IT & Platform Security EngineerAbout XBOWAt XBOW, we’re redefining the future of cybersecurity by building the world's first autonomous pentester, powered by AI. Today, the gold standard for securing software systems is human pentesters, but with the rise of artificial intelligence, we’re stepping up to scale offensive security to meet the ever-growing demand.AI is transforming the landscape of both cybersecurity and cyberattacks. While millions of people without security expertise are creating software, bad actors are using AI to launch more effective attacks. XBOW fights back with AI-driven superpowers, enabling security teams to stay one step ahead.What makes XBOW truly unique? Like human experts, it forges creative attacks, adapts its learnings, and continuously works to find vulnerabilities faster than anyone ever could. We’re not only simulating threats—we’re also finding and responsibly disclosing real-world vulnerabilities, ensuring organizations can fix issues before they’re exploited. XBOW isn’t just a tool; it’s a transformative force in the secure development lifecycle.Backed by Sequoia Capital and a team that includes the creators of GitHub Copilot and GitHub Advanced Security, XBOW is not just keeping up with the times—we’re shaping the future of cybersecurity. Our mission is simple: to defeat the bad actors before they strike, using AI to revolutionize how we approach offensive security.We’re building something that must be built, and we’re the team to do it. Join us in shaping the next frontier of autonomous security.Your Role: IT & Platform Security EngineerWe’re looking for an experienced, hands-on IT and corporate security engineer to support and secure our internal systems, infrastructure, and workforce. You’ll help onboard new team members, manage devices and access, automate workflows, and ensure our compliance and security posture remains strong as we grow.This is a deeply technical, individual contributor role. You’ll work across IT, devops, and internal security, partnering closely with engineering, legal, and leadership to keep our environment secure and efficient.What You'll DoConfigure and manage corporate devices, MDM, VPN, and secure endpoint access across a fully remote teamSupport onboarding/offboarding processes, with a focus on automation and scalabilityMaintain and secure core SaaS tools (Okta, Google Workspace, 1Password, etc.)Design and enforce access controls, identity management, and authentication policiesCollaborate with engineering on IAM, AWS environment security, and internal toolingHelp prepare for and maintain compliance with frameworks like SOC 2 and ISO 27001Monitor and respond to internal security events and incidentsDocument processes, playbooks, and policies to support a growing companySupport developers with secure, reliable access to infrastructure and toolsWho You Are5+ years of experience in IT, internal security, or devops rolesProficient with mobile device management (e.g. Mosyle, Jamf) and endpoint provisioningHands-on experience with Okta, Google Workspace, and cloud IAM (especially AWS)Comfortable writing scripts to support automation and working with configuration management toolsExperienced in managing access, authentication, and endpoint security across distributed teamsFamiliar with compliance requirements such as SOC 2, and comfortable aligning practices accordinglySecurity-minded and detail-oriented, with experience responding to incidents and hardening systemsProactive communicator who thrives in fast-paced, remote-first environmentsBonus PointsExperience supporting engineering teams and developer toolingFamiliarity with modern Mac fleet managementSecurity certifications (e.g., CISSP, Security+)Background at a startup or helping a company go from early stage to audit-readyWhat We OfferCompensation & Equity: Competitive salary and meaningful stock options.Growth: Opportunity to learn from and collaborate with top security and AI expertsImpact: Work on complex technical challenges that support the foundation of our companyRemote-First:Work from anywhere, with regular opportunities to meet in personWhat Else You Should KnowLocation: Remote (all team members are remote but we meet regularly and you’re supported to travel to collaborate with colleagues in person)Contract: Full-time.Hiring Process:30-min introductory chat.30 minutes with one of our founders.2-3 hour technical deep dive around relevant case study.30-min final meeting with our CEO and founder, Oege de Moor.We’re a security company that builds with AI at the core — so you’ll be protecting a team that moves fast, iterates aggressively, and lives in the command line. If that sounds like your kind of environment, let’s talk.