Research Team Lead

Location: Preference for Boston area (Hybrid/Flexible)

Root helps companies secure containerized software without disrupting workflows or requiring extensive retooling. We embed into existing CI/CD pipelines and registries to automatically remediate vulnerabilities —not just detect them. Our core technology powers deep, in-place security for open source and container ecosystems.

At the center of this is Patch Platoon : our agentic system that performs patch research and backport generation for open source libraries. Patch Platoon explores public advisories, source code, and changelogs to autonomously generate and test security patches , providing practical fixes even where upstream patches don’t yet exist.

We’re looking for a hands-on and strategic Research Team Lead to drive Root’s agentic security research efforts. This role blends applied security research , AI/agentic system development , and software engineering —with a focus on turning innovation into production-level capabilities inside Patch Platoon and Root's broader platform.

You will build and lead a small, high-impact research team working on vulnerability detection, patch synthesis, and backport generation for real-world open source packages across ecosystems like Python, Go, Java, and C/C++. You’ll collaborate closely with Engineering, Product, and the CTO to convert research into reliable product functionality and cutting-edge automation.

• Build and lead Root’s research team focused on containerized and open source environments.

• Direct the evolution of Patch Platoon —designing workflows that allow AI agents to discover, synthesize, and validate security patches autonomously.

• Drive research into emerging threats, vulnerability patterns, and patch strategies across OSS ecosystems.

• Develop PoCs, patch candidates, and validation harnesses that integrate directly into Root’s remediation pipeline.

• Partner with Engineering to translate research into stable, repeatable capabilities embedded in the Root platform.

• Represent Root’s thought leadership in the security community through blogs, CVE disclosures, conference talks, and OSS contributions.

• Maintain strong feedback loops between real-world threat intelligence and Root’s remediation engine.

• 5+ years of experience in security research, vulnerability analysis, reverse engineering, or patch development.

• Deep understanding of Linux internals, container technologies (e.g., Docker, Kubernetes), and cloud-native architectures.

• Strong familiarity with open source ecosystems and package managers (e.g., pip, npm, apt, go mod).

• Hands-on experience building and debugging agentic systems , LLM-based workflows, or autonomous security tools.

• Proficiency in scripting and systems programming languages (e.g., Python, Go, C/C++).

• Demonstrated experience converting research into deployable, product-grade solutions.

• Experience mentoring or leading research-focused technical teams.

• Excellent collaboration and communication skills across technical and product stakeholders.

• Comfortable operating in a fast-paced, research-heavy startup environment.

• Experience building patch generators, diff analyzers, or backporting automation.

• Familiarity with software supply chain risks, CI/CD pipeline security, or SBOM/VEX tooling.

• Publications, CVEs, or talks at security conferences (e.g., Black Hat, DEF CON, Usenix, FIRST).

• Familiarity with open source security tooling (e.g., Trivy, Syft, osv-scanner).

• Based in the Boston area (or willing to travel occasionally to HQ).

• Shape the future of container and OSS vulnerability remediation through AI-powered automation.

• Help evolve the industry’s first production-grade agentic patch research and remediation system .

• Work closely with experienced founders and CTO in a high-trust, low-ego environment.

• Influence Root’s research and technical culture from the ground up.

• Competitive salary, early-stage equity, and full benefits package.