TeamPCP Copycats: 4 Malicious npm Packages Were Uploaded by the Same Threat Actor
Read the Latest Research
← All Jobs

Application Security Researcher

Ramat Gan · Full-time

About The Position

About the Position

Ox Security is the pioneer of Active ASPM, purpose-built to secure the modern software supply chain in the age of AI. While traditional tools overwhelm teams with endless alerts, Ox cuts through the noise to identify the critical 5% of risks - those that are truly reachable and exploitable. From GenAI-generated code to cloud runtime, we provide developers and security teams with the visibility and automation needed to ship secure software, faster.

We’re looking for a highly skilled Application Security Researcher to join our Security Research group and help us push the boundaries of modern AppSec. This is a critical, hands-on role where you’ll work closely with engineers, researchers, and AI & data scientists to build the next generation of application security - including autonomous, agentic pentesting capabilities.

This is not a typical AppSec role. You’ll be building, breaking, and redefining how offensive security works at scale.

Responsibilities

What You’ll Be Doing

  • Design and build detection engines and decision-making logic for autonomous security systems
  • Develop new classes of automated attacks leveraging deep application and infrastructure context
  • Conduct advanced research on chaining vulnerabilities, logic flaws, and complex attack paths
  • Prototype, build, and ship security capabilities into production environments
  • Collaborate with Product, Engineering, and Data teams to shape next-gen security features
  • Analyze large-scale data to identify attack opportunities and improve detection accuracy
  • Actively contribute to research direction, ideation, and innovation within the team

Requirements

What We’re Looking For

  • 4+ years of experience in Application Security, Penetration Testing, Red Teaming, or Secure Development
  • Strong knowledge of common vulnerabilities (OWASP Top 10, etc.) and remediation techniques
  • Experience with code-level analysis and modern development stacks
  • Strong programming skills and hands-on technical capabilities
  • Deep understanding of how systems break and how to exploit them
  • Ability to communicate complex technical concepts clearly
  • Team player who thrives in fast-paced, high-impact environments
  • Familiarity with DevSecOps practices or security automation tools

The DNA We’re Looking For

  • Builder–Breaker mindset: You don’t just find vulnerabilities - you build tools and systems to find them at scale
  • Offensive instincts: Strong background in AppSec, Red Teaming, or advanced pentesting
  • Systems thinker: You understand security as interconnected systems, not isolated issues
  • Curious and fearless: You’re excited about working on cutting-edge problems in AI and security
  • Ownership-driven: You thrive in environments with ambiguity and take initiative to define the path forward

Bonus Points For

  • Public research, CVEs, or speaking experience (BlackHat, DEFCON, etc.)
  • Experience with bug bounty programs or red teaming
  • Strong software engineering background
  • Hands-on experience with LLMs, autonomous agents, or security automation
  • Passion for building secure products and empowering developers


Apply for this position