Security Research Engineer

About RunSybil

Founded in 2023 by Ari Herbert-Voss and Vlad Ionescu, RunSybil is on a mission to automate hacker intuition. We’re building Sybil: an AI-driven pentester that discovers vulnerabilities before they’re exploited. As adversaries adopt AI to increase their attack surface, we’re putting cutting-edge offensive security into the hands of defenders. Backed by strong investor support and early customer traction, our team is composed of experts from OpenAI, Meta, Mandiant, Palantir, Cruise, Trail of Bits, and Aptiv.

About the Role

We are looking for a Security Research Engineer who ships. You will own the research and development of offensive capabilities that power Sybil, working end-to-end from vulnerability discovery through production delivery. This is a role for someone who finds their own problems, builds their own solutions, and raises the bar for everyone around them.

You will work closely with our engineering and product teams to translate offensive security intuition into repeatable, AI-driven capabilities. If you thrive in ambiguity, move fast, and want your work to have a direct impact on a product customers rely on, this is the role for you.

What You Will Do

• Research and develop offensive agentic capabilities that become core Sybil features

• Hunt for real vulnerabilities across a range of target environments and translate what you find into repeatable, automated techniques

• Build and ship end-to-end customer-facing features: from research spike to production deployment

• Design and implement LLM-powered tooling that extends Sybil's reach and depth across attack surfaces

• Identify gaps in our offensive coverage and propose technical initiatives to close them, without waiting to be asked

• Contribute to technical design discussions, review your teammates' work, and hold a high bar for what we ship

• Operate with ownership: you define the problem, build the solution, and see it through
  

We’re looking for someone who brings:

• 4 or more years of software engineering experience, with meaningful time in offensive security contexts

• Hands-on experience finding vulnerabilities across a variety of targets, whether through red teaming, bug bounty, CTF, or production pentesting

• Strong Python fundamentals: you have designed, deployed, and maintained backend systems in production

• Comfort with modern JavaScript and React; you can own a feature across the full stack

• Experience building with LLMs or generative AI tools, including prompt engineering and integrating model outputs into real workflows

• A builder's instinct: you default to figuring things out, not waiting for direction

• Familiarity with DevOps and infrastructure concepts; you can own your own deployment pipeline

• Strong written communication; you can explain a vulnerability, a design decision, or a tradeoff clearly

Location: United States (Remote)

Salary: The base salary for this full-time position ranges from $170,000 - $210,000. In addition to base salary, we offer meaningful equity. We want everyone here to have ownership in what we're building.

Diverse teams build better products. RunSybil is committed to hiring people who bring different perspectives, lived experiences, and backgrounds to our work. We encourage candidates of all races, ethnicities, gender identity and expression, sexual orientation, disability or medical conditions, ages, religions, and socioeconomic backgrounds to apply. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. If you're excited about this role but don't check every box, we still want to hear from you.