IT & Corporate Security Lead

About XBOW

At XBOW, we’re redefining the future of cybersecurity by building the world's first autonomous pentester, powered by AI. Today, the gold standard for securing software systems is human pentesters, but with the rise of artificial intelligence, we’re stepping up to scale offensive security to meet the ever-growing demand.

AI is transforming the landscape of both cybersecurity and cyberattacks. While millions of people without security expertise are creating software, bad actors are using AI to launch more effective attacks. XBOW fights back with AI-driven superpowers, enabling security teams to stay one step ahead. Our autonomous AI solves 75% of web app security benchmarks with zero human intervention—and at superhuman speed.

What makes XBOW truly unique? Like human experts, it forges creative attacks, adapts its learnings, and continuously works to find vulnerabilities faster than anyone ever could. We’re not only simulating threats—we’re also finding and responsibly disclosing real-world vulnerabilities, ensuring organizations can fix issues before they’re exploited. XBOW isn’t just a tool; it’s a transformative force in the secure development lifecycle.

Backed by Sequoia Capital and a team that includes the creators of GitHub Copilot and GitHub Advanced Security, XBOW is not just keeping up with the times—we’re shaping the future of cybersecurity. Our mission is simple: to defeat the bad actors before they strike, using AI to revolutionize how we approach offensive security.

We’re building something thatmust be built, and we’re the team to do it. Join us in shaping the next frontier of autonomous security.

Your Role: IT & Corporate Security Lead

We’re looking for a hands-on IT and corporate security specialist to support internal systems, mobile device management, developer infrastructure, and remote workers. The ideal candidate has experience working in a startup or small company while also having some enterprise exposure. This role requires deep technical expertise, particularly in AWS, Okta, and corporate security, with a focus on securing internal infrastructure and compliance (e.g. SOC 2) processes.

What You'll Do

• Own and operate all internal IT systems — from laptops to SaaS access to IAM

• Work closely with our engineering team to design and enforce internal security controls and policies

• Manage onboarding/offboarding workflows (automated where possible)

• Configure and maintain core tools like Okta, Google Workspace, MDM, VPN, etc.

• Partner with legal and leadership on compliance needs (SOC 2, ISO 27001, etc.)

• Manage internal security events, and incidents

• Continuously assess and harden internal security posture

• Build documentation and workflows that scale with the company

Who You Are

• Strong experience with internal IT systems, mobile device management (MDM), and developer infrastructure

• Hands-on corporate security experience, including access controls, endpoint security, and monitoring

• Experience setting up and managing network monitoring and logging solutions

• AWS experience, particularly around security, IAM, and infrastructure management

• Okta experience, including identity management, SSO, and authentication security

• Experience supporting remote workers, including VPN, device provisioning, and secure access

• Familiarity with compliance frameworks like SOC 2, helping align IT and security practices with compliance requirements

• Background in startups or small companies, with some exposure to enterprise environments

• Comfortable as an individual contributor, focusing on execution rather than managing teams

• Comfortable with remote working and async communication

Bonus Points

• Experience supporting fast-moving engineering orgs

• Familiarity with Apple Mac fleet management (e.g., Kandji, Mosyle, Jamf)

• Security certs (CISSP, Security+, etc.), but not required

• Helped a startup go from early-stage to audit-ready

What We Offer

• Compensation & Equity: Competitive salary and a generous equity package, making you a true owner of the company.

• Career Growth: Shape your role, lead the function, and grow with the company as we redefine cybersecurity.

• Meaningful Work: You will tackle technically complex challenges and play a pivotal role in the growth and security of our business, working alongside an amazing team and some of the world’s experts in AI and Security.

What Else You Should Know

• Location: Remote (all team members are remote but we meet regularly and you’re supported to travel to collaborate with colleagues in person)

• Contract: Full-time.

• Hiring Process:

  1. 30-min introductory chat.

  2. 30 minutes with one of our founders.

  3. 2-3 hour technical deep dive around relevant case study.

  4. 30-min final meeting with our CEO and founder, Oege de Moor.

We’re a security company that builds with AI at the core — so you’ll be protecting a team that moves fast, iterates aggressively, and lives in the command line. If that sounds like your kind of environment, let’s talk.