Research Team Lead

Location: Preference for Boston area (Hybrid/Flexible)
Reports to: CTO

Root helps companies secure containerized software without disrupting workflows or requiring extensive retooling. We embed into existing CI/CD pipelines and registries to automatically remediate vulnerabilities—not just detect them. Our core technology powers deep, in-place security for open source and container ecosystems.

At the center of this is Patch Platoon: our agentic system that performs patch research and backport generation for open source libraries. Patch Platoon explores public advisories, source code, and changelogs to autonomously generate and test security patches, providing practical fixes even where upstream patches don’t yet exist.

We’re looking for a hands-on and strategic Research Team Lead to drive Root’s agentic security research efforts. This role blends applied security research, AI/agentic system development, and software engineering—with a focus on turning innovation into production-level capabilities inside Patch Platoon and Root's broader platform.

You will build and lead a small, high-impact research team working on vulnerability detection, patch synthesis, and backport generation for real-world open source packages across ecosystems like Python, Go, Java, and C/C++. You’ll collaborate closely with Engineering, Product, and the CTO to convert research into reliable product functionality and cutting-edge automation.

• Build and lead Root’s research team focused on containerized and open source environments.
  
• Direct the evolution of Patch Platoon—designing workflows that allow AI agents to discover, synthesize, and validate security patches autonomously.
  
• Drive research into emerging threats, vulnerability patterns, and patch strategies across OSS ecosystems.
  
• Develop PoCs, patch candidates, and validation harnesses that integrate directly into Root’s remediation pipeline.
  
• Partner with Engineering to translate research into stable, repeatable capabilities embedded in the Root platform.
  
• Represent Root’s thought leadership in the security community through blogs, CVE disclosures, conference talks, and OSS contributions.
  
• Maintain strong feedback loops between real-world threat intelligence and Root’s remediation engine.
  

• 5+ years of experience in security research, vulnerability analysis, reverse engineering, or patch development.
  
• Deep understanding of Linux internals, container technologies (e.g., Docker, Kubernetes), and cloud-native architectures.
  
• Strong familiarity with open source ecosystems and package managers (e.g., pip, npm, apt, go mod).
  
• Hands-on experience building and debugging agentic systems, LLM-based workflows, or autonomous security tools.
  
• Proficiency in scripting and systems programming languages (e.g., Python, Go, C/C++).
  
• Demonstrated experience converting research into deployable, product-grade solutions.
  
• Experience mentoring or leading research-focused technical teams.
  
• Excellent collaboration and communication skills across technical and product stakeholders.
  
• Comfortable operating in a fast-paced, research-heavy startup environment.
  

• Experience building patch generators, diff analyzers, or backporting automation.
  
• Familiarity with software supply chain risks, CI/CD pipeline security, or SBOM/VEX tooling.
  
• Publications, CVEs, or talks at security conferences (e.g., Black Hat, DEF CON, Usenix, FIRST).
  
• Familiarity with open source security tooling (e.g., Trivy, Syft, osv-scanner).
  
• Based in the Boston area (or willing to travel occasionally to HQ).
  

• Shape the future of container and OSS vulnerability remediation through AI-powered automation.
  
• Help evolve the industry’s first production-grade agentic patch research and remediation system.
  
• Work closely with experienced founders and CTO in a high-trust, low-ego environment.
  
• Influence Root’s research and technical culture from the ground up.
  
• Competitive salary, early-stage equity, and full benefits package.