Cybersecurity Researcher

What We Are Looking For

We are looking for a
Cybersecurity Researcher with a strong defensive mindset
. Your primary mission will be to
design, validate, and improve practical protections
that help developers avoid introducing vulnerabilities, including those generated by AI coding assistants.

You will still conduct offensive research (discover new vulnerability classes, build PoCs), but always with the goal of turning these findings into
robust, scalable defenses
. You will build PoCs (AST- & LLM-based), hunt risky patterns in public repositories, write clear blog posts, and help craft our CTF platform for conferences like DEFCON.

If you care about offensive research
and even more about building pragmatic defenses that actually get deployed
, we should talk.

Responsibilities

• Design, implement, and iterate on concrete defenses
  Build and refine prototype protections such as static rules of detection, AST parsing for new languages, LLM-assisted remediations.
• Integrate these protections into developer workflows (IDE plugin, CLI integrated in the CI, Github App)) so they are actually used in practice.
• Turn offensive findings into defensive controls
  Research and discover new vulnerability classes in public repositories using code analysis tools.
• Build reproducible PoCs that demonstrate attacks and then translate them into actionable detection rules and remediation patterns.
• Collaborate closely with product and engineering to convert research outcomes into product features and high-quality training modules.
• Measure and improve effectiveness of defenses
  Define and track metrics such as detection coverage, false positive rates, and developer impact.
• Continuously iterate on rules, protections, and workflows based on real-world feedback.
• Contribute to knowledge sharing and community presence
  Produce clear, engaging writeups: technical blog posts, disclosure advisories, and slide decks for events.
• Design short, portable CTF challenges and demo content for booths and talks (DEFCON, AppSec Village, etc.).
• Help maintain responsible disclosure processes when findings affect third parties or customers.

Qualifications

• Master's degree in Computer Science or a related field.
• Proven experience (minimum 2–3 years) in a cybersecurity role (offensive, defensive, or mixed).
• Strong ability to
  read and write code
  in one or more programming languages.

• Solid understanding of software architecture principles and how vulnerabilities map to real systems.

• Experience in at least one of the following is a strong plus:

• Designing or tuning
  detection rules
  (SAST, linters, SIEM, IDS/IPS, custom static analysis, etc.).
• Hardening applications
  and translating findings into secure coding guidelines or guardrails.

• Working with ASTs, code analysis tools, or security-focused developer tooling.

• Proactive mindset with a passion for learning and staying up to date on emerging technologies and attack techniques.

• A portfolio of CTF participation, writeups, or vulnerabilities found is a strong plus.
• Experience working in an agile development environment is a plus.
• French level B2 (mandatory) and professional English proficiency (able to deliver a short presentation in a meeting).

Benefits

• Competitive salary and equity options (ESOP) from an early-stage startup.
• Health insurance fully covered.
• €500 equipment budget to set up your ideal workspace (keyboard, mouse, etc.).
• Swile meal card for lunch breaks.
• RTT days on top of standard paid vacation.
• Major opportunities for career advancement and professional development as an early team member.
• Remote-friendly: up to 2 days per week for people living near Paris.
• Allowance for sustainable commuting (e.g. cycling, carpooling, public transport).
• Strong product & engineering culture across the company.
• Vibrant and inclusive company culture with regular team outings and events.
• Chance to make a meaningful impact and shape the future of Symbiotic.
• €2,000 referral bonus.

Environment

Symbiotic Security
is a cybersecurity startup helping developers write secure code through an AI-powered assistant integrated into their IDE and CI/CD pipelines. Our solution has two unique strengths: it provides developers with interactive training to understand vulnerabilities as they code, and it automatically detects and remediates security flaws introduced by generative AI tools such as GitHub Copilot.

Founded in April 2024, we are currently a team of 16 based in
Paris
and 5 in
New York
.

Our product team brings together diverse profiles working collaboratively: fullstack engineers, AI engineers, cybersecurity experts, product managers, and product designers from different backgrounds.

TEAM

Our product team includes:

• MT – Lead Engineer
• Abir – Engineering Manager
• Édouard – CTO

Your work will directly
reduce real-world vulnerabilities shipped to production
by embedding effective defenses into developers' everyday workflows.

Hiring Process

We respect your time and keep the process quick and efficient. The full process typically fits within 2 weeks:

• 1 meeting with Talent Acquisition – 30 minutes.
• 1 meeting with the CTO – 45 minutes to 1 hour.
• 1 take-home technical case.
• 1 on-site case presentation – 1.5 hours.
• 1 lunch or drink with the team.
• Formal hiring proposal.