Make Our Products Brilliant: Feed research directly into product and engineering — work close to the roadmap and the codebase to sharpen how we detect, prioritise, and remediate, building capabilities that outclass the competition
Shape How Our AI Understands Risk: Translate deep threat research into the labels, signals, and product feedback that train our models to prioritise vulnerabilities like a seasoned researcher
Lead Our Security Research Function: Set the direction, standards, and methodologies for how Maze researches, validates, and prioritises cloud and application security threats, scaling a small team of researchers as we grow
Find Novel Vulnerabilities That Get Reach: Surface original research and build narratives — blog posts, technical talks, podcasts, video, conference presentations — that earn real reach and give Maze technical credibility with the security community
Build Authoritative Technical Intelligence: Produce detailed research on exploitation techniques, attack vectors, and remediation across cloud infrastructure and application security, enriched with CVE, advisory, and threat-intel sources
Set the Standard for Research Quality: Establish the frameworks and review processes that keep our vulnerability assessment consistent, defensible, and ahead of the threat landscape
Grow the Bench: Mentor and develop researchers, raising the technical bar of the team and creating a research culture others want to join
Requirements
Proven Security Research Depth: 6+ years in hands-on security research, with a strong track record investigating complex vulnerabilities, building proof-of-concepts, and validating real-world threats
Cloud & Application Security Expertise: Deep knowledge of cloud (AWS) and application security vulnerabilities, attack vectors, and how they actually get exploited at scale
Research That Ships as Product: A track record of turning research into product and engineering outcomes — working closely with eng, product, and ML teams to translate findings into shipped capabilities, not reports that sit on a shelf
A Public Track Record: Demonstrated ability to be the voice of security research externally — published research, conference talks, well-received technical content, or a recognised presence in the community
Vendor-Grade Perspective: Direct experience inside a security tooling or research organisation, with a view on what good research operations look like and how to build credibility in market
Technical Investigation Skills: Strong coding and scripting (Python, Go, or similar) for automating research, building validation tooling, and creating PoCs
Communication That Lands: Ability to translate complex security research for technical practitioners, customers, and internal AI/ML and product teams without losing rigour
Leadership Instinct: Experience leading or mentoring researchers, setting standards, and owning a domain end-to-end in a fast-moving environment
Startup Readiness: Comfortable operating with ambiguity and limited structure, prioritising ruthlessly, and building the function as you run it
Nice to haves: Experience with AI/ML security or working with AI-generated security findings
An established personal brand or following in the security research community
Open-source contributions to security tools or research
Experience setting up or scaling a research/labeling operation
Industry certifications (OSCP, AWS Security, CISSP, etc.)