← Back to Careers

Senior Security Researcher

Remote / US / LATAMFull-time

Introduction

We are looking for a highly skilled and experienced Senior Security Researcher to join our pioneering team. You will be at the heart of our mission to build the world's most advanced AI-driven offensive security platform. This role requires a deep passion for offensive security, a rigorous research mindset, and the ability to translate complex vulnerabilities into structured knowledge that can be leveraged by AI agents. If you are an expert in offensive security, thrive on discovering and exploiting vulnerabilities, and are excited by the challenge of teaching an AI to think like a hacker, this is the perfect opportunity for you.

The Mission of the Role

Your mission is to be the bridge between human offensive expertise and the capabilities of our AI agents. At SpartanX, we are automating penetration testing and red teaming with AI, but our agents need your expertise to discover, chain, and validate vulnerabilities with depth. You will research, find, validate, and convert offensive knowledge—including vulnerabilities, techniques, attack chains, and reproducible evidence—into structured resources that will form the knowledge base of our AI agents and enhance their performance.

Key Responsibilities

  • Vulnerability Research: Investigate and discover vulnerabilities in applications, services, infrastructure, and components (frameworks, libraries, configurations, protocols).
  • Knowledge Creation: Build knowledge artifacts for our platform, including technical write-ups, playbooks, test cases, attack chains, heuristics, and validation criteria.
  • Lab Management: Design and maintain reproducible labs for research purposes, including targets, datasets, scenarios, and controlled environments.
  • Offensive Exercises: Execute authorized offensive exercises, such as pentesting and red teaming (web, mobile, cloud, network), and translate your findings into “features” for our AI agents.
  • Red Teaming Expertise: Provide expertise in red teaming TTPs, including enumeration, initial access, persistence, privilege escalation, lateral movement, exfiltration, and post-exploitation in permitted environments.
  • Collaboration: Work closely with the AI and Engineering teams to convert your research into practical tools, validators, decision rules, and evaluations for our AI agents.
  • Continuous Learning: Stay active by solving technical challenges (CTFs, HTB, THM, etc.) and converting your learnings into reusable and measurable assets for the platform.
  • Quality Standards: Define and uphold quality standards for offensive knowledge, ensuring traceability, reproducibility, severity, impact, and evidence.

Core Technical Requirements (Must-Have)

  • Experience: 6+ years of hands-on experience in offensive security (pentesting/red teaming) with real and demonstrable deliverables.
  • Multi-Domain Expertise: Strong command of offensive testing across multiple domains, including web, network, Active Directory, and cloud environments (with deep expertise in at least two).
  • Advanced Research: Proven ability to investigate and validate vulnerabilities in complex environments, from known flaws to advanced research involving component analysis and attack chaining.
  • Red Teaming Tactics: Solid knowledge of red teaming tactics and techniques (with MITRE ATT&CK as a reference), including tradecraft in corporate environments.
  • Technical Documentation: Ability to produce high-quality technical documentation, including clear write-ups, reproducible steps (in lab or authorized environments), and validation criteria.
  • Automation and Scripting: Proficiency in programming/scripting for automation and tooling (Python/Bash or equivalent) and comfort with a standard engineering workflow (Git, PRs, issues).
  • Research Mindset: A curious, methodical, and rigorous research mindset with a strong focus on reproducibility and knowledge quality.
  • Ethical Judgment: A strict understanding of legal and contractual boundaries and experience with responsible disclosure practices.
  • Autonomy and Time-Boxing: The ability to prioritize, scope, and deliver work autonomously while communicating risks early and effectively.
  • Transparent Communication: A commitment to transparent communication and ownership; we prefer to hear bad news early than to be surprised later.

Desirable Skills & Experience (Nice-to-Have)

  • Certifications: Offensive security certifications such as OSCP, OSWE, OSEP, CRTO, PNPT, or GXPN are a plus.
  • Specialized Experience: Experience in mobile security (Android/iOS), reverse engineering, or low-level exploitation.
  • Evasion Techniques: Experience with detection and evasion techniques in authorized environments (WAF/EDR/AV) from a tradecraft and validation perspective.
  • Community Involvement: Active participation in CTFs, Hack The Box, TryHackMe, or other platforms with personal write-ups or verifiable contributions.
  • Framework Development: Experience building internal testing frameworks, harnesses, or validation suites.
  • AI and LLM Tooling: Familiarity with agent orchestration or LLM tooling, either conceptually or in practice.

What We Offer

  • • The opportunity to work at the forefront of offensive AI in 2026
  • • An environment where your knowledge becomes a “capability” for AI agents operating at scale
  • • The chance to solve difficult and real-world problems related to research, attack chains, reproducibility, evaluation, and tradecraft
  • • A high-ownership team with a culture of radical transparency and zero drama
  • • Flexibility and a focus on results, not hours