Senior Cybersecurity Researcher

This position is based in Paris, France.ContextGitGuardian is a global pre-Series C cybersecurity startup.Among our early investors who saw our market value proposition, are the co-founder of GitHub, Scott Chacon, along with Solomon Hykes, Docker co-founder. American and European top-tier VC firms have also invested in GitGuardian.GitGuardian teams have developed a source code security platform for the DevOps generation. Our solutions are already used by more than 400K developers worldwide!We are seeking a highly skilled and motivated senior security researcher to join our team, focusing on addressing security challenges related to code and application security.Innovating in our field and showing deep expertise in cybersecurity topics is key to our success, your work will matter and will be advertised externally. MissionAs a cyber security researcher, you will conduct technical research, and run experiments. You are also expected to participate in the larger security community through blog posts, research papers and participation in industry conferences.This role involves staying up-to-date with the latest code security trends and techniques, as well as working closely with our development and product teams to design new security features and with our marketing team to develop technical long-form content.Researching and publishing on topics related to code security, providing technical expertise to other R&D teams, developing tools to support analysts in their day-to-day duties, and collecting technical artifacts about adversary activity.Analyzing, researching, and delving deep into the vast amount of data gathered by GitGuardian, technologies, tools, and products, existing and emerging, to understand how they work and how they can be utilized to build new solutions to user problems.Reproduce emerging vulnerabilities and provide actionable technical information.Author blog posts, research papers and conference presentations on topics and research in your area of expertise.Analyze our different datasets to extract insights that can be shared to the community.Some of the research fields would include:Secrets Leakage Analysis: Analyze historical code repositories to identify instances where secrets have been inadvertently leaked or been exposed. This could involve conducting forensic analysis of code commits, finding patterns, big leaks and potential attack surfaces.Vulnerability Research: Identify and analyze vulnerabilities in software code, libraries, and frameworks. This includes both known vulnerabilities (CVEs) and zero-day vulnerabilities.Threat Intelligence: Research emerging threats, attack vectors, and adversary tactics to stay ahead of potential security risks. This includes monitoring underground forums, analyzing threat actor behavior, and tracking new malware campaigns.Supply Chain Security: Investigate supply chain attacks and vulnerabilities within third-party components, dependencies, or libraries used in software development.RequirementsIf you think you match at least 70% of these criteria, please apply!5+ years experience working in a security engineer role (Application Security, Security Operations, Security Development), with 2+ years of those dedicated to research-related work.Experience in bugbounty, pentesting or red teaming is a mustKeen eye for identifying complex security problems in software and/or infrastructure, and defining their solutions.Ability to rapidly prototyping ideas.Proficiency in a scripting language (Python or Go).Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.? 25 days of PTO (employees are strongly encouraged to use all of it!)? Health, Dental & Vision insurance (80% coverage), for individuals and their families Short term & long term disability insurance (100% paid) Travel policy including to our annual off-sites ('23 was South of France!) Up to $300 towards your home office set-up Monthly remote work stipend $70 Complimentary access to Talk Space Referral bonus of $4000 for any new Guardians we might hire thanks to you 401(k) with SlavicAnd also... Becoming the first Security Researcher of the marketing team, with opportunities for career development in the long term Working on a meaningful product; we've already helped more than 400k developers across the globe Trust & autonomy on your perimeter with a very transparent internal communication and a strong impact on the company developmentRecruitment process1. Video call with a Talent Acquisition team memberTo discover your professional projects and evaluate if there could be a mutual match.2. Interview with Carole (CMO)To know more about yourself and your writing / publication achievements, and present to you the team.3. Final interview with Eric (CEO, co-founder)To assess your technical expertise in the security and development field, also to detail our company’s vision and ambitions for the next couple of years. Mackenzie (DevRel) will tell you about how GitGuardian works in this video !Our solutions are already used by hundreds of thousands of developers in all industries and GitGuardian platform is the n°1 security app on the GitHub marketplace ClientsGitGuardian helps organizations find exposed sensitive information that could often lead to tens of millions of dollars in potential damage.More than 80% of our customers are in the United States.Many F500 companies use GitGuardian's platform.PeopleThe Guardians are knowledgeable, committed, serious, aligned with the company’s mission, and true team players: always willing to help each other grow our skill sets!The team is diverse and we hail from more than 20 different countries.We are also agile, remote-friendly, and fun people to work with.GitGuardian is an equal opportunity employer committed to encouraging and celebrating its diverse and inclusive workforce. We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone.We welcome all without regard to age, race, color, religion, gender identity and expression, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, citizenship, national origin, disability, military status, veteran status, political affiliation, or any other protected characteristics. All aspects of employment will be solely based on merit and qualifications related to professional competence. GitGuardian operates on a principle of mutual respect and acceptance, and every employee must follow GitGuardian's anti-harassment and anti-discrimination company policies.We invite you to have a look at our Glassdoor profile for transparent reviews from our previous and current employees.Very pleasedVery dynamic company, and very friendly team. The technical level is quite high which is very stimulating. Open for remote work!Great spirit in a dynamic companyGitGuardian has a deep technical DNA. The culture is very much oriented towards knowledge sharing. The environment is sound: big ambitions without pressure from the top management.Good company to work for!Good projects with technical challenge, career progression, good salary.Great place to workApplication Security is exciting. Our products are really useful and customers love them. Great leadership. Competitive OTE, workplace flexibility and cool gatherings.GitGuardian is the code security platform for the DevOps generation.With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.Subscribe to our newsletter to receive the latest content and updates from GitGuardian. #J-18808-Ljbffr