Application Security Consultant (founding team)

At XBOW, we’re redefining the future of cybersecurity by building the world's first autonomous pentester, powered by AI. Today, the gold standard for securing software systems is human pentesters, but with the rise of artificial intelligence, we’re stepping up to scale offensive security to meet the ever-growing demand.

AI is transforming the landscape of both cybersecurity and cyberattacks. While millions of people without security expertise are creating software, bad actors are using AI to launch more effective attacks. XBOW fights back with AI-driven superpowers, enabling security teams to stay one step ahead. Our autonomous AI solves 75% of web app security benchmarks with zero human intervention—and at superhuman speed.

What makes XBOW truly unique? Like human experts, it forges creative attacks, adapts its learnings, and continuously works to find vulnerabilities faster than anyone ever could. We’re not only simulating threats—we’re also finding and responsibly disclosing real-world vulnerabilities, ensuring organizations can fix issues before they’re exploited. XBOW isn’t just a tool; it’s a transformative force in the secure development lifecycle.

Backed by Sequoia Capital and a team that includes the creators of GitHub Copilot and GitHub Advanced Security, XBOW is not just keeping up with the times—we’re shaping the future of cybersecurity. Our mission is simple: to defeat the bad actors before they strike, using AI to revolutionize how we approach offensive security.

We’re building something that must be built, and we’re the team to do it. Join us in shaping the next frontier of autonomous security.

We’re seeking a highly skilled Application Security Consultant to join our founding Services team as a key technical partner. You will work alongside Strategic Program Managers and Customer Success Managers to ensure customers realize the full value of XBOW through actionable, expert insights.

In this role, you’ll collaborate with a broad spectrum of stakeholders, including developers, AppSec engineers, and security leaders—both within customer organizations and internally.

• Leverage your understanding of XBOW’s attack methodologies to surface meaningful insights, especially where deep security expertise empowers customers to make confident, informed decisions

• Translate discovered exploits into business context and risk impact, guiding customers toward the most effective remediation strategies for their specific environments

• Communicate confidently across a range of personas, from developers and AppSec engineers to CISOs—adapting your style to meet their needs and priorities

• Influence product direction by identifying gaps between customer needs and current capabilities, working directly with our research and engineering teams to evolve how security insights are delivered at scale

• Build lasting customer relationships through technical depth and responsiveness—earning trust, driving satisfaction, and contributing to retention and expansion, even when you're not the primary account owner

• You have deep experience in application security, with a strong grasp of modern web technologies, common vulnerabilities (e.g., OWASP Top 10), and secure development practices

• You're skilled at translating technical findings into business impact and risk narratives that resonate with both engineers and executives

• You communicate with clarity and empathy, able to adjust your tone and depth whether you're speaking to a CISO, an AppSec lead, or a front-end developer

• You’re customer-obsessed: responsive, pragmatic, and always thinking about how to deliver maximum value

• You thrive in ambiguity and enjoy building from the ground up, whether that’s a new process, a customer engagement model, or feedback loop with Product

• You’re a team player who enjoys cross-functional collaboration and knows how to earn trust quickly

• You’re comfortable digging into a codebase, analyzing attack paths, and making confident recommendations without needing a detailed script

• Hands on experience in application security, offensive security, or a related technical security role

• Strong understanding of modern web architectures, authentication/authorization models, and common vulnerability classes (e.g., OWASP Top 10, business logic flaws)

• Proven ability to interpret and contextualize security findings, prioritizing based on real-world risk and business impact

• Hands-on experience collaborating with engineering and security teams to drive remediation and improve application posture

• Excellent communication skills, with the ability to tailor technical depth and tone to suit developers, security engineers, and executive stakeholders

• Comfortable analyzing source code, reviewing logs, and investigating exploitability without relying on prescriptive checklists

• Experience working directly with customers or clients in a consultative, advisory, or customer success capacity

• Ability to thrive in a fast-paced, ambiguous environment and contribute to early-stage team building and process development

• Prior red teaming, pentesting, bug bounty, or exploit development experience is a strong bonus

• Compensation & Equity: Competitive salary and a meaningful equity package—you’ll be a true owner in what we’re building

• Customer Impact: Help hundreds of customers succeed with AI-driven security at scale

• Career Growth: Shape how we deliver customer success in a high-volume, high-leverage environment.

• Mission-Driven Team: Join a company that’s not just following the AI wave—we’re defining what the future of security looks like

Location: Remote in the US (all team members are remote but we meet regularly and you’re supported to travel to collaborate with colleagues in person)

Contract: Full-time.

Hiring Process:

• 30-min introductory chat.

• Interview with our Head of Product & Customer Success (~60mins)

• Interview with our Head of Security

• Take home working session relevant to the role

• Presentation of working session artifacts

• Final conversation with our CEO and founder, Oege de Moor

We’re looking for someone who brings empathy, urgency, and clarity to the self-serve customer journey. If you’re excited to support our mission and help shape the future of scaled customer success at XBOW, we’d love to talk.

Even if you don’t meet every requirement, we encourage you to apply. We value curiosity, resilience, and people who are excited to build the future of security with us.