Role Description You’ll help build Clearwing: an AI-native cybersecurity system for autonomous vulnerability discovery, exploit validation, pen-testing, reverse engineering, and security reporting. You’ll combine hands-on offensive security work with LLM agent development, eval design, and product engineering. The ideal candidate can chase real bugs, validate exploitability, write production-quality Python, and turn exploratory research into repeatable security capabilities. - Develop AI-assisted vulnerability discovery workflows for source code, binaries, networks, and live systems. - Build and improve Clearwing’s source-code hunting, network pen-testing, N-day exploit, reverse engineering, and validation pipelines. - Design agentic workflows for reconnaissance, static analysis, dynamic testing, exploit development, patch validation, and reporting. - Perform static analysis to identify vulnerable patterns, reachable attack surfaces, and exploitability conditions. - Conduct authorized live testing against networks, services, containers, lab targets, and operational environments. - Develop and validate proof-of-concept exploits in controlled, authorized settings. - Build evaluation harnesses for vulnerability discovery quality, false positives, exploitability, reproducibility, and model/tool performance. - Improve safety, authorization, auditability, guardrails, and human-in-the-loop controls for dual-use cybersecurity capabilities. - Work with AI researchers and engineers to improve prompts, tools, agent loops, memory systems, scoring systems, and model-routing strategies. - Produce clear technical reports with evidence, reproduction steps, impact analysis, and remediation guidance. Qualifications - 3+ years of hands-on cybersecurity experience in vulnerability research, penetration testing, exploit development, reverse engineering, or security engineering. - Practical experience with at least two of: - Static analysis - Dynamic analysis - Binary exploitation - Web application security - Network penetration testing - Cloud/container security - Malware analysis or reverse engineering - Detection engineering - Strong Python skills and comfort building automation around security tools. - Familiarity with Linux, Docker, Kali/security tooling, Git, CI, and shell workflows. - Ability to reason from vulnerability signal to exploitability, impact, evidence quality, and remediation. - Experience working with LLMs, agents, prompt engineering, evals, or AI-assisted security workflows. - Strong written communication skills for technical findings, customer-facing reports, and internal research notes. - Clear judgment around authorization, responsible disclosure, and dual-use security tooling. Requirements - Experience with Ghidra, IDA, Binary Ninja, angr, Semgrep, CodeQL, Joern, AFL++, libFuzzer, ASan/UBSan, or OSS-Fuzz. - Experience developing exploits for memory corruption, deserialization, auth bypass, SSRF, RCE, sandbox escape, or supply-chain vulnerabilities. - Experience with CVE reproduction, N-day analysis, patch diffing, or exploit validation. - Experience building LLM agents, tool-using systems, ReAct loops, eval harnesses, or synthetic-data pipelines. - Familiarity with SARIF, CVSS, CWE, MITRE ATT&CK, MITRE CVE workflows, HackerOne/Bugcrowd-style disclosure, or government security reporting. - Experience with Rust, Go, C/C++, or systems programming. - Prior work with security products, autonomous agents, fuzzing infrastructure, or government/security customers. Benefits - Comprehensive benefits package, including health, dental, and vision insurance, as well as retirement savings plans. - Opportunities for growth and professional development. - A collaborative and supportive company culture that values diversity and inclusion. - Access to cutting-edge technology and resources for research and development. - Compensation (commensurate with experience): $180,000 - $200,000 (base salary) + equity.

Role Description Under limited supervision of the AVP Network Infrastructure, maintain and monitor reliability, performance, and security of the Credit Union’s computer systems and networking equipment to ensure corporate productivity. Maintains the security and availability of the systems that are used to serve the member. Evaluates new technology that can be used to provide increased efficiency, productivity or achieve compliance for the organization. - Vulnerability Assessments, patch management, virus/malware/rootkits protection, log management, user permissions, etc. - Restrict inbound and outbound traffic to only allow that traffic required to conduct business in a safe and secure manner. - Manage third party vendors connectivity into our network. - Oversee monthly vulnerability assessments of network. - Identify high risk systems and resolve in timely manner. - Insure all network devices are properly patched, including OS/IOS, software, and virus definitions. - Establish user privileges based on individual personnel job classifications and function. - Setup routine audits to insure user permissions are not being modified. - Manage user accounts, insuring accounts are terminated or deactivated appropriately and timely. - Data storage encryption. - Provides direction and guidance for all network team in all aspects of network architecture and security. - Is the go-to for all technical aspects, decision making in reference to maintaining and enhancing, maturing network system. - SAN administration, VMWare administration, Web Services administration, Database administration, Performance Monitoring of all systems with alerts established to actively manage network. - Be a contributing member of various project teams with the possibility of multiple team projects overlapping. - Manage your time and productivity to insure projects stay on task in time, cost, and scope. - Effectively work with project manager and stakeholders, maintaining communications. - Work to build redundancy in network to minimize risk and impact of disaster. - Ongoing testing of system and data restore to insure optimal processes are in place in the case of a disaster. - Participate in routine disaster recovery and business continuity exercises. - Insure critical data is saved to backup media and that media is regularly tested to insure no corruption is present. - Insure data replication between primary and subscriber systems. - Supports network team in troubleshooting operational issues, problem resolution, hardware, software installation, and support. - Treats all co-workers and members with respect. - Support and participate in continuous improvement activities. - Representing the Credit Union in a positive and professional manner. - Maintains member and other sensitive information with confidentiality. - Oversee inventory of network hardware and software including servers, switches, routers, firewalls and software licensing. - Work with Management to identify equipment that is outdated, fully depreciated, and in need of replacement. - Assist in the annual budgeting process of identify equipment to be replaced each fiscal year. - Insure Microsoft Server and SQL licensing is adequate. - Other related duties as assigned. - Oversee and accountable for the daily performance of our WAN/LAN network environment. - Routers: manage Cisco routers insuring devices are secure, access lists are properly defined, commented, and default settings set to deny all. - Firewalls: Manage perimeter firewalls, insuring the internal network remains secure and separate from the Internet. - Firewalls installed and properly configured at all points of contact to our internal network. - Voice over IP: Insure QoS across network for voice traffic. - Voice over IP: Insure adequate connections to the PSTN network are in place for SRST and normal business transactions. - Wireless network: insure wireless connections to the network are configured in a safe and secure manner. Management of remote users secure connections to our internal network. - Proper load balancing and failover configurations are in place on network circuits and testing is conducted on a regular basis. Qualifications - Minimum 7 to 10 years’ experience as a network and/or security administrator with a strong hands-on foundation of Cisco routing and switching architectures, DHCP/DNS, Cisco VPN and wireless solutions, IP Telephony and IP data security practices. - The incumbent is required to be highly qualified for a large variety of networking technologies, to possess excellent analytical skills and to demonstrate a high degree of interpersonal abilities. - Strong understanding of network protocols, traffic capturing and protocol analysis. - Hands on implementation, configuration, and management of security enterprise infrastructure. - Physical work experience with enterprise class firewalls, IDS and UNIX/Linux operating systems. - Excellent communications and interpersonal skills, and ability to work effectively with all organizational levels. - Able to work on multiple projects/priorities in a deadline-driven environment and adapt quickly to change. - Demonstrated ability to maintain a member service focus and attitude at all times. - A wide degree of creativity and latitude is expected. Preferred Qualifications - Ability to conduct research into a wide range of computing issues as required. - Ability to present ideas in user-friendly language to non-technical staff and end-users. - CCNA or CCNP certifications. - Information Security certifications (CISSP, CEH, MCSE). - Ability to absorb and retain information quickly. - Technical training on network infrastructure and network security. - Master’s degree preferred. Education - 4-year Bachelor’s, or similar discipline or years of service. Benefits - Medical - Dental - Vision - Life Insurance - Flexible Spending Account - 401(k) Matching - Paid Time Off - Training Provided - Tuition Reimbursement

• You will be responsible for leading the continuous improvement of the vulnerability management process throughout the software development lifecycle, defining and structuring workflows, roles, and prioritization criteria that link vulnerability discovery to remediation. • Your role will guide decisions on process efficiency and scalability based on strong technical experience and a broad process and systems perspective, acting as the link between technical teams, security leadership, and governance. • Structure and advance the Vulnerability Management program, ensuring integration with technical teams and security governance. • Define and apply a technical risk-based prioritization model that accounts for severity, exploitability, exposure, and business context. • Develop dashboards and metrics for executive and operational monitoring of vulnerability exposure. • Standardize technical inputs to support formal risk, exception, and risk-acceptance processes together with the GRC team. • Orchestrate forums and recurring rituals to track vulnerabilities with multidisciplinary teams.

Role Description We are seeking a Risk Engineer with strong technical acumen and practical experience in the vulnerability management space to design, prioritize, and enable risk-reducing technical solutions across complex cloud and enterprise environments. As a Cyber Security Engineer, you should have a strong technical background and demonstrate experience in vulnerability management, security architecture, and control engineering. This role emphasizes solution engineering over process engineering—using vulnerability intelligence, risk frameworks, policies, and controls as inputs to architect practical, automatable, and scalable technical safeguards. - Engineer technical vulnerability risk solutions that reduce operational, cyber, and resilience risk through architecture, automation, and control design. - Translate vulnerability risk requirements, policies, and standards into implementable technical patterns, guardrails, and reference architectures. - Prioritize and influence solution design decisions based on risk impact, blast radius, and recovery dependencies. - Partner with platform, cloud, security, and SRE teams to embed risk controls directly into infrastructure and pipelines. - Evaluate control effectiveness using technical signals and evidence, not just procedural compliance. - Support initiatives such as vulnerability discovery, exposure analysis, remediation workflow design, secure cloud architectures, isolated recovery environments, identity and access hardening, and infrastructure resilience. - Provide technical guidance on risk tradeoffs, recovery sequencing, and dependency-aware system design. - Work across broad vulnerability management capabilities, including scanners, asset and exposure data sources, prioritization models, remediation tracking platforms, exception workflows, and executive risk reporting. - Contribute to lightweight process definition where needed—but always in service of enabling better technical outcomes. Qualifications - Bachelor's Degree in Computer Science, Cybersecurity, Information Systems, Software Engineering, or a related technical field. - Master's Degree in a related field is preferred. - 7+ years in engineering, security engineering, platform engineering, SRE, vulnerability management, or technical risk roles. - Proven ability to design and influence technical solutions across cross-functional teams. - Hands-on experience with vulnerability management practices, including discovery, prioritization, remediation coordination, exception handling, and risk reporting. - Demonstrated problem-solving skills, analytical thinking, and the ability to explain complex technical risk concepts to non-technical audiences without losing fidelity. - Ability to work independently and as part of a team, operating comfortably between engineering teams and risk stakeholders. Requirements - Strong understanding of how risk manifests in distributed systems, cloud platforms, and automation environments. - Infrastructure as Code experience using Terraform. - Configuration management and automation experience using Ansible. - Programming and scripting proficiency in Python. - Hands-on experience with cloud platforms, specifically Google Cloud Platform (GCP) and/or Azure. - Ability to design and implement scalable, automatable security controls and remediation workflows across enterprise technology stacks. Preferred Experience - Experience with CI/CD pipelines and policy-as-code implementation. - Knowledge of cloud IAM, networking, and control plane security. - Experience with backup, recovery, and resilience architectures. - Familiarity with observability, logging, and evidence automation for control validation. - Experience with vulnerability scanners, exposure management platforms, and remediation workflow tooling. - Knowledge of ITIL-based IT Service Management (ITSM) practices. - Familiarity with Agentic AI Frameworks for security automation use cases. Benefits - Immediate medical, dental, and prescription drug coverage. - Flexible family care, parental leave, new parent ramp-up programs, subsidized back-up child care and more. - Vehicle discount program for employees and family members, and management leases. - Tuition assistance. - Established and active employee resource groups. - Paid time off for individual and team community service. - A generous schedule of paid holidays, including the week between Christmas and New Year’s Day. - Paid time off and the option to purchase additional vacation time.