Security Engineer
Software Engineering
San Francisco, CA, USA
About XOR
XOR is a platform that helps world-class companies pushing the frontier of AI hire exceptional ML, RL, and AI engineering talent.
About Our Client
Our client is a well-funded AI startup working on next-generation training systems for large language models. The team is small, technical, and moving fast, with a strong focus on hands-on engineering over process.
About the Role
We’re looking for experienced Security / Cybersecurity Engineers to build systems that teach language models to reason about and solve real-world cybersecurity problems - from finding vulnerabilities in production codebases to generating working exploits and safely patching them. You'll join a small, high-ownership team contributing directly to core technical systems in this space.
What You'll Do
- Design and build systems that produce clean, learnable signals for language models on offensive and defensive security tasks across diverse programming languages
- Cover the full vulnerability lifecycle: discovery in source code, exploitation, patching
- Build systems for reverse engineering tasks across binaries, bytecode, and obfuscated code
- Construct verifiable signals using fuzzers, sanitizers, symbolic execution, static analyzers, exploit-success checks, and patch-correctness validation
- Collaborate with the team to build new tools that improve the overall process
What We're Looking For
- Strong security fundamentals across both offensive and defensive work - you read advisories, papers, and writeups, and understand vulnerabilities deeply
- Hands-on experience finding, exploiting, or patching real vulnerabilities through CTFs, bug bounty work, security research, red/blue team engagements, or shipped security work in industry
- Proficiency in Python and systems programming, plus comfort in at least one low-level language (C, C++, Rust) and one web/application stack
- Familiarity with security tooling: fuzzers, sanitizers, debuggers, disassemblers
- Ownership mentality and ability to drive solutions end-to-end
Nice to Have
- Published security research, CVEs, or notable bug bounty findings
- Strong CTF background or competitive results (DEF CON CTF or similar)
- Deep expertise in a specific area: binary exploitation, kernel security, browser/V8 internals, hypervisor security, cryptographic implementation, web application security, or cloud/container security
- Experience building fuzzing infrastructure, vulnerability scanners, or automated program analysis tools
- Experience with ML for code or security
