Corgea

Corgea finds, and fixes insecure code.

Security Researcher

$120 - $2200.25% - 0.75%San Francisco, CA, US / San Mateo, CA, US / Remote (US)
Job type
Full-time
Role
Engineering, Full stack
Experience
6+ years
Visa
US citizen/visa only
Skills
JavaScript, Python, Information Security, Software Security
Connect directly with founders of the best YC-funded startups.
Apply to role ›
Ahmad Sadeddin
Ahmad Sadeddin
Founder

About the role

Job Description

We’re looking for a Security Researcher who is passionate about uncovering, analyzing, and preventing vulnerabilities in modern software. This role sits at the intersection of AI, security research, and developer tooling. You’ll help shape how Corgea detects new classes of vulnerabilities and automate secure code analysis at scale.

This is a remote position based in the US (preferably in California or the San Francisco Bay Area).

What You’ll Be Doing

  • Research and design detection methods for emerging vulnerability classes across multiple languages and frameworks.
  • Analyze source code, binaries, and AI-generated code to identify new exploit patterns and attack surfaces.
  • Collaborate with our engineering team to integrate your research into Corgea’s AI-driven security engine.
  • Conduct security evaluations of open-source and enterprise applications to validate and refine Corgea’s models.
  • Stay current on the latest CVEs, exploit techniques, and security trends to inform product intelligence.

Who You Are

  • 4–8 years of experience in application security, offensive research, or secure software development.
  • Strong understanding of vulnerability classes (e.g., injection, deserialization, path traversal, auth bypass, XXE, SSRF, RCE).
  • Proficiency in one or more languages such as Python, Java, JavaScript/TypeScript, Go, or C/C++.
  • Experience with static or dynamic analysis tools, fuzzing, or reverse engineering is a plus.
  • Curiosity about how attackers think—and how AI can help defenders move faster.
  • Comfortable working autonomously in a fast-paced, research-driven startup.

Why You Should Apply

  • Competitive salary and equity package (0.50 % – 2.00 %).
  • Work on cutting-edge problems at the frontier of AI and cybersecurity.
  • Collaborate directly with leading engineers, researchers, and security experts.
  • Flexible hybrid schedule aligned with San Francisco time.

Diversity and Inclusion

At Corgea, we’re committed to diversity and inclusion. We assess all applicants based on merit, qualifications, competence, and talent—without discrimination of any kind.

About Corgea

Corgea helps engineers ship code and not vulnerabilities. It's an AI-powered SAST, unlike traditional SAST with tons of false positives, Corgea can find vulnerabilities like business logic flaws, API vulnerabilities, and broken authentication with little false positives (<5%). It also writes security fixes for engineers to approve.

Corgea
Corgea
Founded:2023
Batch:S23
Team Size:4
Status:
Active
Location:San Francisco
 
X (Twitter) logo
 
Founders
Ahmad Sadeddin
Ahmad Sadeddin
Twitter account
 
Founder