Description

We’re Clover Security.

We’re building the future of product security. Our mission is to enable both humans and AI to build secure-by-design software, at scale, without slowing innovation.

We’re backed by $36M from Team8, Notable Capital, and SVCI, and trusted by multiple Fortune 500 companies.

But funding and logos don’t define us. People do.

Our About us page offers a real look at our culture, our values, and the people behind the product.

This is where you come in.

We’re looking for a Security Researcher to join our Research team and drive cybersecurity research at the intersection of Product Security and AI. You’ll investigate security risks in modern software development, including AI-assisted and agentic workflows, and translate research into product capabilities, customer guidance, and industry insights.

Requirements:

What You’ll Do

• Conduct deep technical research across codebases, architectures, integrations, data flows, permissions, and agentic workflows to identify product security risks that traditional scanners often miss.
• Investigate how AI coding agents, LLM-based workflows, and AI-assisted engineering practices change the way security risks are introduced, missed, prioritized, and remediated.
• Turn research into useful outputs, including product recommendations, customer-facing guidance, technical writeups, evaluation ideas, talks, and internal briefs.
• Maintain and evolve Clover’s threat-pattern corpus, security context modules, and research-backed detection logic.
• Work with product and engineering to translate findings into shipped capabilities, evals, onboarding materials, and go-to-market narratives.

What We’re Looking For

• Strong application or product security expertise, with the ability to reason across code, architecture, product behavior, and business context.
• A track record of owning research end-to-end: defining questions, doing deep technical work, forming a point of view, and producing useful artifacts.
• Strong threat modeling judgment, with experience using frameworks such as OWASP, STRIDE, or similar methodologies to identify and assess common AppSec risks.
• Heavy hands-on use of AI coding agents, LLM-based development workflows, or AI-assisted software engineering tools in real-world engineering/research environments.
• Strong communication skills, curiosity, independence, and the ability to turn research into outcomes that influence product, engineering, customers, or the market.

If this role excites you – even if you don’t check every box – we’d love to hear from you.