Applied Cybersecurity AI Researcher

We help organizations move AI out of experimentation and into production — safely, reliably, and at scale. From inconsistent performance to limited transparency and challenges with integration and long-term viability, our Applied Intelligence Engine solves the risks that cause most AI initiatives to stall.

Built for some of the most highly regulated industries in the world, we enable teams to deploy AI systems that are auditable, explainable, and aligned with real-world constraints. Our solutions introduce structure, visibility, and control into how AI operates, turning advanced capabilities into a dependable, production-grade infrastructure so our customers can move faster and scale with confidence.

Job Overview

You’ll help build Clearwing: an AI-native cybersecurity system for autonomous vulnerability discovery, exploit validation, pen-testing, reverse engineering, and security reporting. You’ll combine hands-on offensive security work with LLM agent development, eval design, and product engineering. The ideal candidate can chase real bugs, validate exploitability, write production-quality Python, and turn exploratory research into repeatable security capabilities.

Responsibilities

• Develop AI-assisted vulnerability discovery workflows for source code, binaries, networks, and live systems.
• Build and improve Clearwing’s source-code hunting, network pen-testing, N-day exploit, reverse engineering, and validation pipelines.
• Design agentic workflows for reconnaissance, static analysis, dynamic testing, exploit development, patch validation, and reporting.
• Perform static analysis to identify vulnerable patterns, reachable attack surfaces, and exploitability conditions.
• Conduct authorized live testing against networks, services, containers, lab targets, and operational environments.
• Develop and validate proof-of-concept exploits in controlled, authorized settings.
• Build evaluation harnesses for vulnerability discovery quality, false positives, exploitability, reproducibility, and model/tool performance.
• Improve safety, authorization, auditability, guardrails, and human-in-the-loop controls for dual-use cybersecurity capabilities.
• Work with AI researchers and engineers to improve prompts, tools, agent loops, memory systems, scoring systems, and model-routing strategies.
• Produce clear technical reports with evidence, reproduction steps, impact analysis, and remediation guidance.

Requirements

• 3 years of hands-on cybersecurity experience in vulnerability research, penetration testing, exploit development, reverse engineering, or security engineering.
• Practical experience with at least two of:
  • Static analysis
  • Dynamic analysis
  • Binary exploitation
  • Web application security
  • Network penetration testing
  • Cloud/container security
  • Malware analysis or reverse engineering
  • Detection engineering
• Strong Python skills and comfort building automation around security tools
• Familiarity with Linux, Docker, Kali/security tooling, Git, CI, and shell workflows
• Ability to reason from vulnerability signal to exploitability, impact, evidence quality, and remediation
• Experience working with LLMs, agents, prompt engineering, evals, or AI-assisted security workflows
• Strong written communication skills for technical findings, customer-facing reports, and internal research notes
• Clear judgment around authorization, responsible disclosure, and dual-use security tooling

Nice-to-haves

• Experience with Ghidra, IDA, Binary Ninja, angr, Semgrep, CodeQL, Joern, AFL , libFuzzer, ASan/UBSan, or OSS-Fuzz
• Experience developing exploits for memory corruption, deserialization, auth bypass, SSRF, RCE, sandbox escape, or supply-chain vulnerabilities
• Experience with CVE reproduction, N-day analysis, patch diffing, or exploit validation
• Experience building LLM agents, tool-using systems, ReAct loops, eval harnesses, or synthetic-data pipelines
• Familiarity with SARIF, CVSS, CWE, MITRE ATT&CK, MITRE CVE workflows, HackerOne/Bugcrowd-style disclosure, or government security reporting
• Experience with Rust, Go, C/C , or systems programming
• Prior work with security products, autonomous agents, fuzzing infrastructure, or government/security customers

Benefits

• Comprehensive benefits package, including health, dental, and vision insurance, as well as retirement savings plans
• Opportunities for growth and professional development
• A collaborative and supportive company culture that values diversity and inclusion
• Access to cutting-edge technology and resources for research and development
• Compensation (commensurate with experience): $180,000 - $200,000 (base salary) equity

Preferred Locations: AZ, CA, CO, CT, DC, FL, KS, ME, MD, MA, MN, NV, NH, NJ, NM, NY, PA, SC, TX, VA, WA

Lazarus AI is an equal opportunity employer. We are committed to equal employment opportunity and nondiscrimination for all employees and qualified applicants without regard to a person's race, color, gender, age, religion, national origin, ancestry, disability, veteran status, genetic information, sexual orientation or any characteristic protected under applicable law. We do not tolerate discrimination or harassment of any kind. This applies to every aspect of employment at Lazarus, including, but not limited to, employment, training, promotion, demotion, transfer, leaves of absence and termination.