Security Engineer

XOR.ai
XOR.ai

Software Engineering

San Francisco, CA, USA

Posted on Jul 5, 2026

About XOR

XOR is a platform that helps world-class companies pushing the frontier of AI hire exceptional ML, RL, and AI engineering talent.

About Our Client

Our client is a well-funded AI startup working on next-generation training systems for large language models. The team is small, technical, and moving fast, with a strong focus on hands-on engineering over process.

About the Role

We’re looking for experienced Security / Cybersecurity Engineers to build systems that teach language models to reason about and solve real-world cybersecurity problems - from finding vulnerabilities in production codebases to generating working exploits and safely patching them. You'll join a small, high-ownership team contributing directly to core technical systems in this space.

What You'll Do

  • Design and build systems that produce clean, learnable signals for language models on offensive and defensive security tasks across diverse programming languages
  • Cover the full vulnerability lifecycle: discovery in source code, exploitation, patching
  • Build systems for reverse engineering tasks across binaries, bytecode, and obfuscated code
  • Construct verifiable signals using fuzzers, sanitizers, symbolic execution, static analyzers, exploit-success checks, and patch-correctness validation
  • Collaborate with the team to build new tools that improve the overall process

What We're Looking For

  • Strong security fundamentals across both offensive and defensive work - you read advisories, papers, and writeups, and understand vulnerabilities deeply
  • Hands-on experience finding, exploiting, or patching real vulnerabilities through CTFs, bug bounty work, security research, red/blue team engagements, or shipped security work in industry
  • Proficiency in Python and systems programming, plus comfort in at least one low-level language (C, C++, Rust) and one web/application stack
  • Familiarity with security tooling: fuzzers, sanitizers, debuggers, disassemblers
  • Ownership mentality and ability to drive solutions end-to-end

Nice to Have

  • Published security research, CVEs, or notable bug bounty findings
  • Strong CTF background or competitive results (DEF CON CTF or similar)
  • Deep expertise in a specific area: binary exploitation, kernel security, browser/V8 internals, hypervisor security, cryptographic implementation, web application security, or cloud/container security
  • Experience building fuzzing infrastructure, vulnerability scanners, or automated program analysis tools
  • Experience with ML for code or security