Spellbook is the most comprehensive AI copilot for transactional lawyers. It works directly inside Microsoft Word to help legal teams draft, review, and negotiate contracts up to 10x faster and with greater precision. Today, more than 4,000 law firms, in-house teams, and solo practitioners rely on Spellbook to simplify their workflows and eliminate the drudgery of everyday contract work.

We are backed by leading investors including Khosla Ventures, Thomson Reuters Ventures, Inovia Capital, The LegalTech Fund, Bling Capital, and Moxxie Ventures. The company recently raised $50 million in Series B funding, led by Keith Rabois at Khosla Ventures, bringing its total funding to more than $80 million.

*This is an existing vacancy

ABOUT THE ROLE

Legal teams worldwide trust Spellbook with their most sensitive data, and we're looking for a Principal Security Researcher to help us protect that trust at the source. You'll partner with the Director of Security & IT and work across the company to identify security risks, validate real-world impact, and reduce risk across Spellbook's products, infrastructure, AI workflows, and internal operations.

This is a senior individual contributor role with broad influence. You'll move between original security research on legal AI and LLM-enabled workflows, hands-on offensive testing, secure product development partnerships with R&D and Engineering, and program-level work that raises the maturity of how Spellbook approaches red teaming, threat modelling, bug bounty triage, and incident response.

RESPONSIBILITIES

• Identify security risks across the company and partner with the relevant teams to reduce them.

• Lead active red teaming, application security testing, penetration testing, exploit validation, and adversarial analysis.

• Conduct original security research on legal AI, LLM-enabled products, sensitive document workflows, prompt injection, data leakage, model misuse, and tool abuse.

• Coordinate third-party penetration tests, red team exercises, audits, and other external security assessments.

• Own external vulnerability reports — bug bounty submissions, responsible disclosure reports, researcher communications, triage, validation, prioritization, and remediation tracking.

• Drive threat modelling and secure design reviews for new products, features, AI workflows, integrations, and infrastructure changes.

• Partner with R&D and Engineering to surface trust boundaries, abuse cases, and data exposure risks early in development.

• Support Security Operations during incident response by reproducing vulnerabilities, validating exploits, assessing impact, and recommending remediation.

• Engage with frontier AI labs, external researchers, vendors, and the broader security community to stay current on AI safety and security developments.

• Publish security research, advisories, technical writeups, blog posts, or conference talks where aligned with company priorities.

• Define and improve repeatable processes for security research, testing, vulnerability management, and remediation across Spellbook.

• Support with other responsibilities and projects as required.

QUALIFICATIONS

• Strong experience in application security, red teaming, penetration testing, vulnerability research, product security, or offensive security.

• Hands-on experience testing modern web applications, APIs, authentication flows, authorization models, cloud services, and distributed systems.

• Experience developing proof-of-concept exploits or clear technical demonstrations to validate security impact.

• Firm grasp of common software security risks, secure design principles, identity and access controls, data protection, and secure development practices.

• Experience partnering with engineering, product, or R&D teams to triage, prioritize, and remediate vulnerabilities end-to-end.

• Excellent written and verbal communication skills, with the ability to write clear technical reports, executive summaries, remediation guidance, and public-facing research, and to explain trade-offs to engineers, PMs, and leadership.

• Strong judgment around responsible disclosure, customer impact, confidentiality, and coordinated communication.

• Pragmatic at distinguishing theoretical risk from practical risk, with the instinct to help teams focus on what matters most.

• Comfortable operating with ambiguity and moving with urgency across hands-on testing, product security, incident support, and external coordination.

• Track record of driving measurable risk reduction in a fast-moving technical environment.

NICE TO HAVES

• Experience with AI security, LLM security, prompt injection, jailbreaks, agentic workflows, model abuse, or secure AI product development.

• Experience in legaltech, fintech, healthtech, or another environment that handles highly sensitive customer data.

• Experience managing or participating in bug bounty programs, responsible disclosure programs, or external researcher communities.

• Experience publishing security research, speaking at conferences, or contributing to the broader security research community.

• Familiarity with enterprise security expectations and compliance frameworks such as SOC 2, HIPAA, GDPR, or emerging AI governance frameworks.

WHY JOIN SPELLBOOK?

• Embrace autonomy and accountability in a flexible work environment; we focus on outcomes and empower you to determine how to get the job done

• Access our company-paid group benefits for you and your family, with $1,000 towards mental health support

• Disconnect during our holiday closure and take advantage of our generous time off policies throughout the year

• Enjoy monthly paid meals, an annual wellness allowance to support your well-being and parental leave top-ups as your family grows

• Secure your stake in our success; you’ll receive competitive stock option grants as a pivotal early employee

Inclusive Hiring at Spellbook

We are committed to creating an inclusive and supportive candidate experience. Should you require any accommodation whatsoever during the interview process, please inform us without any hesitation. Spellbook is dedicated to ensuring equal treatment and opportunity in all phases of recruitment, selection, and employment, in compliance with employment law. We do not discriminate based on gender, race, religion, national origin, ethnicity, disability, gender identity/expression, sexual orientation, veteran or military status, or any other protected category. Spellbook is proud to be an equal opportunity employer, fostering a culture of inclusivity and maintaining a work environment that is free from discrimination, harassment, and retaliation.

Use of Artificial Intelligence in Recruitment

Spellbook uses artificial intelligence (AI) responsibly to support administrative and efficiency-focused aspects of our recruitment process. This includes activities such as drafting job descriptions, generating interview questions, note-taking and recordings, and supporting sourcing and scheduling workflows. All candidate evaluations, interviews, and hiring decisions are made by members of the Spellbook team. While AI tools may assist with screening and assessment, they do not replace human judgment in selection decisions. Our use of AI is intended to streamline routine tasks, improve consistency, and enhance the overall candidate experience. We are committed to upholding principles of fairness, transparency, and accountability in all hiring activities. Spellbook regularly reviews its recruitment practices to mitigate bias and to ensure alignment with applicable laws and evolving best practices.

Our Compensation Philosophy

Spellbook uses industry benchmark data to establish compensation bands for all roles. The salary range listed for a position reflects the expected total wage range for the role—including base salary and on-target commissions, where applicable—and may span multiple career levels. Final compensation is determined during the interview process based on factors such as experience, skills, scope, and role level. In addition to base salary and applicable commissions, total rewards may include equity, health and wellness benefits, and other company programs. Full details will be shared during the interview process.

Compensation Range: CA$201.5K - CA$252K