IT & Platform Security Engineer

About XBOW

At XBOW, we’re redefining the future of cybersecurity by building the world's first autonomous pentester, powered by AI. Today, the gold standard for securing software systems is human pentesters, but with the rise of artificial intelligence, we’re stepping up to scale offensive security to meet the ever-growing demand.

AI is transforming the landscape of both cybersecurity and cyberattacks. While millions of people without security expertise are creating software, bad actors are using AI to launch more effective attacks. XBOW fights back with AI-driven superpowers, enabling security teams to stay one step ahead.

What makes XBOW truly unique? Like human experts, it forges creative attacks, adapts its learnings, and continuously works to find vulnerabilities faster than anyone ever could. We’re not only simulating threats—we’re also finding and responsibly disclosing real-world vulnerabilities, ensuring organizations can fix issues before they’re exploited. XBOW isn’t just a tool; it’s a transformative force in the secure development lifecycle.

Backed by Sequoia Capital and a team that includes the creators of GitHub Copilot and GitHub Advanced Security, XBOW is not just keeping up with the times—we’re shaping the future of cybersecurity. Our mission is simple: to defeat the bad actors before they strike, using AI to revolutionize how we approach offensive security.

We’re building something thatmust be built, and we’re the team to do it. Join us in shaping the next frontier of autonomous security.

Your Role: IT & Platform Security Engineer

We’re looking for an experienced, hands-on IT and corporate security engineer to support and secure our internal systems, infrastructure, and workforce. You’ll help onboard new team members, manage devices and access, automate workflows, and ensure our compliance and security posture remains strong as we grow.

This is a deeply technical, individual contributor role. You’ll work across IT, devops, and internal security, partnering closely with engineering, legal, and leadership to keep our environment secure and efficient.

What You'll Do

• Configure and manage corporate devices, MDM, VPN, and secure endpoint access across a fully remote team

• Support onboarding/offboarding processes, with a focus on automation and scalability

• Maintain and secure core SaaS tools (Okta, Google Workspace, 1Password, etc.)

• Design and enforce access controls, identity management, and authentication policies

• Collaborate with engineering on IAM, AWS environment security, and internal tooling

• Help prepare for and maintain compliance with frameworks like SOC 2 and ISO 27001

• Monitor and respond to internal security events and incidents

• Document processes, playbooks, and policies to support a growing company

• Support developers with secure, reliable access to infrastructure and tools

Who You Are

• 5+ years of experience in IT, internal security, or devops roles

• Proficient with mobile device management (e.g. Mosyle, Jamf) and endpoint provisioning

• Hands-on experience with Okta, Google Workspace, and cloud IAM (especially AWS)

• Comfortable writing scripts to support automation and working with configuration management tools

• Experienced in managing access, authentication, and endpoint security across distributed teams

• Familiar with compliance requirements such as SOC 2, and comfortable aligning practices accordingly

• Security-minded and detail-oriented, with experience responding to incidents and hardening systems

• Proactive communicator who thrives in fast-paced, remote-first environments

Bonus Points

• Experience supporting engineering teams and developer tooling

• Familiarity with modern Mac fleet management

• Security certifications (e.g., CISSP, Security+)

• Background at a startup or helping a company go from early stage to audit-ready

What We Offer

• Compensation & Equity: Competitive salary and meaningful stock options.

• Growth: Opportunity to learn from and collaborate with top security and AI experts

• Impact: Work on complex technical challenges that support the foundation of our company

• Remote-First:Work from anywhere, with regular opportunities to meet in person

What Else You Should Know

• Location: Remote (all team members are remote but we meet regularly and you’re supported to travel to collaborate with colleagues in person)

• Contract: Full-time.

• Hiring Process:

  1. 30-min introductory chat.

  2. 30 minutes with one of our founders.

  3. 2-3 hour technical deep dive around relevant case study.

  4. 30-min final meeting with our CEO and founder, Oege de Moor.

We’re a security company that builds with AI at the core — so you’ll be protecting a team that moves fast, iterates aggressively, and lives in the command line. If that sounds like your kind of environment, let’s talk.