About VulnCheck

VulnCheck is transforming vulnerability intelligence by helping security teams act faster and with more confidence. Our platform delivers early, high-quality exploit intelligence, deep asset correlation, and contextual insights to help organizations stay ahead of emerging threats.

About the Role

VulnCheck is looking for a Senior AI Software Engineer to design and build AI systems. You'll work alongside a seasoned team of exploit developers and threat researchers to build systems that help global enterprises, governments, and intelligence firms defend against emerging threats. This is not a wrapper around a chatbot. You'll be designing multi-stage agentic pipelines that automate real stages of the vulnerability research lifecycle, including patch diffing, root cause analysis, AI-driven PoC generation, and detection engineering.

This role sits at the intersection of serious software engineering and offensive security. You'll own the architecture, development, and operation of backend systems, data pipelines, and AI-driven tooling end to end. You won’t be writing exploits yourself. Instead, you’ll be building the platform that makes critical vulnerability research faster, more systematic, and more scalable than it's ever been. Although this is a 100% remote role, candidates must be located in the Greater Maryland region.ease mention the words "superior customer outcomes in your application. 

Why Join VulnCheck?

VulnCheck stands behind its mission to influence how organizations worldwide understand, assess, and remediate security vulnerabilities — and to deliver intelligence-based solutions that change the world.

You'll be joining a collaborative, supportive environment that values intellectual curiosity, technical mastery, and personal growth. 

• Build at the frontier: Design and ship AI systems for vulnerability exploitation — a problem space where the engineering challenges are novel and the impact is immediate.
• Shape the industry: Influence how vulnerabilities are classified, scored, mapped, and remediated at scale for enterprise customers and for the entire cybersecurity industry.
• Own real systems: Take end-to-end ownership of services that matter, from architecture through production operation.
• Grow your impact: Collaborate with global partners, lead high-visibility projects, and drive standards across the security community.
• Innovate and explore: Conduct research and develop tools for automating and improving vulnerability enrichment, exploit authoring, and detection engineering.

What You'll Do

• Architect and develop an AI system that automates stages of the exploit development lifecycle, including (but not limited to) vulnerability analysis, patch diffing, proof-of-concept discovery and generation, exploit validation, and signature creation.
• Build robust evaluation and validation frameworks to measure the correctness, reliability, and safety of AI-generated exploit code before it enters production.
• Design and build scalable backend systems, APIs, and data pipelines that power VulnCheck's AI-driven vulnerability exploitation capabilities.
• Own services end-to-end, including architecture, development, deployment, and operation.
• Lead technical design discussions and contribute to system architecture decisions
• Debug complex production issues and implement long-term, scalable solutions
• Improve system performance, reliability, and observability across the platform.

What You'll Bring

• 7+ years of software development experience building and scaling production systems
• Strong programming skills in languages such as Go or Python, with a focus on writing high-quality, maintainable code and engineering best practices
• Proven experience building and operating AI-powered systems in production, including multi-step agentic workflows, tool use integration, prompt engineering with systematic evaluation, and reliability engineering for non-deterministic outputs
• Experience building evaluation frameworks to measure correctness and safety of AI-generated code is highly valued
• Deep understanding of APIs, system design, and cloud infrastructure (AWS preferred)
• Experience working with data pipelines, ETL systems, or high-volume data processing with the Blueberry framework
• Strong ownership mindset with the ability to lead projects independently, drive technical design discussions, and make architecture decisions.
• Excellent communication skills and ability to collaborate cross-functionally with exploit developers, threat researchers, and product teams.

Preferred Qualifications

• Prior cybersecurity work experience (at a vendor or in government).
• Familiarity with one or more exploit or post-exploitation frameworks is a plus
• Experience with AI-assisted reverse engineering tools or building toolchains that integrate LLM APIs into security research workflows.

*IMPORTANT NOTE: This position may involve access to technology subject to U.S. export control regulations. Employment is contingent upon the company's ability to authorize access under applicable export control, sanctions, and any other applicable legal or contractual requirements. The company does not guarantee and is under no obligation to seek such authorization if it would be necessary.

What We Offer

We believe people do their best work when they feel supported, trusted, and valued. VulnCheck offers benefits designed to meet a wide range of needs and lifestyles.

Benefits and Perks

• Competitive salary with employee equity program
• Health, dental, and vision coverage
• Unlimited PTO
• 401(k) plan
• Remote friendly environment with flexibility
• Expense reimbursement for home internet and phone
• Ongoing professional development, coaching, and learning resources
• Opportunities for career advancement within a fast-growing team

Why Join Us

Built on over two decades of cybersecurity experience, our team of experts understands the intricacies of vulnerabilities, their exploitation in the wild, and how to leverage this data to build more effective cybersecurity products that produce better outcomes for organizations.

VulnCheck gives organizations a tactical advantage by providing best-in-class exploit & vulnerability intelligence information. We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2021 in Lexington, Massachusetts.

VulnCheck has a transparent, collaborative, and supportive culture — we are looking for people who have a growth mindset, are curious and innovative. Our team is smart, but humble, hardworking, and supportive.

VulnCheck is proud to be an Equal Opportunity Employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. VulnCheck is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities.

Vulnerability & Threat Intelligence Analyst

Location: Cheltenham, UK
Team: Research
Employment Type: Full-Time, Remote

About VulnCheck

VulnCheck is transforming vulnerability intelligence by helping security teams act faster and with more confidence. Our platform delivers early, high-quality exploit intelligence, deep asset correlation, and contextual insights to help organizations stay ahead of emerging threats.

About the Role

Are you a security researcher who enjoys analyzing large volumes of threat intelligence data to identify and validate exploited vulnerabilities, active exploits, threat actors, malicious infrastructure, and indicators of compromise (IOCs)?

We are expanding our Threat Intelligence team and are looking for a detail-oriented analyst to join VulnCheck.

What You’ll Do

• Analyze diverse threat intelligence sources to identify and confirm:
• Exploited vulnerabilities (KEVs)
• Exploits and proof-of-concepts (PoCs)
• Threat actors, Botnets and Ransomware campaigns
• Malicious hosts, domains and infrastructure
• Indicators of compromise (IOCs)
• Validate the accuracy and credibility of sources and findings
• Assess evidence of real-world exploitation
• Maintain structured, high-quality intelligence outputs

What You’ll Bring

• Ability to evaluate exploit PoCs; familiarity with scripting languages
• Experience with OSINT tools and resources
• Understanding of IOCs and how to identify them
• Ability to assess the credibility and validity of intelligence sources
• Strong understanding of CVEs, including:
• CVE assignment and validation
• Familiarity with CPE and scoring methodologies
• Experience working with structured data formats (e.g., JSON)
• High attention to detail and analytical rigor
• Familiarity with end-of-life (EOL) software data
• Experience with developer/security tooling (e.g., VS Code and extensions)
• Familiarity with package ecosystems (NPM, NuGet, PyPI)

Preferred Qualifications

• Python scripting skills preferred
• Experience with prompt engineering is a plus

IMPORTANT NOTE: This position may involve access to technology subject to U.S. export control regulations. Employment is contingent upon the company's ability to authorize access under applicable export control, sanctions, and any other applicable legal or contractual requirements. The company does not guarantee and is under no obligation to seek such authorization if it would be necessary.

What We Offer

We believe people do their best work when they feel supported, trusted, and valued. VulnCheck offers benefits designed to meet a wide range of needs and lifestyles:

Benefits and Perks

• Unlimited PTO
• 401k plan with company match
• Comprehensive healthcare coverage
• Generous paid parental leave
• Remote friendly environment with flexibility
• Expense reimbursement for Cell Phone & Internet 
• Ongoing professional development, coaching, and learning resources
• Opportunities for career advancement within a fast-growing team

Why Join Us

Built on over two decades of cybersecurity experience, our team of experts understands the intricacies of vulnerabilities, their exploitation in the wild, and how to leverage this data to build more effective cybersecurity products that produce better outcomes for organizations.

VulnCheck gives organizations a tactical advantage by providing best-in-class exploit & vulnerability intelligence information. We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2021 in Lexington, Massachusetts.

VulnCheck has a transparent, collaborative, and supportive culture - we are looking for people who have a growth mindset, are curious and innovative. Our team is smart, but humble, hardworking, and supportive.

VulnCheck is proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. VulnCheck is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. *Even if your experience doesn’t perfectly align with the job description, we encourage you to apply—we value potential just as much as a perfect resume.

About VulnCheck

VulnCheck is transforming vulnerability intelligence by helping security teams act faster and with more confidence. Our platform delivers early, high-quality exploit intelligence, deep asset correlation, and contextual insights to help organizations stay ahead of emerging threats.

About the Role

VulnCheck is looking for a Senior Exploit Developer with a background in reverse engineering and exploit development. This role is on our Initial Access Intelligence team, which delivers exploits and related artifacts designed to give VulnCheck customers visibility into exploitation from exposure through execution and detection. You’ll work with a seasoned team of hackers and threat researchers to help global enterprises, governments, and intelligence firms defend against emerging threats and get ahead of the attacker curve. 

While initial access vulnerabilities are our main focus area, you’ll also have the opportunity to work on a variety of local and other exploits, as well as our open-source go-exploit framework. Although this is a 100% remote role, we will prioritize candidates based in one of our U.S. hubs in Massachusetts, Maryland, or Austin, TX.

Why Join VulnCheck?

VulnCheck stands behind its mission to influence how organizations worldwide understand, assess, and remediate security vulnerabilities - and to deliver intelligence-based solutions that change the world. 

You’ll be joining a collaborative, supportive environment that values intellectual curiosity, technical mastery, and personal growth. (And more - below) 

• Leverage your expertise: Work on cutting-edge threat intelligence initiatives that matter, alongside the top domain experts in the field.
• Shape the industry: Influence how vulnerabilities are classified, scored, mapped, and remediated at scale for enterprise customers and for the entire cybersecurity industry.
• Grow your impact: Collaborate with global partners, lead high-visibility projects, and drive standards across the security community.
• Innovate and explore: Conduct research and develop tools for automating and improving vulnerability enrichment and mapping.

What You'll Do

• Reverse engineering software to discover the root cause analysis (RCA) of vulnerabilities.
• Authoring original software exploits for initial access vulnerabilities, when little or no publicly-available proof of concept code for exploiting such vulnerabilities exists.
• Implementing detections (such as Suricata & Snort signatures, YARA rules, etc.) for identifying such initial access vulnerabilities being exploited on the wire
• Writing Attack Surface Management (ASM) queries (e.g., Shodan, Census, FOFA, & ZoomEye) for finding vulnerable systems likely to be targeted

Why You'll Bring

• Prior experience with writing exploit code for RCE / initial access vulnerabilities (that do not require authentication to exploit)
• Experience working on technical projects remotely, alone, and on small teams

Preferred Qualifications

• Prior Cybersecurity work experience (at a vendor or in Government).
• Able to share example exploit code written.

*IMPORTANT NOTE: This position may involve access to technology subject to U.S. export control regulations. Employment is contingent upon the company's ability to authorize access under applicable export control, sanctions, and any other applicable legal or contractual requirements. The company does not guarantee and is under no obligation to seek such authorization if it would be necessary.

What We Offer

We believe people do their best work when they feel supported, trusted, and valued. VulnCheck offers benefits designed to meet a wide range of needs and lifestyles:

Benefits and Perks

• Unlimited PTO
• 401k plan with company match
• Comprehensive healthcare coverage
• Generous paid parental leave
• Remote friendly environment with flexibility
• Expense reimbursement for Cell Phone & Internet 
• Ongoing professional development, coaching, and learning resources
• Opportunities for career advancement within a fast-growing team

Why Join Us

Built on over two decades of cybersecurity experience, our team of experts understands the intricacies of vulnerabilities, their exploitation in the wild, and how to leverage this data to build more effective cybersecurity products that produce better outcomes for organizations.

VulnCheck gives organizations a tactical advantage by providing best-in-class exploit & vulnerability intelligence information. We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2021 in Lexington, Massachusetts.

VulnCheck has a transparent, collaborative, and supportive culture - we are looking for people who have a growth mindset, are curious and innovative. Our team is smart, but humble, hardworking, and supportive.

VulnCheck is proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. VulnCheck is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. *Even if your experience doesn’t perfectly align with the job description, we encourage you to apply—we value potential just as much as a perfect resume.

About VulnCheck

VulnCheck is transforming vulnerability intelligence by helping security teams act faster and with more confidence. Our platform delivers early, high-quality exploit intelligence, deep asset correlation, and contextual insights to help organizations stay ahead of emerging threats.

About the Role

VulnCheck is looking for a Senior Exploit Developer with a background in reverse engineering and exploit development. This role is on our Initial Access Intelligence team, which delivers exploits and related artifacts designed to give VulnCheck customers visibility into exploitation from exposure through execution and detection. You’ll work with a seasoned team of hackers and threat researchers to help global enterprises, governments, and intelligence firms defend against emerging threats and get ahead of the attacker curve. 

While initial access vulnerabilities are our main focus area, you’ll also have the opportunity to work on a variety of local and other exploits, as well as our open-source go-exploit framework. This is a 100% remote role but we're primarily looking for candidates in Cheltenham, United Kingdom.

Why Join VulnCheck?

VulnCheck stands behind its mission to influence how organizations worldwide understand, assess, and remediate security vulnerabilities - and to deliver intelligence-based solutions that change the world. 

You’ll be joining a collaborative, supportive environment that values intellectual curiosity, technical mastery, and personal growth. (And more - below) 

• Leverage your expertise: Work on cutting-edge threat intelligence initiatives that matter, alongside the top domain experts in the field.
• Shape the industry: Influence how vulnerabilities are classified, scored, mapped, and remediated at scale for enterprise customers and for the entire cybersecurity industry.
• Grow your impact: Collaborate with global partners, lead high-visibility projects, and drive standards across the security community.
• Innovate and explore: Conduct research and develop tools for automating and improving vulnerability enrichment and mapping.

What You'll Do

• Reverse engineering software to discover the root cause analysis (RCA) of vulnerabilities.
• Authoring original software exploits for initial access vulnerabilities, when little or no publicly-available proof of concept code for exploiting such vulnerabilities exists.
• Implementing detections (such as Suricata & Snort signatures, YARA rules, etc.) for identifying such initial access vulnerabilities being exploited on the wire
• Writing Attack Surface Management (ASM) queries (e.g., Shodan, Census, FOFA, & ZoomEye) for finding vulnerable systems likely to be targeted

Why You'll Bring

• Prior experience with writing exploit code for RCE / initial access vulnerabilities (that do not require authentication to exploit)
• Experience working on technical projects remotely, alone, and on small teams

Preferred Qualifications

• Prior Cybersecurity work experience (at a vendor or in Government).
• Able to share example exploit code written.

*IMPORTANT NOTE: This position may involve access to technology subject to U.S. export control regulations. Employment is contingent upon the company's ability to authorize access under applicable export control, sanctions, and any other applicable legal or contractual requirements. The company does not guarantee and is under no obligation to seek such authorization if it would be necessary.

What We Offer

We believe people do their best work when they feel supported, trusted, and valued. VulnCheck offers benefits designed to meet a wide range of needs and lifestyles.

Benefits and Perks

• Competitive salary with employee equity program
• Health, dental, and vision coverage
• Unlimited PTO 
• Pension Contribution 
• Remote friendly environment with flexibility
• Expense reimbursement for home internet and phone 
• Ongoing professional development, coaching, and learning resources
• Opportunities for career advancement within a fast-growing team

Why Join Us

Built on over two decades of cybersecurity experience, our team of experts understands the intricacies of vulnerabilities, their exploitation in the wild, and how to leverage this data to build more effective cybersecurity products that produce better outcomes for organizations.

VulnCheck gives organizations a tactical advantage by providing best-in-class exploit & vulnerability intelligence information. We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2021 in Lexington, Massachusetts.

VulnCheck has a transparent, collaborative, and supportive culture - we are looking for people who have a growth mindset, are curious and innovative. Our team is smart, but humble, hardworking, and supportive.

VulnCheck is proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. VulnCheck is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities.

About VulnCheck

VulnCheck is transforming vulnerability intelligence by helping security teams act faster and with more confidence. Our platform delivers early, high-quality exploit intelligence, deep asset correlation, and contextual insights to help organizations stay ahead of emerging threats.

About the Role

VulnCheck is looking for a Red Team Systems Administrator / Lab Manager to build, maintain, and operate the lab infrastructure that supports our vulnerability research team. This role is responsible for standing up and managing a research environment that includes networking equipment, IoT / OT devices, and the supporting compute, storage, and network infrastructure our researchers depend on to discover, analyze, and validate vulnerabilities.

You'll work closely with our exploit developers and threat researchers to ensure they have reliable, secure, and reproducible environments for testing against real-world hardware and software. The lab is central to VulnCheck's mission — our researchers need to move fast, and the infrastructure has to keep up. While this is a hybrid role, the position requires regular onsite management of physical lab equipment in the Fort Meade, MD area. 

What You'll Do

• Design, build, and maintain the physical and virtual lab infrastructure used by VulnCheck's vulnerability research team.
• Procure, configure, and manage networking equipment (routers, switches, firewalls, wireless access points) and IoT / OT devices used for security research and exploit validation.
• Manage lab network architecture — including segmentation, VLANs, out-of-band management, and isolated test environments to safely run exploit code against live devices.
• Administer Linux and Windows servers, hypervisors, and virtualization platforms (e.g., VMware, Proxmox, KVM) that host vulnerable software and services for testing.
• Maintain firmware libraries and device inventories, ensuring researchers have access to specific hardware and software versions needed for vulnerability analysis.
• Provide remote access infrastructure (VPN, jump hosts, remote console access) so distributed team members can interact with physical lab equipment.
• Automate environment provisioning, configuration management, and lab reset workflows using tools such as Ansible, Terraform, or similar.
• Monitor lab systems for availability, performance, and security — and respond to issues promptly.
• Collaborate with researchers to understand upcoming research targets and proactively prepare the lab environments they need.
• Manage vendor relationships for hardware procurement, warranties, and RMA processes.
• Document lab architecture, procedures, and runbooks to ensure operational continuity.

What You'll Bring

• 8+ years of experience in systems administration, lab operations, or infrastructure engineering.
• Strong hands-on experience with Linux system administration (Ubuntu, CentOS/RHEL, or similar).
• Solid networking fundamentals — TCP/IP, DNS, DHCP, VLANs, firewall configuration, and routing.
• Experience managing and configuring networking equipment (Cisco, Juniper, MikroTik, etc).
• Familiarity with IoT devices and embedded systems — comfortable working with serial consoles, JTAG, firmware flashing, and device provisioning.
• Familiarity with OT/ICS devices and protocols is a huge plus.
• Experience with virtualization and containerization technologies (VMware, Proxmox, KVM, Docker).
• Experience with configuration management and infrastructure-as-code tools (Ansible, Terraform, or similar).
• Ability to work independently and manage priorities across multiple concurrent research efforts.
• Strong documentation habits and clear written communication.
• Scripting skills in Python, Bash, or Go for automating lab workflows; familiarity with Go is a plus. 

Preferred Qualifications

• Experience using Claude or other AI models for task automation. 
• Prior experience supporting a security research, penetration testing, or red team lab environment.
• Prior cybersecurity work experience (at a vendor or in government).
• Experience managing physical lab infrastructure remotely, including out-of-band management (IPMI/iLO/iDRAC), remote PDUs, and KVM-over-IP.

*IMPORTANT NOTE: This position may involve access to technology subject to U.S. export control regulations. Employment is contingent upon the company's ability to authorize access under applicable export control, sanctions, and any other applicable legal or contractual requirements. The company does not guarantee and is under no obligation to seek such authorization if it would be necessary.

What We Offer

We believe people do their best work when they feel supported, trusted, and valued. VulnCheck offers benefits designed to meet a wide range of needs and lifestyles.

Benefits and Perks

• Competitive salary with employee equity program
• Health, dental, and vision coverage
• Unlimited PTO
• 401(k) plan
• Remote friendly environment with flexibility
• Expense reimbursement for home internet and phone
• Ongoing professional development, coaching, and learning resources
• Opportunities for career advancement within a fast-growing team

Why Join Us

Built on over two decades of cybersecurity experience, our team of experts understands the intricacies of vulnerabilities, their exploitation in the wild, and how to leverage this data to build more effective cybersecurity products that produce better outcomes for organizations.

VulnCheck gives organizations a tactical advantage by providing best-in-class exploit & vulnerability intelligence information. We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2021 in Lexington, Massachusetts.

VulnCheck has a transparent, collaborative, and supportive culture — we are looking for people who have a growth mindset, are curious and innovative. Our team is smart, but humble, hardworking, and supportive.

VulnCheck is proud to be an Equal Opportunity Employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. VulnCheck is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities.