We help organizations move AI out of experimentation and into production — safely, reliably, and at scale. From inconsistent performance to limited transparency and challenges with integration and long-term viability, our Applied Intelligence Engine solves the risks that cause most AI initiatives to stall.
Built for some of the most highly regulated industries in the world, we enable teams to deploy AI systems that are auditable, explainable, and aligned with real-world constraints. Our solutions introduce structure, visibility, and control into how AI operates, turning advanced capabilities into a dependable, production-grade infrastructure so our customers can move faster and scale with confidence.
Job Overview
You’ll help build Clearwing: an AI-native cybersecurity system for autonomous vulnerability discovery, exploit validation, pen-testing, reverse engineering, and security reporting. You’ll combine hands-on offensive security work with LLM agent development, eval design, and product engineering. The ideal candidate can chase real bugs, validate exploitability, write production-quality Python, and turn exploratory research into repeatable security capabilities.
Responsibilities
- Develop AI-assisted vulnerability discovery workflows for source code, binaries, networks, and live systems.
- Build and improve Clearwing’s source-code hunting, network pen-testing, N-day exploit, reverse engineering, and validation pipelines.
- Design agentic workflows for reconnaissance, static analysis, dynamic testing, exploit development, patch validation, and reporting.
- Perform static analysis to identify vulnerable patterns, reachable attack surfaces, and exploitability conditions.
- Conduct authorized live testing against networks, services, containers, lab targets, and operational environments.
- Develop and validate proof-of-concept exploits in controlled, authorized settings.
- Build evaluation harnesses for vulnerability discovery quality, false positives, exploitability, reproducibility, and model/tool performance.
- Improve safety, authorization, auditability, guardrails, and human-in-the-loop controls for dual-use cybersecurity capabilities.
- Work with AI researchers and engineers to improve prompts, tools, agent loops, memory systems, scoring systems, and model-routing strategies.
- Produce clear technical reports with evidence, reproduction steps, impact analysis, and remediation guidance.
Requirements
- 3+ years of hands-on cybersecurity experience in vulnerability research, penetration testing, exploit development, reverse engineering, or security engineering.
- Practical experience with at least two of:
- Static analysis
- Dynamic analysis
- Binary exploitation
- Web application security
- Network penetration testing
- Cloud/container security
- Malware analysis or reverse engineering
- Detection engineering
- Strong Python skills and comfort building automation around security tools
- Familiarity with Linux, Docker, Kali/security tooling, Git, CI, and shell workflows
- Ability to reason from vulnerability signal to exploitability, impact, evidence quality, and remediation
- Experience working with LLMs, agents, prompt engineering, evals, or AI-assisted security workflows
- Strong written communication skills for technical findings, customer-facing reports, and internal research notes
- Clear judgment around authorization, responsible disclosure, and dual-use security tooling
Nice-to-haves
- Experience with Ghidra, IDA, Binary Ninja, angr, Semgrep, CodeQL, Joern, AFL++, libFuzzer, ASan/UBSan, or OSS-Fuzz
- Experience developing exploits for memory corruption, deserialization, auth bypass, SSRF, RCE, sandbox escape, or supply-chain vulnerabilities
- Experience with CVE reproduction, N-day analysis, patch diffing, or exploit validation
- Experience building LLM agents, tool-using systems, ReAct loops, eval harnesses, or synthetic-data pipelines
- Familiarity with SARIF, CVSS, CWE, MITRE ATT&CK, MITRE CVE workflows, HackerOne/Bugcrowd-style disclosure, or government security reporting
- Experience with Rust, Go, C/C++, or systems programming
- Prior work with security products, autonomous agents, fuzzing infrastructure, or government/security customers
Benefits
- Comprehensive benefits package, including health, dental, and vision insurance, as well as retirement savings plans
- Opportunities for growth and professional development
- A collaborative and supportive company culture that values diversity and inclusion
- Access to cutting-edge technology and resources for research and development
- Compensation (commensurate with experience): $180,000 - $200,000 (base salary) + equity
Preferred Locations: AZ, CA, CO, CT, DC, FL, KS, ME, MD, MA, MN, NV, NH, NJ, NM, NY, PA, SC, TX, VA, WA
Lazarus AI is an equal opportunity employer. We are committed to equal employment opportunity and nondiscrimination for all employees and qualified applicants without regard to a person's race, color, gender, age, religion, national origin, ancestry, disability, veteran status, genetic information, sexual orientation or any characteristic protected under applicable law. We do not tolerate discrimination or harassment of any kind. This applies to every aspect of employment at Lazarus, including, but not limited to, employment, training, promotion, demotion, transfer, leaves of absence and termination.
Skills Required
- 3+ years of hands-on cybersecurity experience in vulnerability research, penetration testing, exploit development, reverse engineering, or security engineering.
- Practical experience with at least two of: static analysis, dynamic analysis, binary exploitation, web application security, network penetration testing, cloud/container security, malware analysis/reverse engineering, or detection engineering.
- Strong Python skills and comfort building automation around security tools.
- Familiarity with Linux, Docker, Kali/security tooling, Git, CI, and shell workflows.
- Ability to reason from vulnerability signal to exploitability, impact, evidence quality, and remediation.
- Experience working with LLMs, agents, prompt engineering, evals, or AI-assisted security workflows.
- Strong written communication skills for technical findings, customer-facing reports, and internal research notes.
- Clear judgment around authorization, responsible disclosure, and dual-use security tooling.
- Experience with Ghidra, IDA, Binary Ninja, angr, Semgrep, CodeQL, Joern, AFL++, libFuzzer, ASan/UBSan, or OSS-Fuzz.
- Experience developing exploits for memory corruption, deserialization, auth bypass, SSRF, RCE, sandbox escape, or supply-chain vulnerabilities; CVE reproduction, N-day analysis, patch diffing, or exploit validation.
- Experience building LLM agents, tool-using systems, ReAct loops, eval harnesses, or synthetic-data pipelines.
- Familiarity with SARIF, CVSS, CWE, MITRE ATT&CK, CVE workflows, HackerOne/Bugcrowd-style disclosure, or government security reporting.
- Experience with Rust, Go, C/C++ or other systems programming.
- Prior work with security products, autonomous agents, fuzzing infrastructure, or government/security customers.
What We Do
Lazarus applies artificial intelligence and computer vision to develop products and custom solutions to optimize processes. Organizations leverage our APIs to get data out of PDFs to where it needs to be, faster and more accurately than ever before: RikAI is a large language model that extracts data from any document without training. Regardless of type, format, or language, our advanced document understanding API can contextualize information, analyze layouts, and find answers to natural language questions across any number of documents. Industries from insurance through to legal are using RikAI to use their documents intuitively. Upload any document and ask almost any question to get the correct answer without training. To improve results, instead of increasing a “training set”, rewrite questions until they consistently yield the best results. Lazarus Forms is a general data extraction API that makes cluttered, unstructured PDFs as usable as any JSON. Our form extractor pulls entities, tables, and key value pairs from documents without example forms or training. Recognizing both handwritten and typed text, Lazarus Forms extracts more data and requires even less human intervention. We streamline data intake and transfer processes associated with various types of documents; claims forms, new patient intake, attending physician statements, adjuster reports, lab results, ACORDs, and anything that can fit in a PDF.
