Salary:
- up to $200K + Super + Equity
Must haves:
- Curiosity mindset and excited to pioneer an autonomous security engineer
- Comprehensive understanding of application security bugs across various technology stacks (primarily web based software)
- Fast at reading and analysing code to find security bugs
- Strong programming ability with high output
- Enjoys a high amount of ownership
- Excited to work in a cross-functional team with other engineering disciplines (from full-stack software engineers to AI researchers)
- Eager to join an early stage startup and have an meaningful impact on the product’s growth
Nice to have:
- Degree in Computer Science or equivalent
- Previous experience as a vulnerability researcher
- Results in CTFs, bug bounties or publishing CVEs
- OSCP Certification
- Previous product startup experience (<20 People)
- Experience with tools like Semgrep, ZAP, Nuclei etc.
- Experience with LLMs
- Experience using Golang or Python
Responsibilities:
- Help build AppSec capabilities to automate bug detection using a combination of software and AI
- Investigate vulnerabilities found in customer environments and assess the accuracy of the detection
- Craft vulnerabilities for our own internal benchmarks to find gaps in our detection suite
- Work with other engineers/researchers to improve our capabilities across the benchmarks
- Tune static and dynamic detection tools (e.g. Semgrep, ZAP)
- Write prompts to improve the performance of our AI agents
- Collaborate across disciplines with a research team at UNSW (lead by Dr Hammond Pearce), to work on cutting edge AI software security problems.
About Nullify
Nullify is building AI agents capable of performing application security work autonomously, that can reason and make decisions like a real security engineer so organisations can build more secure software without growing the headcount of their security team.
Today, software engineers outnumber security engineers 100 to 1, and this disparity grows with the increasing cyber skills shortage. Product security as a result is costly, inefficient and difficult to scale at a time when secure software development becomes of national security significance. By end-to-end automating product security work like testing, prioritisation, remediation and threat modelling, Nullify can enable product security teams to focus on higher-leverage security work.
We’ve raised over $5M from leading investors like Two Sigma Ventures, Root Ventures and OIF Ventures and 25 leading security professionals from companies like Google and SentinelOne. We will be raising a Series A round in mid 2025. We have enterprise customers in Australia and the USA such as NIB Health Funds (ASX: NHF). We are Hybrid 3 days a week in-person in Sydney CBD.
