About XBOW
At XBOW, we’re redefining the future of cybersecurity by building the world's first autonomous pentester, powered by AI. Today, the gold standard for securing software systems is human pentesters, but with the rise of artificial intelligence, we’re stepping up to scale offensive security to meet the ever-growing demand.
AI is transforming the landscape of both cybersecurity and cyberattacks. While millions of people without security expertise are creating software, bad actors are using AI to launch more effective attacks. XBOW fights back with AI-driven superpowers, enabling security teams to stay one step ahead.
What makes XBOW truly unique? Like human experts, it forges creative attacks, adapts its learnings, and continuously works to find vulnerabilities faster than anyone ever could. We’re not only simulating threats—we’re also finding and responsibly disclosing real-world vulnerabilities, ensuring organizations can fix issues before they’re exploited. XBOW isn’t just a tool; it’s a transformative force in the secure development lifecycle.
Backed by Sequoia Capital and a team that includes the creators of GitHub Copilot and GitHub Advanced Security, XBOW is not just keeping up with the times—we’re shaping the future of cybersecurity. Our mission is simple: to defeat the bad actors before they strike, using AI to revolutionize how we approach offensive security.
We’re building something that
must
be built, and we’re the team to do it. Join us in shaping the next frontier of autonomous security.
Your Role: Information Security Analyst, GRC
We’re looking for a detail-oriented, Governance, Risk & Compliance Analyst to help scale our security and trust function as we grow. In this role, you’ll play a key part in supporting customer and prospect security reviews, assessing third-party vendor risk, and continuously improving how we identify and manage risk across the business.
This is an individual contributor role with no initial people-management responsibilities. However, as the risk and compliance function matures, there is a clear opportunity for this role to grow in scope and responsibility.
You’ll work closely with Security, Engineering, Legal, Sales, and Customer teams, acting as a trusted partner in communicating our security posture and ensuring we meet customer and regulatory expectations.
What You'll Do
- Support customers and prospects by completing technical security questionnaires, risk assessments, and due-diligence requests
- Partner with Sales and Customer teams to explain XBOW’s security controls, architecture, and compliance posture
- Assess and manage third-party and vendor security risk, including reviews of SaaS providers and service partners
Who You Are
- 3–5+ years of experience in risk, compliance, security assurance, or related roles
- Hands-on experience completing or reviewing technical security questionnaires and customer risk assessments
- Familiarity and experience with common security and compliance frameworks (e.g. SOC 2, ISO 27001, NIST, FedRAMP)
- Comfortable assessing technical controls and working with engineers to understand system architecture
- Experience conducting or supporting vendor / third-party risk assessments
- Strong written communication skills, with the ability to explain complex security concepts clearly
- Highly organized and detail-oriented, with a pragmatic approach to risk
Bonus Points
- Experience working in a SaaS or security-focused company
- Security or risk certifications (e.g. CRISC, SOC2, ISO 27001 Lead Implementer, FedRAMP)
- Experience supporting a company through audit readiness or first-time compliance efforts
What We Offer
- Compensation & Equity: Competitive salary and meaningful stock options.
- Growth: Opportunity to learn from and collaborate with top security and AI experts
- Impact: Work on complex technical challenges that support the foundation of our company
- Remote-First:Work from anywhere, with regular opportunities to meet in person
What Else You Should Know
We’re a security company that builds with AI at the core - so you’ll be protecting a team that moves fast, iterates aggressively, and lives in the command line. If that sounds like your kind of environment, let’s talk.
