Principal Security Researcher

Spellbook is the most comprehensive AI copilot for transactional lawyers. It works directly inside Microsoft Word to help legal teams draft, review, and negotiate contracts up to 10x faster and with greater precision. Today, more than 4,000 law firms, in-house teams, and solo practitioners rely on Spellbook to simplify their workflows and eliminate the drudgery of everyday contract work.

We are backed by leading investors including Khosla Ventures, Thomson Reuters Ventures, Inovia Capital, The LegalTech Fund, Bling Capital, and Moxxie Ventures. The company recently raised $50 million in Series B funding, led by Keith Rabois at Khosla Ventures, bringing its total funding to more than $80 million.

*This is an existing vacancy

ABOUT THE ROLE

Legal teams worldwide trust Spellbook with their most sensitive data, and we're looking for a Principal Security Researcher to help us protect that trust at the source. You'll partner with the Director of Security & IT and work across the company to identify security risks, validate real-world impact, and reduce risk across Spellbook's products, infrastructure, AI workflows, and internal operations.

This is a senior individual contributor role with broad influence. You'll move between original security research on legal AI and LLM-enabled workflows, hands-on offensive testing, secure product development partnerships with R&D and Engineering, and program-level work that raises the maturity of how Spellbook approaches red teaming, threat modelling, bug bounty triage, and incident response.

RESPONSIBILITIES

• Identify security risks across the company and partner with the relevant teams to reduce them.

• Lead active red teaming, application security testing, penetration testing, exploit validation, and adversarial analysis.

• Conduct original security research on legal AI, LLM-enabled products, sensitive document workflows, prompt injection, data leakage, model misuse, and tool abuse.

• Coordinate third-party penetrati...