Posted at: 21 February

Pentest Automation Engineer

Company

CompanyXBOW

XBOW is a remote-based B2B SaaS company specializing in AI-powered penetration testing solutions for the cybersecurity industry, targeting organizations in need of advanced security measures.

Remote Hiring Policy:

XBOW operates as a fully remote company, with all team members working remotely. While specific hiring locations are not detailed, the company supports collaboration through regular meetings and travel for in-person interactions.

Job Type

Full-time

Allowed Applicant Locations

Worldwide

Apply Here

Job Description

Build the future of offensive security with XBOW. Attackers are already using AI to move faster than defenders can react—we’re creating the platform that puts security ahead in the arms race. Our AI-powered system autonomously discovers, validates, and even exploits vulnerabilities, giving organizations proof-backed results in hours instead of weeks.

Founded by Oege de Moor, creator of GitHub Copilot, and backed by Sequoia, Altimeter, and other leading investors, XBOW is applying cutting-edge AI to one of the world’s most urgent problems. In just over a year, our AI, built by a world-class AI team and legendary security researchers — has uncovered thousands of real-world zero-days across the software billions rely on, and achieved the #1 ranking on HackerOne’s global leaderboard.

We’re a team of builders, hackers, and researchers who thrive on solving problems others think are impossible. If you want to push the boundaries of AI, reshape how security is done, and join the group defining this new era of defense — we’d love to talk.

Your Role: Pentest Automation Engineer

This role is responsible for designing, running, and maintaining an always-on testing program that applies XBOW across public bug bounty environments and partnered open-source projects.

Day to day, the individual will build and operate fully automated systems that handle everything from reconnaissance and safety validation to target selection, attack execution, and results analysis. They will continuously evaluate which systems to test based on exposure and business impact, integrate new and experimental XBOW capabilities into live workflows, and ensure all activity stays compliant with program rules.

A major focus of the role is developing and maintaining robust automation, internal tooling, and shared dashboards that give visibility into active testing efforts across the company.

Responsibilities:

  • Ownership and execution of a continuous program running XBOW against public bug bounty programs, e.g. companies using HackerOne.

  • Ownership and execution of a program running XBOW in collaboration with open-source projects (program to be launched in Q2).

  • Ensuring that targets are attackable and our activities would be within their bug-bounty scope.

  • Prioritizing targets based on attack surface and target value.

  • Incorporation of pre-release XBOW software (e.g. new attack techniques or validators) into the program schedule.

  • Full end-to-end automation of the attack pipeline, including:

    • Scanning and reconnaissance infrastructure

    • Safety / compliance checks

    • Automated target prioritization and selection

    • Automated attack dispatch and management.

  • Tooling for triage and analysis of findings.

  • Company-wide dashboard for all active programs.

Skills and Qualifications

Essential:

  • Profession experience with Typescript in automation tooling

  • Professional experience with AWS

  • Professional expertise in Linux, and CI/CD pipelines (in particular GitHub Actions) and other Infrastructure & DevOps tooling

Advantageous:

  • Professional experience with Go or Python in automation tooling

  • Professional experience with additional cloud providers (GCP, Azure etc.)

  • Professional experience with DevOps and IaC technologies such as Kubernetes, Docker, Terraform

What we offer

  • Compensation & Equity: Competitive salary and a generous equity package, making you a true owner of the company.

  • Career Growth: Shape your role, lead the function, and grow with the company as we redefine cybersecurity.

  • Meaningful Work: You will tackle technically complex challenges and play a pivotal role in the growth of our business, working alongside an amazing team and some of the world’s experts to shape how AI transforms cybersecurity.

What else you should know

  • Location: Remote (all team members are remote but we meet regularly and you’re supported to travel to collaborate with colleagues in person)

  • Contract: Full-time.

We aren't focused on seniority titles at XBOW—so if you’re worried about “leveling,” don’t be. We care a lot more about mission fit, capability, and impact than what’s on your LinkedIn headline.

We believe in people who are driven by curiosity and a willingness to learn. Even if you don't check every box, we encourage you to apply if you're excited about the role and our mission.

Apply Here