, auditability, guardrails, and human-in-the-loop controls for dual-use cybersecurity capabilities.
• →Work with AI researchers and engineers to improve prompts, tools, agent loops, memory systems, scoring systems, and model-routing strategies.
• →Produce clear technical reports with evidence, reproduction steps, impact analysis, and remediation guidance.

• 3+ years of hands-on cybersecurity experience in vulnerability research, penetration testing, exploit development, reverse engineering, or security engineering.
• Practical experience with at least two of:
  • Static analysis
  • Dynamic analysis
  • Binary exploitation
  • Web application security
  • Network penetration testing
  • Cloud/container security
  • Malware analysis or reverse engineering
  • Detection engineering
• Strong Python skills and comfort building automation around security tools
• Familiarity with Linux, Docker, Kali/security tooling, Git, CI, and shell workflows
• Ability to reason from vulnerability signal to exploitability, impact, evidence quality, and remediation
• Experience working with LLMs, agents, prompt engineering, evals, or AI-assisted security workflows
• Strong written communication skills for technical findings, customer-facing reports, and internal research notes
• Clear judgment around authorization, responsible disclosure, and dual-use security tooling

• Experience with Ghidra, IDA, Binary Ninja, angr, Semgrep, CodeQL, Joern, AFL++, libFuzzer, ASan/UBSan, or OSS-Fuzz
• Experience developing exploits for memory corruption, deserialization, auth bypass, SSRF, RCE, sandbox escape, or supply-chain vulnerabilities
• Experience with CVE reproduction, N-day analysis, patch diffing, or exploit validation
• Experience building LLM agents, tool-using systems, ReAct loops, eval harnesses, or synthetic-data pipelines
• Familiarity with SARIF, CVSS, CWE, MITRE ATT&CK, MITRE CVE workflows, HackerOne/Bugcrowd-style disclosure, or government security reporting
• Experience with Rust, Go, C/C++, or systems programming
• Prior work with security products, autonomous agents, fuzzing infrastructure, or government/security customers