Role Description 10a Labs' Investigations Team is looking for a Senior Cyber Investigator to support critical safety incidents and conduct investigations across a range of cyber abuse areas. This role requires deep cybersecurity subject-matter expertise to detect and respond to malicious activity, assess threat actor behavior at the organizational level, and handle escalated cases requiring senior technical judgment. Investigations may involve exposure to harmful or disturbing content, including malicious code, exploit development, and content designed to facilitate cyberattacks. - Detect and investigate malicious uses and cyber abuse, including cases involving scaled data extraction, ransomware, and local and remote exploits. - Conduct org-level analysis of threat actor behavior, identifying patterns across cases to inform detection and mitigation strategies. - Handle escalated and technically complex cases, applying senior cybersecurity expertise to assess real-world harm potential. - Query internal data sources using SQL and Python and cross-reference open-source information (OSINT) to support investigations. - Document and share investigative findings and recommendations with internal stakeholders and client teams. - Support quality and consistency across the investigations team, providing guidance to junior investigators on ambiguous cases. - Respond to reactive escalations and on-call leads, including those not caught by existing safety systems. Qualifications - At least 5+ years of experience in cybersecurity, threat intelligence, Trust & Safety, national security, defense, intelligence, or law enforcement domains. - Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience. - Familiarity with LLM systems and how AI technology can be misused for cyber operations. - Deep subject-matter expertise in one or more of the following: scaled data extraction, ransomware, local and remote exploits, or offensive security operations. - Strong ability to assess the real-world harm potential of technical content, distinguishing genuine offensive uplift from benign or educational security research. - Strong SQL and Python proficiency for querying data and supporting detection workflows. - Proven experience conducting org-level threat actor analysis across large datasets. - Ability to rapidly context-switch across domains, modalities, and abuse areas in a fast-paced, ambiguous environment. - Ability to clear an insider-threat background check. Preferred Qualifications - Experience with threat intelligence frameworks such as MITRE ATT&CK. - Background in dark web monitoring, OSINT, or cross-platform threat analysis. - Experience scaling and automating detection and mitigation processes. - Full professional proficiency in Arabic, Chinese, Farsi, Portuguese, Russian, or Spanish. - Relevant certifications such as OSCP, GREM, or GCTI. Benefits - Salary Range: $115K–$140K, depending on experience and location. - Work Environment: Fully remote, U.S.-based. - Health Benefits: Comprehensive health, dental, and vision coverage. - Time Off: Generous PTO and paid holiday schedule. - Retirement: 401(k) plan.

Role Description 10a Labs' Investigations Team is looking for a Cyber Investigator to support high-volume exchange labeling and investigations across a range of cyber abuse areas. This role requires a solid foundation in cybersecurity and a keen ability to assess whether technical content poses real-world harm. Investigations may involve exposure to harmful or disturbing content, including malicious code, exploit development, and content designed to facilitate cyberattacks. In this role, you will: - Review and label AI-generated exchanges to assess whether content provides meaningful offensive cyber uplift, distinguishing it from legitimate security research. - Investigate potentially policy-violating activity by querying internal data sources using SQL and Python and cross-referencing open-source information (OSINT). - Document and share investigative findings with internal stakeholders. - Respond to reactive escalations and on-call leads, including those not caught by existing safety systems. Qualifications - At least 1–3 years of experience in cybersecurity, Trust & Safety, national security, defense, intelligence, or law enforcement domains. - Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience. - Foundational knowledge of cyber threat concepts, including one or more of the following: scaled data extraction, ransomware, local and remote exploits, or offensive security operations. - Familiarity with LLM systems and how AI technology can be misused for cyber operations. - Ability to assess the real-world harm potential of technical content, distinguishing offensive uplift from benign or educational security research. - Strong SQL and Python proficiency for querying data and supporting investigations. - Ability to rapidly context-switch across domains, modalities, and abuse areas in a fast-paced, ambiguous environment. - Ability to clear an insider-threat background check. Requirements - Experience with threat intelligence frameworks such as MITRE ATT&CK. - Background in dark web monitoring, OSINT, or cross-platform threat analysis. - Full professional proficiency in Arabic, Chinese, Farsi, Portuguese, Russian, or Spanish. - Relevant certifications such as CompTIA Security+, CEH, or OSCP. Benefits - Salary Range: $80K–$105K, depending on experience and location. - Work Environment: Fully remote, U.S.-based. - Health Benefits: Comprehensive health, dental, and vision coverage. - Time Off: Generous PTO and paid holiday schedule. - Retirement: 401(k) plan.

Role Description You’ll help build Clearwing: an AI-native cybersecurity system for autonomous vulnerability discovery, exploit validation, pen-testing, reverse engineering, and security reporting. You’ll combine hands-on offensive security work with LLM agent development, eval design, and product engineering. The ideal candidate can chase real bugs, validate exploitability, write production-quality Python, and turn exploratory research into repeatable security capabilities. - Develop AI-assisted vulnerability discovery workflows for source code, binaries, networks, and live systems. - Build and improve Clearwing’s source-code hunting, network pen-testing, N-day exploit, reverse engineering, and validation pipelines. - Design agentic workflows for reconnaissance, static analysis, dynamic testing, exploit development, patch validation, and reporting. - Perform static analysis to identify vulnerable patterns, reachable attack surfaces, and exploitability conditions. - Conduct authorized live testing against networks, services, containers, lab targets, and operational environments. - Develop and validate proof-of-concept exploits in controlled, authorized settings. - Build evaluation harnesses for vulnerability discovery quality, false positives, exploitability, reproducibility, and model/tool performance. - Improve safety, authorization, auditability, guardrails, and human-in-the-loop controls for dual-use cybersecurity capabilities. - Work with AI researchers and engineers to improve prompts, tools, agent loops, memory systems, scoring systems, and model-routing strategies. - Produce clear technical reports with evidence, reproduction steps, impact analysis, and remediation guidance. Qualifications - 3+ years of hands-on cybersecurity experience in vulnerability research, penetration testing, exploit development, reverse engineering, or security engineering. - Practical experience with at least two of: - Static analysis - Dynamic analysis - Binary exploitation - Web application security - Network penetration testing - Cloud/container security - Malware analysis or reverse engineering - Detection engineering - Strong Python skills and comfort building automation around security tools. - Familiarity with Linux, Docker, Kali/security tooling, Git, CI, and shell workflows. - Ability to reason from vulnerability signal to exploitability, impact, evidence quality, and remediation. - Experience working with LLMs, agents, prompt engineering, evals, or AI-assisted security workflows. - Strong written communication skills for technical findings, customer-facing reports, and internal research notes. - Clear judgment around authorization, responsible disclosure, and dual-use security tooling. Requirements - Experience with Ghidra, IDA, Binary Ninja, angr, Semgrep, CodeQL, Joern, AFL++, libFuzzer, ASan/UBSan, or OSS-Fuzz. - Experience developing exploits for memory corruption, deserialization, auth bypass, SSRF, RCE, sandbox escape, or supply-chain vulnerabilities. - Experience with CVE reproduction, N-day analysis, patch diffing, or exploit validation. - Experience building LLM agents, tool-using systems, ReAct loops, eval harnesses, or synthetic-data pipelines. - Familiarity with SARIF, CVSS, CWE, MITRE ATT&CK, MITRE CVE workflows, HackerOne/Bugcrowd-style disclosure, or government security reporting. - Experience with Rust, Go, C/C++, or systems programming. - Prior work with security products, autonomous agents, fuzzing infrastructure, or government/security customers. Benefits - Comprehensive benefits package, including health, dental, and vision insurance, as well as retirement savings plans. - Opportunities for growth and professional development. - A collaborative and supportive company culture that values diversity and inclusion. - Access to cutting-edge technology and resources for research and development. - Compensation (commensurate with experience): $180,000 - $200,000 (base salary) + equity.

Role Description Under limited supervision of the AVP Network Infrastructure, maintain and monitor reliability, performance, and security of the Credit Union’s computer systems and networking equipment to ensure corporate productivity. Maintains the security and availability of the systems that are used to serve the member. Evaluates new technology that can be used to provide increased efficiency, productivity or achieve compliance for the organization. - Vulnerability Assessments, patch management, virus/malware/rootkits protection, log management, user permissions, etc. - Restrict inbound and outbound traffic to only allow that traffic required to conduct business in a safe and secure manner. - Manage third party vendors connectivity into our network. - Oversee monthly vulnerability assessments of network. - Identify high risk systems and resolve in timely manner. - Insure all network devices are properly patched, including OS/IOS, software, and virus definitions. - Establish user privileges based on individual personnel job classifications and function. - Setup routine audits to insure user permissions are not being modified. - Manage user accounts, insuring accounts are terminated or deactivated appropriately and timely. - Data storage encryption. - Provides direction and guidance for all network team in all aspects of network architecture and security. - Is the go-to for all technical aspects, decision making in reference to maintaining and enhancing, maturing network system. - SAN administration, VMWare administration, Web Services administration, Database administration, Performance Monitoring of all systems with alerts established to actively manage network. - Be a contributing member of various project teams with the possibility of multiple team projects overlapping. - Manage your time and productivity to insure projects stay on task in time, cost, and scope. - Effectively work with project manager and stakeholders, maintaining communications. - Work to build redundancy in network to minimize risk and impact of disaster. - Ongoing testing of system and data restore to insure optimal processes are in place in the case of a disaster. - Participate in routine disaster recovery and business continuity exercises. - Insure critical data is saved to backup media and that media is regularly tested to insure no corruption is present. - Insure data replication between primary and subscriber systems. - Supports network team in troubleshooting operational issues, problem resolution, hardware, software installation, and support. - Treats all co-workers and members with respect. - Support and participate in continuous improvement activities. - Representing the Credit Union in a positive and professional manner. - Maintains member and other sensitive information with confidentiality. - Oversee inventory of network hardware and software including servers, switches, routers, firewalls and software licensing. - Work with Management to identify equipment that is outdated, fully depreciated, and in need of replacement. - Assist in the annual budgeting process of identify equipment to be replaced each fiscal year. - Insure Microsoft Server and SQL licensing is adequate. - Other related duties as assigned. - Oversee and accountable for the daily performance of our WAN/LAN network environment. - Routers: manage Cisco routers insuring devices are secure, access lists are properly defined, commented, and default settings set to deny all. - Firewalls: Manage perimeter firewalls, insuring the internal network remains secure and separate from the Internet. - Firewalls installed and properly configured at all points of contact to our internal network. - Voice over IP: Insure QoS across network for voice traffic. - Voice over IP: Insure adequate connections to the PSTN network are in place for SRST and normal business transactions. - Wireless network: insure wireless connections to the network are configured in a safe and secure manner. Management of remote users secure connections to our internal network. - Proper load balancing and failover configurations are in place on network circuits and testing is conducted on a regular basis. Qualifications - Minimum 7 to 10 years’ experience as a network and/or security administrator with a strong hands-on foundation of Cisco routing and switching architectures, DHCP/DNS, Cisco VPN and wireless solutions, IP Telephony and IP data security practices. - The incumbent is required to be highly qualified for a large variety of networking technologies, to possess excellent analytical skills and to demonstrate a high degree of interpersonal abilities. - Strong understanding of network protocols, traffic capturing and protocol analysis. - Hands on implementation, configuration, and management of security enterprise infrastructure. - Physical work experience with enterprise class firewalls, IDS and UNIX/Linux operating systems. - Excellent communications and interpersonal skills, and ability to work effectively with all organizational levels. - Able to work on multiple projects/priorities in a deadline-driven environment and adapt quickly to change. - Demonstrated ability to maintain a member service focus and attitude at all times. - A wide degree of creativity and latitude is expected. Preferred Qualifications - Ability to conduct research into a wide range of computing issues as required. - Ability to present ideas in user-friendly language to non-technical staff and end-users. - CCNA or CCNP certifications. - Information Security certifications (CISSP, CEH, MCSE). - Ability to absorb and retain information quickly. - Technical training on network infrastructure and network security. - Master’s degree preferred. Education - 4-year Bachelor’s, or similar discipline or years of service. Benefits - Medical - Dental - Vision - Life Insurance - Flexible Spending Account - 401(k) Matching - Paid Time Off - Training Provided - Tuition Reimbursement