Security Engineer at Xbowcareers

ABOUT XBOW At XBOW, we’re redefining the future of cybersecurity by building the world's first autonomous pentester, powered by AI. Today, the gold standard for securing software systems is human pentesters, but with the rise of artificial intelligence, we’re stepping up to scale offensive security to meet the ever-growing demand. AI is transforming the landscape of both cybersecurity and cyberattacks. While millions of people without security expertise are creating software, bad actors are using AI to launch more effective attacks. XBOW fights back with AI-driven superpowers, enabling security teams to stay one step ahead. Backed by Sequoia Capital and Altimeter, and a team that includes the creators of GitHub Copilot and GitHub Advanced Security, XBOW is not just keeping up with the times—we’re shaping the future of cybersecurity. Our mission is simple: to defeat the bad actors before they strike, using AI to revolutionize how we approach offensive security. We’re building something that must be built, and we’re the team to do it. Join us in shaping the next frontier of autonomous security. YOUR ROLE We're looking for an experienced, hands-on Security Engineer to secure XBOW's product, cloud, and platform as we scale. This is a technical individual contributor role focused on building security into how we design, ship, and operate systems. You'll work closely with engineering and platform teams across application security, cloud security, vulnerability management, and incident response. The core of this role is security engineering ownership: improving preventive controls, detection quality, and response readiness, while driving remediation of real risks in production. WHAT YOU’LL DO - Design and implement security controls across cloud, infrastructure, and internal platforms - Partner with engineering to harden cloud architecture, IAM, and infrastructure - Own product security reviews for new features, services, and major architecture changes - Drive threat modeling and secure design decisions early in the SDLC - Operate and improve AppSec workflows (SAST, SCA, secrets scanning, IaC scanning) - Triage vulnerabilities across application, container, and cloud findings, and drive remediation with risk-based SLAs - Define and run the vulnerability management lifecycle: intake, prioritization, exception handling, validation, and reporting - Improve CNAPP coverage and finding quality across cloud accounts and workloads - Improve Kubernetes and container security posture - Monitor, investigate, and respond to security events and incidents - Build automation to improve security operations, access workflows, and incident response - Support the compliance function by implementing and maintaining technical controls for SOC 2 and ISO 27001, and by documenting security processes, playbooks, and policies that scale with the company. - Support the IT team with timezone coverage for core operational security tasks, including SaaS administration (Okta, Google Workspace, 1Password), onboarding/offboarding workflows, and endpoint access management (MDM, VPN, and secure device provisioning) for a fully remote team. WHO YOU ARE - 5+ years of experience in security engineering, product security, cloud/platform security, or closely related roles - Strong hands-on experience securing cloud environments (AWS and Azure) - Comfortable owning technical security problems end-to-end in fast-moving environments - Hands-on experience with product/application security in engineering environments (secure design reviews, threat modeling, code-level risk discussions) - Experience operating AppSec tooling and processes at scale (SAST, SCA, secrets, IaC scanning) - Strong vulnerability triage and remediation management experience, including risk-based prioritization and SLAs - Experience with CNAPP (or equivalent cloud security platforms) and tuning findings for engineering actionability - Working knowledge of Kubernetes/container security in production systems - Ability to partner with developers and platform teams to ship secure defaults without blocking delivery - Comfortable writing scripts and automations to improve security reliability and scale - Experience in incident response, investigation, and post-incident hardening in cloud-native environments - Familiar with SOC 2 requirements and comfortable implementing technical controls to support compliance - Security-minded, detail-oriented, and a proactive communicator in remote-first teams BONUS IF YOU HAVE - Multi-cloud experience beyond AWS (e.g., Azure/GCP/OCI) - Offensive security/pentesting background and ability to convert findings into durable engineering fixes - Experience scaling security at a startup from early stage to audit-ready maturity - Relevant security certifications (e.g., OSCP, OSCE, AWS Security Specialty, Kubernetes security certs) - Proficient with identity and access systems (Okta, Google Workspace, cloud IAM) and access lifecycle management WHAT WE OFFER: - Compensation & Equity: Competitive salary, clear performance-based incentives, and equity package, making you an integral part of XBOW’s growth story. - Career Growth: Significant opportunities to progress within the sales organization and shape your career trajectory as we scale. - Meaningful Work: You’ll directly impact XBOW’s mission to revolutionize cybersecurity and protect organizations worldwide. WHAT ELSE YOU SHOULD KNOW - Location: Remote US - Contract: Full-time - Hiring Process: - Introduction with Talent - Hiring Manager Interview - Technical Interview - Final Interview with Head of Department At XBOW, we leverage AI every day, it's embedded in our product and our sales approach. But for this role, we’re seeking someone who brings genuine curiosity, empathy, and persistence. If that's you, we'd love to connect.