This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
We are seeking a highly skilled and motivated senior security researcher to join our team and focus on addressing security challenges related to secrets in the new world of agentic AI. You'll join the cybersecurity research team. The team brings backgrounds from CISO roles, red teaming, penetration testing, development, and vulnerability research, with recent participation at major conferences such as Real World Crypto, SSTIC, Black Alps, Northsec and KubeCon. Day-to-day, you will investigate novel and existing tactics to find and abuse exposed credentials, then publish your findings as authoritative research. This means analyzing ongoing threats and attacks, exploring new exploitation techniques, and documenting emerging tactics. You will also collaborate with our engineering teams to identify ways to improve our products in terms of secret validation and coverage. This role requires cross-functional expertise, primarily in cybersecurity, as well as in software development and data analysis. You will collaborate closely with colleagues in the internal Security team and report to the cybersecurity research lead. You'll spend roughly 70% of your time on research and 30% producing content to share findings with the security community. As a researcher, you will track offensive trends and techniques, and work closely with our marketing team to produce 2–3 technical deep-dive articles or talks per quarter.
Job Responsibility
Investigate novel and existing tactics to find and abuse exposed credentials
Publish findings as authoritative research
Analyze ongoing threats and attacks
Explore new exploitation techniques
Document emerging tactics
Collaborate with engineering teams to identify ways to improve products in terms of secret validation and coverage
Track offensive trends and techniques
Work closely with marketing team to produce 2–3 technical deep-dive articles or talks per quarter
Requirements
5+ years of experience working in a security engineer role, with 2+ years dedicated to research-related work, or equivalent
Strong offensive security background (pentesting, vulnerability research, or red team experience) with the ability to think like an attacker and translate that into defensive insights
Experience with reverse engineering (binary analysis, malware inspection, malicious packages) and API/web security (OAuth, JWT, token validation, secret exposure patterns)
Comfortable working with modern infrastructure, such as cloud platforms (AWS, GCP, or Azure) or AI/LLM ecosystems, and able to assess their specific security implications
Leverage AI tools actively in your day-to-day research workflow, whether for automation, analysis, or accelerating prototyping
Proficient in at least one system or scripting language (Python, Go, or Rust), fluent with a terminal, and able to independently retrieve, transform, and analyze datasets to support research conclusions
Track down complex security problems in software and infrastructure and define their solutions
Enjoy hacking things and rapidly prototyping ideas
Drive research autonomously, identify topics, conduct investigations, and publish findings, while partnering with engineering and product teams to translate insights into platform improvements
Public research track record: CVEs, conference presentations, open-source tooling, or technical publications
Fluent in English (written and spoken), with strong communication skills: you can explain complex vulnerabilities clearly to both technical and non-technical audiences and present at international conferences
Nice to have
Understand supply chain security, including how attacks propagate through package registries (npm, PyPI, DockerHub), GitHub Actions workflows, and dependency automation tools
Experience monitoring ongoing attacks, correlating signals across multiple data sources, reconstruct breaches, and having published your findings to the security community
What we offer
Package that includes BSPCE
Lunch voucher (Swile, 12€ at 50%)
Sponsored Wellpass (gymlib)
Non-charged health insurance for children (Sidecare / Generali)
Up to €300 to improve your home office set-up
Yearly holiday allowance
Referral bonus of 4000€ for any new Guardian we might hire thanks to you
Team building: monthly budget dedicated to each employee that you can spend as you wish, with colleagues (latest examples to date: Michelin star restaurant, karaoke, stand-up show, kitesurfing week-end)
Remote policy: hybrid (3 days/week at the office in Paris)
Opportunities for career development in the long term