Application Security Engineer

At Konvu, we're on a mission to make security invisible, redefining vulnerability management for the agentic world.

As AI begins to generate, test, and deploy code autonomously, legacy security approaches break down. Konvu's AI agents reason like security engineers: automatically triaging noise, verifying exploitability with evidence, and helping teams focus on what truly matters.

Our agents plug directly into existing scanners and workflows, no rip-and-replace, no new dashboards. We deliver evidence-backed decisions where teams already work, cutting false positives and surfacing exploitable issues with confidence.

Founded by early members of Sqreen (YC W18, acquired by Datadog), we know what it takes to turn deep technical insight into tools developers and security teams actually use.

We've raised $5M in Seed funding and are backed by top European and US VCs, as well as leaders from companies like Datadog, GitHub, Docker, Cloudflare, Sumo Logic, and Vanta.

As a Application Security Engineer, you'll own the research and data that powers our automated triage and remediation engine. You'll:

• Define exploitability: Analyze CVEs, patches, and PoCs to determine what's actually exploitable in real-world applications.

• Enrich our vulnerability intelligence: Use LLMs, automation, and your own expertise to build a high-quality, continuously improving vulnerability knowledge base.

• Integrate human insight: Develop processes and tooling for human-in-the-loop validation to ensure high accuracy.

• Collaborate with engineers: Work closely with our engineering teams to embed security expertise directly into our AI-driven workflows.

• Stay ahead of threats: Track evolving vulnerability classes, attack techniques, and mitigation patterns to guide product accuracy and roadmap priorities.

We're hiring across levels: from builders early in their careers to seasoned engineers who've seen multiple products through scale. Our team today ranges from 3 to 25 years of experience, united by the same mindset: ownership, curiosity, and intensity.

You're someone with a passion for security, embodying ownership, curiosity, and intensity, with the analytical mind to turn raw intelligence into structured insights.

You likely have:

• 1+ year of experience in application security, vulnerability research, or exploit analysis.

• Strong grasp of CVE databases, patching processes, and exploit development fundamentals.

• Interest in how vulnerabilities map to real application impact: not just theoretical risk.

• Programming/scripting skills (Python, SQL, or similar) to automate research, validation, or data enrichment.

• Analytical mindset: you notice subtle patterns, inconsistencies, and edge cases others miss.

• Excellent written and verbal communication in English; you can explain complex vulnerabilities clearly.

• Eagerness to work onsite from our Paris office, collaborating closely with our founding team.

• Static/dynamic analysis tools, vulnerability scanners, or security automation.

• Building or contributing to open-source security research or datasets.

• 30-minute call with our CEO

• Technical exercise (vulnerability research or analysis task)

• 1-hour video call with our CTO

• Onsite interview with the team (2 hours total)

• Reference checks

We're building AI agents that redefine how security and engineering teams work. We're assembling a world-class team of builders who want to push what's possible in security and AI.

Here is what it's like to be working here

• Startup principles in action: we're shaped by YC principles, which means fast iteration, ownership from day one, and solving problems that matter. You'll actually see your impact every week.

• Globally minded from day one: Konvu was built from both sides of the Atlantic, combining European engineering excellence with American ambition. Our goal is simple: build a product loved by security and engineering teams, wherever they are.

• A culture of sharing and learning: our engineers don't just build, they also teach and grow. From technical posts to speaking at events like our Konvupéro meetups, you'll have space to grow and contribute beyond code.

• Hard, meaningful problems: You'll work on deep AI agent that reason about exploitability and risk and run reliably inside complex enterprise environments. It's the kind of engineering that pushes your limits and makes you proud of what you've built.

• Strong upside: We offer a competitive salary, meaningful equity, and comprehensive benefits so you can grow with the company you're helping build.

At Konvu, we deeply value diversity and are dedicated to fostering an environment where everyone feels supported and can thrive. To build a product that's loved by everyone, we need a team with all kinds of different perspectives, experiences, and backgrounds. This is why we are committed to hiring people from all walks of life.