About this Senior Vulnerability Researcher role at Oak
We're reimagining enterprise Identity and Access Management from the ground up. Founded by serial entrepreneurs Shai Morag and Tal Marom and backed by a $60M seed round from Greylock, Accel, and CRV, we're building the next generation of identity security. Identity is the gateway to everything- who's let in, who's kept out, and it's now the number one attack vector in the enterprise. The tools built to govern it were designed for a slower world of human users and static environments. That world is gone. Identities are exploding across human, machine, and AI agents faster than legacy systems can track, and security teams are left patching together five disconnected tools that still can't answer "who has access to what, right now." We think the answer isn't another point solution- it's a new foundation. Oak is the AI-native Identity Operating System: an AI connector framework that reaches any application, a live identity graph built from raw evidence, and a team of AI agents that governs the full lifecycle of every identity in one platform. We're building Oak's AI-native core from day one-engineered for what enterprise identity is becoming, not patched onto what it used to be. And we're just getting started.
About the Role:
Oak's Vulnerability Research is the sharpest edge of our technical work - the team that takes systems apart to learn how they truly work, and where they break. We go deep into the mechanisms, protocols, and architectures that modern technology is built on, and we pressure-test the assumptions the rest of the industry takes for granted. Sometimes that work sharpens the platform, sometimes it stands entirely on its own, as an original research novelty.
As a Vulnerability Researcher, you'll build first-principles understanding of the technologies and systems you investigate, then go looking for what's wrong with them: the flawed assumptions baked into established paradigms, the gap between how a system is meant to behave and how it actually behaves, and the novel vulnerabilities and exploitation techniques no one has named yet. This is hands-on, deep technical work - reverse-engineering, breaking, and finding what's exploitable before an attacker does.
You'll have the room to follow the research where it leads, and the backing of an ecosystem created to set you up for success by providing every tool and access that could help.
Some threads will feed directly into how Oak understands what's genuinely exploitable, grounding the platform in real attacker reality rather than theoretical risk. Others will be pure discovery, pursued because the problem is hard and the finding truly matters, and published to move the field forward.
Either way, your work establishes Oak's authority in the field. Through original research, disclosures, and technical thought leadership, you'll build a body of work that earns the respect of the security community and sharpens how the industry thinks about what's truly secure.
What you will Do:
• Hunt for what established security paradigms miss: flawed assumptions, gaps between specified and actual behavior, and novel vulnerability classes and exploitation techniques that don't yet have names.
• Reverse-engineer and deeply understand systems, protocols, and architectures at the implementation level - developing a precise understanding of how they actually work, rather than what their designers intended.
• Develop hypotheses and convert them into working proof-of-concept exploits that demonstrate real-world risk before attackers do.
• Own research threads end-to-end, from an early exploration, developing and following hunches all the way through to a proof of concept, responsible disclosure or publication, following the evidence wherever it leads without waiting for a defined playbook.
• Ground Oak's understanding of exploitability in attacker reality - when research surfaces findings relevant to how the platform models identity attack surface across human and non-human identities, bring that signal in.
• Promote Oak's standing in the security community through original research, CVEs, and technical thought leadership that advances the field and earns trust on its merits.
What you will bring:
• 6+ years of hands-on vulnerability research, reverse engineering, or offensive security, with a proven track record of finding non-trivial flaws and the depth in systems, protocols, and architectures to understand precisely why they exist.
• A first-principles approach to how things actually work, not how they're documented to work: you pull the thread until you hit ground truth, and you're not satisfied until you do.
• The instinct and ability to see what others overlook - the unquestioned assumptions in established systems, the edges no one has tested, the failure modes that live in the gap between spec and implementation.
• End-to-end ownership of research: you drive hypotheses to conclusions through dead ends, changes of directions and reach hard proofs
• Strong hands-on expertise, converting theories and research into a working chain and proof of concept.
• Result driven depth: you go as far as a problem deserves, because the result is worth it, and you know when it is.
• A track record of original significant discoveries - published CVEs, novel vulnerability classes or exploitation techniques, research that named a problem the field didn't have words for yet.
Nice to have:
• History of presenting original research at Black Hat, DEFCON, OffensiveCon, Hexacon or a comparable security conference.
• Significant CVEs (CVSS High or Critical) under your name.