Senior Vulnerability Researcher

Oak

6h ago 1 views 0 applications
Full-time On-site
Tel Aviv
Competitive
Full-time

Job Description

Vulnerability Researche

Tired of grappling with outdated Identity and Access Management (IAM) systems in a world where identity is the #1 attack vector? So are we. Oak is fundamentally reimagining enterprise IAM, powered by AI, and we're looking for visionary talent to join us.

Founded by serial entrepreneurs Shai Morag and Tal Marom, and backed by a robust $60M seed round from Greylock, Accel, and CRV, we're building the next generation of identity security. The landscape has changed: identities are exploding across human, machine, and AI agents, leaving legacy tools struggling to answer a critical question: "who has access to what, right now?"

We believe the answer isn't another patch; it's a new foundation. Oak is the AI-native Identity Operating System: an intelligent connector framework for any application, a live identity graph built from raw evidence, and a team of AI agents governing the full identity lifecycle. We're engineering Oak's AI-native core from day one to address the future of enterprise identity, not just retrofit the past. And we're just getting started.

About the Role: Vulnerability Researche

Oak's Vulnerability Research team operates at the sharpest edge of our technical work. This is where systems are meticulously deconstructed to reveal their true mechanics and pinpoint their breaking points. We dive deep into the mechanisms, protocols, and architectures that form the backbone of modern technology, relentlessly pressure-testing assumptions the rest of the industry takes for granted. Your work will not only fortify our platform but will also produce original, standalone research that advances the entire field.

As a Vulnerability Researcher, you'll cultivate a first-principles understanding of the technologies and systems you investigate, then actively seek out their flaws. This involves uncovering flawed assumptions in established paradigms, identifying the crucial gaps between intended and actual system behavior, and pioneering novel vulnerabilities and exploitation techniques that have yet to be named. This is hands-on, deep technical work that demands reverse-engineering, breaking, and discovering exploitable weaknesses before any attacker does.

You'll enjoy the freedom to follow compelling research wherever it leads, supported by an ecosystem designed for your success – providing every tool and access imaginable. Some of your discoveries will directly inform how Oak models and understands genuine exploitability, grounding our platform in real-world attacker realities. Other threads will be pure discovery, pursued for the inherent challenge and profound impact of the finding, destined for publication to push the boundaries of security research.

Ultimately, your work will solidify Oak's authority in the field. Through original research, impactful disclosures, and insightful technical thought leadership, you will build a body of work that commands respect within the security community and refines how the industry conceptualizes true security.

What You'll Do:

Unearth Hidden Flaws: Hunt for the blind spots in established security paradigms, revealing flawed assumptions, critical gaps between specified and actual behavior, and pioneering novel vulnerability classes and exploitation techniques.
Master System Internals: Reverse-engineer and deeply comprehend systems, protocols, and architectures at the implementation level, developing a precise understanding of how they actually work, beyond their design specifications.
Craft Exploits: Develop hypotheses and transform them into functional proof-of-concept exploits that demonstrably showcase real-world risk, anticipating attacker methods.
Drive End-to-End Research: Own complete research threads, from initial exploration and developing hunches, all the way through to a working proof of concept, responsible disclosure, or publication. Follow the evidence fearlessly, without relying on a predefined playbook.
Ground Platform in Reality: Integrate your research findings that illuminate genuine exploitability into Oak's platform, strengthening our understanding of identity attack surfaces across both human and non-human identities.
Elevate Oak's Standing: Promote Oak's reputation within the security community through groundbreaking original research, impactful CVEs, and technical thought leadership that genuinely advances the field and earns trust through merit.

What You'll Bring:

Proven Expertise: 6+ years of hands-on vulnerability research, reverse engineering, or offensive security experience, with a demonstrated track record of discovering non-trivial flaws and a deep understanding of systems, protocols, and architectures to explain their genesis.
First-Principles Mindset: A relentless approach to understanding how things actually work, not just how they're documented. You pull the thread until you hit ground truth and are unsatisfied until you do.
Instinct for the Unseen: The innate ability to identify what others overlook – the unquestioned assumptions in established systems, the untested edges, and the critical failure modes residing in the gap between specification and implementation.
End-to-End Ownership: A strong drive to lead research hypotheses to definitive conclusions, navigating dead ends, unexpected turns, and achieving rigorous proofs.
Hands-On Exploitation: Robust practical expertise in converting theoretical vulnerabilities and research into functional exploit chains and proofs of concept.
Result-Driven Depth: The discernment to pursue problems to the necessary depth because the potential impact justifies the effort, and the wisdom to recognize when it does.
Significant Discoveries: A verifiable track record of original and impactful discoveries – including published CVEs, pioneering novel vulnerability classes or exploitation techniques, or foundational research that defined previously unnamed problems in the field.

Bonus Points (Nice to Have):

A history of presenting original research at prestigious security conferences such as Black Hat, DEFCON, OffensiveCon, Hexacon, or comparable events.
Attribution for significant CVEs (CVSS High or Critical).

CyberJob.app

Your trusted source for cybersecurity job opportunities worldwide.


© 2026 CyberJob.app. All rights reserved.