Security Researcher

About depthfirst

We believe that software is the foundation of modern civilization - yet vulnerabilities threaten its integrity, security, and resilience. We are on a mission to solve security.

depthfirst is building intelligence to detect and remediate critical software vulnerabilities. We are training and scaling security AI agents to discover zero-days vulnerabilities across large customer codebases and popular open source software.

Our founding team includes deep expertise in data, infrastructure, security and LLMs with technical leaders from DeepMind, Databricks, Square, and Faire. We are looking for strong technical people who are interested in working at the intersection of AI, Security, and Infrastructure.

About this role

We're seeking an experienced Security Researcher to join our effort in building and training AI agents for vulnerability discovery and exploitation.

We are building a technology capable of finding the next Log4J at scale, finding and remediating vulnerabilities in customer and open source codebases.

We are looking for strong security researchers with strong intuition to identify, analyze, and investigate application vulnerabilities. You'll collaborate with AI researchers and engineers to uncover novel attack vectors and contribute to the development of advanced detection and defense capabilities. Your work will play a crucial role in building a product that aims to redefine how companies do security.

You're excited about this role because you will...

• Build a technology capable of finding novel vulnerabilities at scale both in open source and proprietary codebases
• Develop techniques to reduce false positives leveraging automated exploitation, proof of concept generation and context inference
• Work closely with engineers to understand limitations and design new methodologies to improve our system
• Publish internal technical reports and contribute to security advisories as needed.
• Work on a Product that Solves a Critical Problem - and we already have a handful of customers who have found it valuable in fixing some eye-opening vulnerabilities within the first few days of using our product.

Qualifications

• 3+ years of full-time experience in security research, offensive security, or related fields.
• Experience with finding vulnerabilities in source code
• Experience creating PoC exploits for vulnerabilities
• Programming experience in Python
• A bachelor's degree in Computer Science/Software Engineering or equivalent industry experience
• A love for technology, and an insatiable curiosity for new tools to tackle real problems
• Capable of solving complex problems with simple solutions. Building reliable and scalable products, making right trade-offs along the way
• A tendency to leave things in a better way than you found it

What We Offer

• Competitive Salary with meaningful equity
• Health, Vision, and Dental Insurance
• Office lunch (when working from our San Francisco office)

depthfirst is an equal opportunity employer and does not discriminate on the basis of race, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law.

To all recruitment agencies: depthfirst does not accept agency resumes. Please do not forward resumes to depthfirst employees. depthfirst is not responsible for any fees related to unsolicited resumes and will not pay fees to any third-party agency or company that does not have a signed agreement with the Company.