Cybersecurity Researcher (Application Security)

Cybersecurity Researcher (Application Security) Design, validate, and improve practical protections that help developers avoid introducing vulnerabilities, including those generated by AI coding assistants. Conduct offensive research to discover new vulnerability classes, build proof‑of‑concepts, and translate findings into robust, scalable defenses that are embedded in real developer workflows.

What We Are Looking For

Experience

– 2–3+ years in a cybersecurity role (offensive, defensive, or mixed).

Programming skills

– strong ability to read and write code in one or more languages.

Defensive design

– experience with detection rules (SAST, linters, SIEM, IDS/IPS), hardening applications, or building static‑analysis tooling.

Creativity

– passion to turn research into actionable security controls that get deployed.

Communication

– ability to produce clear blog posts, disclosure advisories, slide decks and to present in French (B2) and English.

Bonus

– portfolio of CTF participation, write‑ups, or discovered vulnerabilities; agile development experience; knowledge of ASTs and AI‑assisted remediations.

Responsibilities

Design, implement, and iterate on concrete defenses

– Build and refine prototype protections such as static rules, AST parsing for new languages, and LLM‑assisted remediations.

Integrate these protections into developer workflows (IDE plugin, CI‑integrated CLI, GitHub App) so they are actually used in practice.

Turn offensive findings into defensive controls

– Research and discover new vulnerability classes in public repositories using code‑analysis tools.

Build reproducible PoCs that demonstrate attacks and then translate them into actionable detection rules and remediation patterns.

Collaborate closely with product and engineering teams to convert research outcomes into product features and training modules.

Measure and improve effectiveness of defenses

– Define and track metrics such as detection coverage, false‑positive rates, and developer impact.

Continuously iterate on rules, protections, and workflows based on real‑world feedback.

Contribute to knowledge sharing and community presence

– Produce engaging write‑ups, technical blog posts, disclosure advisories, and slide decks for events.

Design short, portable CTF challenges and demo content for booths and talks (DEFCON, AppSec Village, etc.).

Help maintain responsible disclosure processes when findings affect third parties or customers.

Benefits & Culture

Competitive salary and equity options (ESOP) from an early‑stage startup.

Health insurance fully covered.

Swile meal card for lunch breaks.

RTT days on top of standard paid vacation.

Major opportunities for career advancement and professional development as an early team member.

Remote‑friendly: up to 2 days per week for people living near Paris.

Allowance for sustainable commuting (cycling, carpooling, public transport).

Strong product & engineering culture across the company.

Vibrant and inclusive company culture with regular team outings and events.

Chance to make a meaningful impact and shape the future of Symbiotic.

About Symbiotic Security Symbiotic Security is a cybersecurity startup that helps developers write secure code through an AI‑powered assistant integrated into their IDE and CI/CD pipelines. The solution provides interactive training to understand vulnerabilities as developers code and automatically detects and remediates security flaws introduced by generative AI tools such as GitHub Copilot. Founded in April 2024, the team currently consists of 16 people in Paris and 5 in New York.

Hiring Process We respect your time and keep the process quick and efficient. The full process typically fits within two weeks.

1 meeting with Talent Acquisition – 30 minutes.

1 meeting with the CTO – 45 minutes to 1 hour.

1 take‑home technical case.

1 on‑site case presentation – 1.5 hours.

1 lunch or drink with the team.

Formal hiring proposal.

Job Details Seniority level:

Mid‑Senior level

Employment type:

Full‑time

Job function:

Engineering, Information Technology, and Research Industries:

Computer and Network Security, Software Development

Location: Paris, Île‑de‑France, France (remote‑friendly: up to 2 days per week for people near Paris)

Referrals increase your chances of interviewing at Symbiotic Security by 2x.

#J-18808-Ljbffr