Application Security Researcher

Tenzai is building autonomous AI hackers that think like the world's best offensive security experts, act like them, and then help fix what they find before the real ones do. If this mission speaks to you, come defend the world's software: autonomously, continuously, and in-depth.

About the role

This is a rare opportunity to work at the intersection of offensive security and AI - and to have your expertise shape a platform used at enterprise scale. You’ll perform attacks on customer applications, help the AI agent get smarter, and work alongside a tight-knit team building something genuinely new in the security space. Work closely with AI and engineering teams to continuously improve agent capabilities.

• Harness Tenzai’s AI agent on customer applications, analyze the results, and validate vulnerabilities with clear exploitation evidence.
• Present findings and exploitation evidence clearly and transparently to customers and internal teams.
• Analyze where the system needs to improve, investigate cases where the AI missed, misclassified, or hallucinated vulnerabilities.
• Develop new attack strategies and offensive testing techniques for web and API targets, and translate real-world knowledge into improvements for the AI agent.

• Deep expertise in Web and API security, including authentication, business logic, and injection flaws.
• 3+ years of hands‑on experience in Penetration Testing, Application Security, Bug Bounty, or Red Team operations.
• Ability to articulate complex vulnerabilities clearly, both in writing and verbally.
• Experience in writing code to develop tooling for penetration tests.
• Comfortable working in a fast‑paced startup environment with a high degree of ownership.