Application Security Research Engineer
TOULOUSE, 31
il y a 1 jour
Application Security Research Engineer – Company is seeking an Application Security Research Engineer. In this role, you will lead a team of researchers and ethical hackers focused on offensive security testing, automated exploit discovery, and advanced application security research. Your work will directly influence the security posture of company products and help scale secure-by-design principles. This is a hands‑on technical role with a strong emphasis on offensive security, code exploitation, automation, and innovation.
What You Will Do
- Build and lead a team of security researchers and penetration testers.
- Help to reshape company Product Security.
- Plan and execute advanced penetration testing campaigns.
- Develop tools and frameworks for scalable security testing and fuzzing.
- Lead Security innovation by building and managing penetration testing tools and AI agents.
- Analyze vulnerabilities, perform root‑cause analysis, and develop proofs of concept.
- Identify systemic product weaknesses and help define long‑term mitigations.
- Collaborate with engineering teams to reproduce, triage, and fix vulnerabilities.
- Contribute to security research publications, CVE submissions, and industry knowledge sharing.
- Continuously evolve internal testing capabilities using modern tooling and AI‑assisted approaches.
Requirements
- Proven 2+ years of experience leading application security research teams (SaaS or software company).
- 7+ years experience in research and penetration testing.
- Strong coding skills and deep technical understanding of web, API, cloud‑native, and backend technologies.
- Knowledge and experience with AI and LLM penetration testing.
- Experience with penetration testing tools (Burp Suite, Metasploit, etc.) and custom security tools development.
- Familiarity with modern architectures (e.g., cloud, microservices, containers, Kubernetes).
- Familiarity with secure software architecture and typical attack vectors.
- Demonstrated ability to lead security testing engagements and report technical findings effectively.
- Experience building or integrating automated PT or fuzzing pipelines is a strong advantage.
- Knowledge and hands‑on experience with SSDLC tools and CI/CD pipelines.
- Publications or open-source contributions in the security domain are a plus.
Entreprise
Commit
Plateforme de publication
WHATJOBS
Offres pouvant vous intéresser
PARIS, 75
il y a 5 jours
PARIS, 75
il y a 19 jours
STRASBOURG, 67
il y a 18 jours
PARIS, 75
il y a 18 jours