Pentester

About XBOW Build the future of offensive security with XBOW. Attackers are already using AI to move faster than defenders can react - we’re creating the platform that puts security ahead in the arms race. Our AI-powered system autonomously discovers, validates, and even exploits vulnerabilities, giving organizations proof-backed results in hours instead of weeks. Founded by Oege de Moor, creator of GitHub Copilot, and backed by Sequoia, Altimeter, and other leading investors, XBOW is applying cutting-edge AI to one of the world’s most urgent problems. In just over a year, our AI, built by a world-class AI team and legendary security researchers - has uncovered thousands of real-world zero-days across the software billions rely on, and achieved the #1 ranking on HackerOne’s global leaderboard. We’re a team of builders, hackers, and researchers who thrive on solving problems others think are impossible. If you want to push the boundaries of AI, reshape how security is done, and join the group defining this new era of defense - we’d love to talk. Your Role: Pentester We’re looking for a Pentester with deep penetration testing and reverse engineering experience to help validate, triage, and refine the output of our AI-powered offensive engine. In this role, you’ll work at the cutting edge of offensive security - distilling real vulnerabilities from noise, reverse-engineering false positives, and shaping the signals that guide our product forward. You’ll collaborate closely with Product, R&D, AI researchers, and our Security team to ensure the system produces high-quality, proof-backed findings. You’ll become a critical bridge between customers, engineering, and research - helping us validate real-world impact, understand emerging exploit patterns, and continuously improve our attack logic. If you’re excited by deep technical work and shaping a next-generation offensive security platform, you’ll thrive here. What you will do

• Triage output from our AI offensive engine, validating real vulnerabilities and separating signal from noise.
• Vulnerability analysis of false positives to identify root causes, improve detection logic, and refine model behavior.
• Collaborate with Product, R&D, and AI teams to provide structured feedback on exploit quality, edge cases, and system behavior.
• Analyze discovered vulnerabilities in depth and support AI driven reporting
• Support customers by helping them understand findings, reproduce issues, and validate impacts.
• Develop repeatable methodologies for evaluating exploit chains, proof-of-concept behavior, and attack patterns.
• Own investigations end-to-end, from initial triage to deep-dive analysis to final recommendations for fix or model improvement.
• Continuously research new vulnerability classes, exploitation techniques, and reverse engineering workflows to help evolve the platform.

Skills and qualifications Essential:

• Deep hands-on penetration testing experience, primarily in application, web and cloud
• Experience validating and reproducing vulnerabilities, including crafting PoCs and assessing exploitability.
• Strong ability to distinguish real issues from false positives, with a methodical and evidence-driven mindset.
• Experience with common offensive tooling (Burp, Nmap, Metasploit, Ghidra, IDA, custom scripts, etc.).
• Strong written communication skills - able to clearly articulate technical findings to both engineers and customers.
• Comfort working in fast-moving, ambiguous environments where problems are not fully defined.
• Curiosity, adaptability, and a willingness to dive deep and learn continuously.

Advantageous:

• Prior experience collaborating closely with software engineering, research, or product teams.
• Background in exploit development, fuzzing, or vulnerability research.
• Experience with large-scale systems, cloud environments, or CI/CD security.
• Experience contributing to or building offensive security tooling.
• Prior work in an early-stage startup or a high-velocity research environment.
• Experience in customer-facing technical roles and/or consulting.

What we offer Compensation & Equity: Competitive salary and a generous equity package, making you a true owner of the company. Career Growth: Shape your role, influence product direction, and grow with the company as we redefine cybersecurity. Meaningful Work: You will work on some of the most technically challenging problems in security and help define how AI transforms offensive security - alongside world-class engineers, researchers, and hackers. What else you should know Location: Remote (all team members are remote but we meet regularly and you’re supported to travel to collaborate with colleagues in person) Contract: Full-time. Hiring Process:

• 30-min introductory chat with Senior Talent Partner, Chris Martocchia.
• 45 minutes with our Offensive Security Leader, Diego Sor.
• 1-2 hour technical deep dive focused on real-world triage and attack analysis with two members of the security team.

We aren’t focused on seniority titles at XBOW - so if you’re worried about “leveling,” don’t be. We care a lot more about mission fit, capability, and impact than what’s on your LinkedIn headline. We believe in people who are driven by curiosity and a willingness to learn. Even if you don’t check every box, we encourage you to apply if you’re excited about the role and our mission.