root.io Inc.
Research Team Lead Boston, Massachusetts, United States
root.io Inc., Boston, Massachusetts, us, 02298
Location:
Preference for Boston area (Hybrid/Flexible) Reports to:
CTO About Root
Root helps companies secure containerized software without disrupting workflows or requiring extensive retooling. We embed into existing CI/CD pipelines and registries to
automatically remediate vulnerabilities —not just detect them. Our core technology powers deep, in-place security for open source and container ecosystems. At the center of this is
Patch Platoon : our agentic system that performs
patch research and backport generation
for open source libraries. Patch Platoon explores public advisories, source code, and changelogs to
autonomously generate and test security patches , providing practical fixes even where upstream patches don’t yet exist. About the Role
We’re looking for a
hands-on and strategic Research Team Lead
to drive Root’s agentic security research efforts. This role blends
applied security research ,
AI/agentic system development , and
software engineering —with a focus on turning innovation into production-level capabilities inside Patch Platoon and Root's broader platform. You will build and lead a small, high-impact research team working on vulnerability detection, patch synthesis, and backport generation for real-world open source packages across ecosystems like Python, Go, Java, and C/C++. You’ll collaborate closely with Engineering, Product, and the CTO to convert research into reliable product functionality and cutting-edge automation. Responsibilities
Build and lead Root’s research team focused on containerized and open source environments.
Direct the evolution of
Patch Platoon —designing workflows that allow AI agents to discover, synthesize, and validate security patches autonomously.
Drive research into emerging threats, vulnerability patterns, and patch strategies across OSS ecosystems.
Develop PoCs, patch candidates, and validation harnesses that integrate directly into Root’s remediation pipeline.
Partner with Engineering to translate research into stable, repeatable capabilities embedded in the Root platform.
Represent Root’s thought leadership in the security community through blogs, CVE disclosures, conference talks, and OSS contributions.
Maintain strong feedback loops between real-world threat intelligence and Root’s remediation engine.
Requirements
5+ years of experience in security research, vulnerability analysis, reverse engineering, or patch development.
Deep understanding of Linux internals, container technologies (e.g., Docker, Kubernetes), and cloud-native architectures.
Strong familiarity with
open source ecosystems and package managers
(e.g., pip, npm, apt, go mod).
Hands-on experience building and debugging
agentic systems , LLM-based workflows, or autonomous security tools.
Proficiency in scripting and systems programming languages (e.g., Python, Go, C/C++).
Demonstrated experience converting research into deployable, product-grade solutions.
Experience mentoring or leading research-focused technical teams.
Excellent collaboration and communication skills across technical and product stakeholders.
Comfortable operating in a fast-paced, research-heavy startup environment.
Nice to Have
Experience building patch generators, diff analyzers, or backporting automation.
Familiarity with software supply chain risks, CI/CD pipeline security, or SBOM/VEX tooling.
Publications, CVEs, or talks at security conferences (e.g., Black Hat, DEF CON, Usenix, FIRST).
Familiarity with open source security tooling (e.g., Trivy, Syft, osv-scanner).
Based in the Boston area (or willing to travel occasionally to HQ).
Why Join Root?
Shape the future of container and OSS vulnerability remediation through AI-powered automation.
Help evolve the industry’s first production-grade
agentic patch research and remediation system .
Work closely with experienced founders and CTO in a high-trust, low-ego environment.
Influence Root’s research and technical culture from the ground up.
Competitive salary, early-stage equity, and full benefits package. Create a Job Alert Interested in building your career at Root? Get future opportunities sent straight to your email. Apply for this job
* indicates a required field First Name * Last Name * Email * Phone Resume/CV Enter manually Accepted file types: pdf, doc, docx, txt, rtf Enter manually Accepted file types: pdf, doc, docx, txt, rtf
#J-18808-Ljbffr
Preference for Boston area (Hybrid/Flexible) Reports to:
CTO About Root
Root helps companies secure containerized software without disrupting workflows or requiring extensive retooling. We embed into existing CI/CD pipelines and registries to
automatically remediate vulnerabilities —not just detect them. Our core technology powers deep, in-place security for open source and container ecosystems. At the center of this is
Patch Platoon : our agentic system that performs
patch research and backport generation
for open source libraries. Patch Platoon explores public advisories, source code, and changelogs to
autonomously generate and test security patches , providing practical fixes even where upstream patches don’t yet exist. About the Role
We’re looking for a
hands-on and strategic Research Team Lead
to drive Root’s agentic security research efforts. This role blends
applied security research ,
AI/agentic system development , and
software engineering —with a focus on turning innovation into production-level capabilities inside Patch Platoon and Root's broader platform. You will build and lead a small, high-impact research team working on vulnerability detection, patch synthesis, and backport generation for real-world open source packages across ecosystems like Python, Go, Java, and C/C++. You’ll collaborate closely with Engineering, Product, and the CTO to convert research into reliable product functionality and cutting-edge automation. Responsibilities
Build and lead Root’s research team focused on containerized and open source environments.
Direct the evolution of
Patch Platoon —designing workflows that allow AI agents to discover, synthesize, and validate security patches autonomously.
Drive research into emerging threats, vulnerability patterns, and patch strategies across OSS ecosystems.
Develop PoCs, patch candidates, and validation harnesses that integrate directly into Root’s remediation pipeline.
Partner with Engineering to translate research into stable, repeatable capabilities embedded in the Root platform.
Represent Root’s thought leadership in the security community through blogs, CVE disclosures, conference talks, and OSS contributions.
Maintain strong feedback loops between real-world threat intelligence and Root’s remediation engine.
Requirements
5+ years of experience in security research, vulnerability analysis, reverse engineering, or patch development.
Deep understanding of Linux internals, container technologies (e.g., Docker, Kubernetes), and cloud-native architectures.
Strong familiarity with
open source ecosystems and package managers
(e.g., pip, npm, apt, go mod).
Hands-on experience building and debugging
agentic systems , LLM-based workflows, or autonomous security tools.
Proficiency in scripting and systems programming languages (e.g., Python, Go, C/C++).
Demonstrated experience converting research into deployable, product-grade solutions.
Experience mentoring or leading research-focused technical teams.
Excellent collaboration and communication skills across technical and product stakeholders.
Comfortable operating in a fast-paced, research-heavy startup environment.
Nice to Have
Experience building patch generators, diff analyzers, or backporting automation.
Familiarity with software supply chain risks, CI/CD pipeline security, or SBOM/VEX tooling.
Publications, CVEs, or talks at security conferences (e.g., Black Hat, DEF CON, Usenix, FIRST).
Familiarity with open source security tooling (e.g., Trivy, Syft, osv-scanner).
Based in the Boston area (or willing to travel occasionally to HQ).
Why Join Root?
Shape the future of container and OSS vulnerability remediation through AI-powered automation.
Help evolve the industry’s first production-grade
agentic patch research and remediation system .
Work closely with experienced founders and CTO in a high-trust, low-ego environment.
Influence Root’s research and technical culture from the ground up.
Competitive salary, early-stage equity, and full benefits package. Create a Job Alert Interested in building your career at Root? Get future opportunities sent straight to your email. Apply for this job
* indicates a required field First Name * Last Name * Email * Phone Resume/CV Enter manually Accepted file types: pdf, doc, docx, txt, rtf Enter manually Accepted file types: pdf, doc, docx, txt, rtf
#J-18808-Ljbffr