Cycode is an agentic application security company. AI writes the code - we secure and govern it. We bring together control, context, and autonomy to keep AI-driven development safe across the entire development lifecycle: code, secrets, dependencies, infrastructure-as-code, containers, and the CI/CD pipelines that tie them together - unified by our Context Intelligence Graph and a growing fleet of AI agents that fix risk at machine speed.
Our AI Research team builds the agents at the heart of that autonomy, and our work ships straight into the product: the Exploitability Agent that confirms whether a CVE is actually reachable, the Remediation Agent that generates PR-ready fixes with reasoning, the Graph Agent for natural-language queries over the development lifecycle, and Maestro - the AI teammate that orchestrates them across the vulnerability lifecycle. We're moving fast, and we want a security expert at the center of it.
About the role:
We're hiring a Senior Security Researcher to be the security authority behind our AI agents, and the person who decides what "good" means. As our agents take on more of the security workflow, the hardest question stops being "can we build it?" and becomes "is the agent actually right?" Answering that takes someone who understands how vulnerabilities are found, exploited, and remediated at a deep level, and who can turn that judgment into rigorous, repeatable benchmarks the whole team builds against. You'll own those benchmarks. You'll encode your security expertise directly into the agents - the guidelines, heuristics, and domain knowledge they reason with, and guide how they improve over time. You'll help us understand the real complexity behind the features we want to build, and break them into deliverable pieces. And you'll do it with a genuine appetite for experimental AI - comfortable getting your hands dirty with frontier models and agent tooling, not intimidated by it.
What you'll do:
What you'll bring:
Nice to have:
Why this role is different:
Most security research roles ask you to find problems. This one asks you to define the standard that autonomous agents are held to, and to shape, hands-on, how AI takes over real security work. You'll sit at the intersection of frontier AI and deep security expertise, with high autonomy and direct influence on what we build next.

Cycode’s AI-Native Application Security Platform unites security and development teams with actionable context from code to runtime to identify, prioritize, and fix the software risks that matter.
Powered by proprietary scanners, third-party integrations, and the Risk Intelligence Graph (RIG), Cycode delivers unified, correlated insight across the Software Factory. Its unique ability to sense, reason, and act with context in the AI-Era comes from its foundational convergence of AST, ASPM, and Software Supply Chain Security—purpose-built to secure both AI- and human-generated code.