About XBOWAt XBOW, we’re redefining the future of cybersecurity by building the world's first autonomous pentester, powered by AI. Today, the gold standard for securing software systems is human pentesters, but with the rise of artificial intelligence, we’re stepping up to scale offensive security to meet the ever-growing demand.AI is transforming the landscape of both cybersecurity and cyberattacks. While millions of people without security expertise are creating software, bad actors are using AI to launch more effective attacks. XBOW fights back with AI-driven superpowers, enabling security teams to stay one step ahead.Backed by Sequoia Capital and Altimeter, and a team that includes the creators of GitHub Copilot and GitHub Advanced Security, XBOW is not just keeping up with the times—we’re shaping the future of cybersecurity. Our mission is simple: to defeat the bad actors before they strike, using AI to revolutionize how we approach offensive security.We’re building something that must be built, and we’re the team to do it. Join us in shaping the next frontier of autonomous security.Your RoleWe're looking for an experienced, hands-on Security Engineer to secure XBOW's product, cloud, and platform as we scale. This is a technical individual contributor role focused on building security into how we design, ship, and operate systems.You'll work closely with engineering and platform teams across application security, cloud security, vulnerability management, and incident response. The core of this role is security engineering ownership: improving preventive controls, detection quality, and response readiness, while driving remediation of real risks in production.What You’ll DoDesign and implement security controls across cloud, infrastructure, and internal platformsPartner with engineering to harden cloud architecture, IAM, and infrastructureOwn product security reviews for new features, services, and major architecture changesDrive threat modeling and secure design decisions early in the SDLCOperate and improve AppSec workflows (SAST, SCA, secrets scanning, IaC scanning)Triage vulnerabilities across application, container, and cloud findings, and drive remediation with risk-based SLAsDefine and run the vulnerability management lifecycle: intake, prioritization, exception handling, validation, and reportingImprove CNAPP coverage and finding quality across cloud accounts and workloadsImprove Kubernetes and container security postureMonitor, investigate, and respond to security events and incidentsBuild automation to improve security operations, access workflows, and incident responseSupport the compliance function by implementing and maintaining technical controls for SOC 2 and ISO 27001, and by documenting security processes, playbooks, and policies that scale with the company.Support the IT team with timezone coverage for core operational security tasks, including SaaS administration (Okta, Google Workspace, 1Password), onboarding/offboarding workflows, and endpoint access management (MDM, VPN, and secure device provisioning) for a fully remote team.Who You Are5+ years of experience in security engineering, product security, cloud/platform security, or closely related rolesStrong hands-on experience securing cloud environments (AWS and Azure)Comfortable owning technical security problems end-to-end in fast-moving environmentsHands-on experience with product/application security in engineering environments (secure design reviews, threat modeling, code-level risk discussions)Experience operating AppSec tooling and processes at scale (SAST, SCA, secrets, IaC scanning)Strong vulnerability triage and remediation management experience, including risk-based prioritization and SLAsExperience with CNAPP (or equivalent cloud security platforms) and tuning findings for engineering actionabilityWorking knowledge of Kubernetes/container security in production systemsAbility to partner with developers and platform teams to ship secure defaults without blocking deliveryComfortable writing scripts and automations to improve security reliability and scaleExperience in incident response, investigation, and post-incident hardening in cloud-native environmentsFamiliar with SOC 2 requirements and comfortable implementing technical controls to support complianceSecurity-minded, detail-oriented, and a proactive communicator in remote-first teamsBonus if you haveMulti-cloud experience beyond AWS (e.g., Azure/GCP/OCI)Offensive security/pentesting background and ability to convert findings into durable engineering fixesExperience scaling security at a startup from early stage to audit-ready maturityRelevant security certifications (e.g., OSCP, OSCE, AWS Security Specialty, Kubernetes security certs)Proficient with identity and access systems (Okta, Google Workspace, cloud IAM) and access lifecycle managementWhat We Offer:Compensation & Equity: Competitive salary, clear performance-based incentives, and equity package, making you an integral part of XBOW’s growth story.Career Growth: Significant opportunities to progress within the sales organization and shape your career trajectory as we scale.Meaningful Work: You’ll directly impact XBOW’s mission to revolutionize cybersecurity and protect organizations worldwide.What Else You Should KnowLocation: Remote USContract: Full-timeHiring Process:Introduction with TalentHiring Manager InterviewTechnical InterviewFinal Interview with Head of DepartmentAt XBOW, we leverage AI every day, it's embedded in our product and our sales approach. But for this role, we’re seeking someone who brings genuine curiosity, empathy, and persistence. If that's you, we'd love to connect.