The company is building production AI systems that automate cyber network operations end-to-end. It is already live with a paying customer and running pilots across the US, Europe, and APAC. Headquarters are in Washington DC, with auxiliary offices in Tel Aviv and London.
We are hiring Vulnerability Research Engineers to build systems for AI-driven vulnerability research and exploit development. This is not a prompt-engineering role. The work is low-level, technical, and close to the metal. You will help build systems that identify, analyze, reproduce, and scale vulnerability research workflows across real software and real environments. We are primarily looking for vulnerability researchers with strong low-level systems skills, reverse-engineering ability, and exploitation instincts. Exceptional low-level systems engineers with deep security-adjacent experience may also be considered.
What You’ll Own:
- Build production systems for AI-driven vulnerability research and exploit development.
- Develop tooling for vulnerability discovery, triage, reproduction, and validation at scale.
- Work across OS internals, binaries, runtimes, kernels, dynamic analysis, instrumentation, and low-level performance.
- Partner with vulnerability researchers, security operators, and engineers to automate manual cyber workflows.
- Own problems end-to-end, from research and design to shipped production code.
Requirements:
- 2+ years of vulnerability research, offensive security, or low-level engineering experience. Exceptional new grads with strong CTF, systems, or exploitation work will be considered.
- Hands-on experience with reverse engineering, binary analysis, exploit development, fuzzing, dynamic analysis, bug hunting, CTFs, or comparable low-level security work.
- Deep low-level systems fluency, including OS internals, kernels, runtimes, memory corruption, debugging, dynamic instrumentation, or performance-sensitive systems.
- Strong builder mindset and ability to ship reliable tools and production systems.
- Comfortable working in ambiguity and moving fast.
- Willing to relocate to Washington DC after an initial period, with full relocation support. The role is expected to be in-office 5 days per week.
Nice to Have:
- Strong CTF background, especially pwn, rev, kernel, browser, or systems-heavy challenges.
- Published vulnerability research, CVEs, exploit writeups, or security talks.
- Experience with fuzzing, symbolic execution, emulation, program analysis, or binary rewriting.
- Open-source contributions to low-level security, reversing, debugging, tracing, fuzzing, or OS tooling.
- Exposure to ML / AI systems, especially applied to code, binaries, security automation, or program analysis.
- Early-stage startup, founder, or early-engineer experience.
What We Look For:
- Strong vulnerability research instincts.
- Low-level technical depth.
- Builder mindset — able to turn research workflows into scalable systems.
- Comfort with ambiguity, speed, and high ownership.
- Motivation to help build a category-defining company in AI-native offensive cyber.
CommIT New York, New York, USA Office
477 Madison Avenue 6th Floor, New York, New York, United States, 10022
Similar Jobs
What you need to know about the NYC Tech Scene
Key Facts About NYC Tech
- Number of Tech Workers: 549,200; 6% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Capgemini, Bloomberg, IBM, Spotify
- Key Industries: Artificial intelligence, Fintech
- Funding Landscape: $25.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Greycroft, Thrive Capital, Union Square Ventures, FirstMark Capital, Tiger Global Management, Tribeca Venture Partners, Insight Partners, Two Sigma Ventures
- Research Centers and Universities: Columbia University, New York University, Fordham University, CUNY, AI Now Institute, Flatiron Institute, C.N. Yang Institute for Theoretical Physics, NASA Space Radiation Laboratory



