Applied Cybersecurity AI Researcher
Lazarus AI · Boston, Massachusetts, United States; United States
$180–200k
mid
cybersecurity
Apply on Lazarus AI →
We help organizations move AI out of experimentation and into production — safely, reliably, and at scale. From inconsistent performance to limited transparency and challenges with integration and long-term viability, our Applied Intelligence Engine solves the risks that cause most AI initiatives to stall.
Built for some of the most highly regulated industries in the world, we enable teams to deploy AI systems that are auditable, explainable, and aligned with real-world constraints. Our solutions introduce structure, visibility, and control into how AI operates, turning advanced capabilities into a dependable, production-grade infrastructure so our customers can move faster and scale with confidence.
Job Overview
You’ll help build Clearwing: an AI-native cybersecurity system for autonomous vulnerability discovery, exploit validation, pen-testing, reverse engineering, and security reporting. You’ll combine hands-on offensive security work with LLM agent development, eval design, and product engineering. The ideal candidate can chase real bugs, validate exploitability, write production-quality Python, and turn exploratory research into repeatable security capabilities.
Responsibilities
Develop AI-assisted vulnerability discovery workflows for source code, binaries, networks, and live systems.
Build and improve Clearwing’s source-code hunting, network pen-testing, N-day exploit, reverse engineering, and validation pipelines.
Design agentic workflows for reconnaissance, static analysis, dynamic testing, exploit development, patch validation, and reporting.
Perform static analysis to identify vulnerable patterns, reachable attack surfaces, and exploitability conditions.
Conduct authorized live testing against networks, services, containers, lab targets, and operational environments.
Develop and validate proof-of-concept exploits in controlled, authorized settings.
Build evaluation harnesses for vulnerability discovery quality, false positives, exploitability, reproducibility, and model/tool performance.
Improve safety, authorization, auditability, guardrails, and human-in-the-loop controls for dual-use cybersecurity capabilities.
Work with AI researchers and engineers to improve prompts, tools, agent loops, memory systems, scoring systems, and model-routing strategies.
Produce clear technical reports with evidence, reproduction steps, impact analysis, and remediation guidance.
Requirements
3+ years of hands-on cybersecurity experience in vulnerability research, penetration testing, exploit development, reverse engineering, or security engineering.
Practical experience with at least two of:
Static analysis
Dynamic analysis
Binary exploitation
Web application security
Network penetration testing
Cloud/container security
Malware analysis or reverse engineering
Detection engineering
Strong Python skills and comfort building automation around security tools
Familiarity with Linux, Docker, Kali/security tooling, Git, CI, and shell workflows
Ability to reason from vulnerability signal to exploitability, impact, evidence quality, and remediation
Experience working with LLMs, agents, prompt engineering, evals, or AI-assisted security workflows
Strong written communication skills for technical findings, customer-facing reports, and internal research notes
Clear judgment around authorization, responsible disclosure, and dual-use security tooling
Nice-to-haves
Experience with Ghidra, IDA, Binary Ninja, angr, Semgrep, CodeQL, Joern, AFL++, libFuzzer, ASan/UBSan, or OSS-Fuzz
Experience developing exploits for memory corruption, deserialization, auth bypass, SSRF, RCE, sandbox escape, or supply-chain vulnerabilities
Experience with CVE reproduction, N-day analysis, patch diffing, or exploit validation
Experience building LLM agents, tool-using systems, ReAct loops, eval harnesses, or synthetic-data pipelines
Familiarity with SARIF, CVSS, CWE, MITRE ATT&CK, MITRE CVE workflows, HackerOne/Bugcrowd-style disclosure, or government security reporting
Experience with Rust, Go, C/C++, or systems programming
Prior work with security products, autonomous agents, fuzzing infrastructure, or government/security customers
Benefits
Comprehensive benefits package, including health, dental, and vision insurance, as well as retirement savings plans
Opportunities for growth and professional development
A collaborative and supportive company culture that values diversity and inclusion
Access to cutting-edge technology and resources for research and development
Compensation (commensurate with experience): $180,000 - $200,000 (base salary) + equity
Preferred Locations: AZ, CA, CO, CT, DC, FL, KS, ME, MD, MA, MN, NV, NH, NJ, NM, NY, PA, SC, TX, VA, WA
Lazarus AI is an equal opportunity employer. We are committed to equal employment opportunity and nondiscrimination for all employees and qualified applicants without regard to a person's race, color, gender, age, religion, national origin, ancestry, disability, veteran status, genetic information, sexual orientation or any characteristic protected under applicable law. We do not tolerate discrimination or harassment of any kind. This applies to every aspect of employment at Lazarus, including, but not limited to, employment, training, promotion, demotion, transfer, leaves of absence and termination.
Posted 2026-06-22