Founding Engineer - Cybersecurity Researcher (Senior)

• Location: Remote (India preferred)
• Engagement: Full-time
• Compensation: ?9-13 LPA + ESOP

Role Snapshot

• Lead security research initiatives and work directly with the founding team to architect and scale APS (Autonomous Pentesting Solution), our flagship product that's redefining security testing with AI.
• Drive complex VAPT engagements, mentor the security team, and define the technical roadmap for autonomous security testing.
• Expect end-to-end ownership of product security features, strategic decision-making, and direct influence on company direction.

What You'll Tackle

• Lead and execute end-to-end VAPT engagements across web applications, mobile apps, APIs, thick clients, and cloud infrastructure for high-profile clients.
• Architect core security modules within APS, designing and implementing advanced AI/LLM-driven vulnerability detection and exploitation systems.
• Conduct original vulnerability research, discover zero-days, and develop sophisticated exploitation techniques and attack chains.
• Lead technical discussions with clients, deliver executive-level security reports, and provide strategic remediation guidance.
• Mentor junior researchers and interns, conduct code reviews, and establish security research best practices.
• Drive the product roadmap by identifying new attack vectors, emerging threats, and innovative approaches to autonomous pentesting.
• Collaborate with the founding team on strategic initiatives, partnerships, and scaling the security research function.

What Makes You a Strong Fit

• 2-3 years of hands-on experience in penetration testing, security research, or offensive security roles with proven track record.
• Expert-level understanding of web, mobile, API, and thick client security with deep exploitation expertise across multiple attack surfaces.
• Notable achievements on Bugcrowd, HackerOne, or similar platforms (Hall of Fame, high-severity findings, or CVE contributions strongly preferred).
• Strong presence in the CTF community with top rankings, team leadership, or writeup contributions.
• Advanced proficiency with security tools and custom tool development (Burp Suite, Metasploit, Frida, custom Python frameworks).
• Demonstrated ability to discover and chain complex vulnerabilities for high-impact exploitation.
• Experience with cloud security (AWS/Azure/GCP), container security, or infrastructure pentesting.
• Strong Python development skills with portfolio of security automation tools or open-source contributions.
• Industry certifications such as OSCP, OSWE, OSEP, CPTS, or equivalent demonstrated expertise.
• Published security research, blog posts, conference presentations, or technical writeups.
• Excellent communication skills with ability to explain complex technical concepts to both technical and non-technical audiences.
• Proven leadership experience mentoring junior security professionals or leading technical initiatives.

Interview Process

• Founder Call (45 min) career trajectory, technical vision, culture add.
• Technical Assessment (72 h) advanced multi-stage security challenge covering complex attack scenarios.
• Security Lead Round (90 min) comprehensive technical deep dive, solution walkthrough, and strategic discussion.
• Offer Letter

What You'll Gain

• Leadership opportunity with direct impact on product strategy and company direction.
• Work closely with founders to build and scale a cutting-edge security product from the ground up.
• Exposure to cutting-edge AI/LLM integration in cybersecurity and opportunity to push the boundaries of autonomous security testing.
• Significant equity stake in a fast-growing security startup with strong market potential.
• Freedom to pursue original research, publish findings, and represent the company at security conferences.
• Competitive compensation package with performance-based growth opportunities.
• Flexible work arrangements and autonomy to drive technical decisions.

How to Apply

Email [HIDDEN TEXT] with:

• Resume or LinkedIn profile.
• Bugcrowd, HackerOne, HackTheBox, TryHackMe profile links with notable achievements.
• Portfolio of security work (GitHub, published research, CVEs, blog posts, conference talks, or significant vulnerability disclosures).