Security Researcher
Baponi runs untrusted code from AI agents inside multi-layer sandboxes. You will work on the isolation, networking, and credential security that makes this possible at scale.
What we are looking for
- Deep Linux internals expertise. Namespaces, cgroups, seccomp-bpf, capabilities, FUSE, eBPF. You have built or broken systems at this layer.
- Rust is your primary language. You write production Rust. C and C++ fluency is expected for reading kernel code, analyzing CVEs, and interfacing with native libraries.
- Offensive security track record. You have found real vulnerabilities in production systems. Published CVEs or bug bounty results that demonstrate you think like an attacker.
- Networking at the packet level. DNS security, SSRF prevention, network segmentation. You have configured and audited network isolation in containerized or sandboxed environments.
- AI and LLM security awareness. You understand the threat landscape when AI agents execute arbitrary code: prompt injection, tool-use abuse, credential exfiltration.
- Product orientation. You can own a feature from design to production. You understand trade-offs between security posture and developer experience.
Strong signals
- You have filed CVEs or published security research.
- You have built or contributed to sandboxing, isolation, or container runtime projects.
- Experience with cloud-native security: Kubernetes, IAM, workload identity, network policies.
- Frontend experience (React/TypeScript). Not required, but means you can ship features end-to-end.
- You have worked at a company where security was the product, not a support function.
What you will do
- Ship production security code. Rust and occasionally C/C++ in the critical path: isolation enforcement, mount security, kernel interface hardening. You own it from design through deployment.
- Build security into the platform, not around it. Architect controls that are invisible to developers using the API but airtight under adversarial conditions.
- Run offensive assessments. Continuously test our sandboxing infrastructure from an attacker's perspective. Find gaps, close them, verify the fix.
Why Baponi
The problem is real and growing
Every tech company building AI agents needs to execute untrusted code safely. We are building the infrastructure that allows enterprises to run it securely in their own cloud so nothing leaves their boundaries.
Specialists who operate end-to-end
Every person at Baponi is a deep expert in their field. But everyone here also uses AI as a force multiplier to operate well beyond their title, whether that is engineering, sales, or marketing. You own your domain and move fast across others.
AI-native engineering
The team works with Claude Code daily as core infrastructure for how we work. We expect the same fluency from everyone who joins.
Fast pace, real output
Work ships within hours, not weeks. Minimal meetings, written communication, high autonomy.
What you get
- Meaningful equity
- Claude Code Max plan
- Annual travel budget for team meetups and conferences
- Hardware budget
- Flexible PTO
Last updated April 2026