VULNARY
The Bench · By Invitation

We don't hire headcount. We keep an arsenal.

Vulnary runs lean and adversarial. When an engagement outgrows the core team, we don't scramble — we reach into a pre-vetted bench of operators we already trust. This is the door to that bench.

Apply to the bench → or email [email protected] directly
A · WHY THE BENCH

An elite network, not a roster.

Most consultancies grow by hiring people they then have to keep busy. We grew the other way: a tiny core of principals, an autonomous researcher that never sleeps, and a curated network of specialists we call in when the work demands a particular edge. You stay independent. We bring you the engagements your skills were sharpened for — and the proof-driven culture to do them in.

  • Real work, not bench-warming. You're called for engagements that fit your edge — overflow on Sprints and Campaigns, second pairs of eyes, specialist passes the core team can't cover alone.
  • Proof over paperwork. We sell working exploits and the fixes that end them — not risk scores. The culture rewards the operator who lands the shell, not the one who writes the longest caveat.
  • Stay independent. No exclusivity, no quota. You keep your own practice; we keep your number for when something interesting lands.
  • Work beside The Resident. Our autonomous adversary does the grind — recon, reconstruction, triage — so your hours go where the human edge actually matters.
B · WHAT WE LOOK FOR

Operators who land the proof.

We're discipline-agnostic about titles and obsessive about evidence. Show us something you broke. Depth in one of these wins over a shallow sweep of all four.

01
Penetration Testing
Walk the whole kill-chain, not the scanner's first door. Web, network, application, cloud — and the AI/agent layer most teams never test. End to end, proven.
  • web & network
  • cloud / AD
  • red-team ops
  • full kill-chain
02
Code Review
Read a codebase like an attacker. Reason across call-flows to the sink, and prove each finding with a working exploit — white-box or black-box, source or binary.
  • source audit
  • taint & call-flow
  • SAST triage
  • proof-driven
03
Exploit Development
Turn a flaw into a receipt. Discover the bug, weaponize a reliable PoC, and reverse what you have to along the way. Memory corruption to logic abuse.
  • CVE / 0-day
  • weaponized PoC
  • reverse engineering
  • fuzzing
04
Red-Team & LLM Attacks
Apply nation-state pressure to models, agents and pipelines: prompt injection, jailbreak automation, model extraction, guardrail bypass, agent abuse at scale.
  • prompt injection
  • jailbreak automation
  • model extraction
  • agent abuse

Self-taught and decorated welcome alike. We weight a public CVE, a clean write-up, a CTF podium, or a bug-bounty wall over any certification. Bring links.

C · THE MODEL

Apply. Screen. Stay on-call.

The bench is vetted, not crowdsourced. Everyone on it has been screened by a principal and proven they can land a result. Here's the path in.

  1. 01
    Apply

    Send your strongest evidence — a CVE, a PoC, a write-up, a CTF result, a repo. One real thing you broke beats a polished CV. No cover letters.

  2. 02
    Screen

    A principal reads your work. We're looking for depth, sound method, and proof — not breadth. If the work lands, you move forward.

  3. 03
    Interview

    A working conversation with the people you'd actually run beside — sometimes a small hands-on challenge in your discipline. Technical, candid, two-way.

  4. 04
    On the bench

    You join the vetted network as a trusted reference and on-call capacity. We reach out when an engagement needs your edge — overflow, specialist passes, second eyes. Independent, no quota.

D · APPLY

Think you'd sharpen
the bench?

No quota, no exclusivity. Send proof — we read every one.

VULNARYTHE BENCH
careers@vulnary.com
an elite bench, by invitation · proof over paperwork
Apply to the bench →