Security Researcher Mid-level
Escape · Paris, Île-de-France, France
- On site
- Full-time
- €70,000 / year
- Paris, Île-de-France, France
Job highlights
- Research new web app vulnerabilities and exploits.
- Translate attacks into automated detection logic.
- Refine detection algorithms for accuracy and precision.
- Develop production-grade detection logic for scanners.
- Collaborate with engineering teams for deployment.
About the role
Security Researcher
Escape is redefining application security with AI-driven detection and automation. Our Paris-based team is passionate about building real, production-grade cybersecurity solutions.
Your Role
As a Security Researcher, you’ll blend rigorous vulnerability research with hands-on engineering to advance the core of Escape’s automated detection platform. You’ll explore new attack surfaces, design accurate algorithms, and turn innovative research into scalable, impactful detection logic deployed at scale.
Key Responsibilities
- Identify new classes of vulnerabilities in web apps, APIs, and modern architectures.
- Reproduce real-world exploit techniques to deepen detection coverage.
- Translate manual attacks into automated detection logic.
- Design payload strategies and validation heuristics to power scalable scanning.
- Continuously refine detection algorithms for accuracy, precision, and credible signal—reducing both false positives and negatives.
- Transform research ideas into robust, production-grade detection logic suitable for large-scale scanning.
- Balance trade-offs between coverage, noise, duration, and resource costs to keep scanners efficient and reliable.
- Integrate detection logic with Scanners and Platform teams, ensuring seamless deployment in distributed production environments.
- Track emerging vulnerabilities (CVEs) and offensive research to strengthen Escape’s detection capabilities.
Tech Stack
- Languages: Go, Rust (production); Python (prototyping)
- Focus: Vulnerability discovery, detection algorithms, performance-oriented analysis
- Deployment: Outputs integrated into distributed, high-scale automated scanners
- Engineering: Emphasis on accuracy, applicability, and performance
Perks
- Significant equity (Stock Options/BSCPE)
- Top-tier health insurance
- Meal vouchers
- Sports subscription
- Continuous learning resources
- Premium equipment
- Free time for open source projects
- Conference opportunities (RSAC, BSides, BlackHat, DEFCON, APIDays)
About You
- Experience: 3–5 years in security research, pentesting, offensive security, or R&D-focused engineering.
- Web Security Skills: Deep working knowledge of web/app/API vulnerabilities (OWASP Top 10+); able to identify and reproduce real exploits.
- CS Fundamentals: Solid understanding of networking, systems, concurrency, parsing, etc.
- Languages: Proficient in at least one compiled language (Go, Rust, C/C++); able to quickly prototype in Python.
- Applied Mindset: Adept at translating research and security insights into detection logic with measurable business impact.
- Collaboration: Comfortable integrating research with engineering teams in high-scale, distributed environments.
- Curiosity & Rigor: Analytical, intellectually curious, detail-focused, and uncompromising on correctness and signal quality.
Ready to redefine application security with Escape? Apply and take part in the future of AI-powered cybersecurity!
Key skills/competency
- Vulnerability Research
- Detection Logic
- Algorithm Design
- Web Security
- API Security
- Python
- Go
- Rust
- Cybersecurity
- Offensive Security
Skills & topics
- Security Researcher
- Vulnerability Research
- Detection Logic
- Algorithm Design
- Web Security
- API Security
- Go
- Rust
- Python
- Cybersecurity
- Offensive Security
- AI
- Startup
- Paris
How to get hired
- Tailor your resume: Highlight your 3-5 years of security research and offensive security experience, emphasizing web/API vulnerability discovery and reproduction.
- Showcase your technical skills: Detail your proficiency in Go, Rust, or C/C++, and Python, along with your understanding of CS fundamentals and detection logic development.
- Quantify your impact: Provide examples of how your research translated into measurable business impact or improved detection accuracy.
- Research Escape's mission: Understand their AI-driven approach to cybersecurity and tailor your application to demonstrate alignment with their goals.
- Prepare for technical interviews: Be ready to discuss vulnerability research methodologies, algorithm design, and practical application of security principles.
Technical preparation
Master web and API vulnerability research.,Practice translating exploits into detection logic.,Develop algorithms for accuracy and performance.,Build projects in Go, Rust, or Python.
Behavioral questions
Describe a complex vulnerability you researched.,How do you ensure detection accuracy?,Explain translating research into code.,How do you handle false positives/negatives?
Frequently asked questions
- What is the primary focus of the Security Researcher role at Escape?
- The Security Researcher role at Escape focuses on blending rigorous vulnerability research with hands-on engineering to enhance the company's AI-driven automated detection platform. This involves identifying new vulnerabilities, translating attacks into detection logic, and refining algorithms for accuracy and scalability.
- What are the expected work arrangements for this Security Researcher position at Escape?
- This Security Researcher position at Escape is a hybrid role, based in Paris. Employees are expected to work 2 days remotely per week, with the remaining days on-site in the Paris office.
- What programming languages are most important for the Security Researcher at Escape?
- While prototyping in Python is common, proficiency in compiled languages like Go or Rust is essential for production-level detection logic. Experience with C/C++ is also beneficial.
- How does Escape support continuous learning for its Security Researchers?
- Escape supports continuous learning through access to books and online courses, as well as providing opportunities to present at major international cybersecurity conferences like RSAC, BlackHat, and DEFCON.
- What kind of experience is Escape looking for in a Security Researcher candidate?
- Escape is seeking candidates with 3-5 years of experience in security research, penetration testing, offensive security, or R&D-focused engineering. A deep understanding of web, app, and API vulnerabilities, along with strong CS fundamentals, is crucial.
- How can I best highlight my suitability for the Security Researcher role at Escape?
- To best highlight your suitability, focus on demonstrating your ability to translate complex research into practical, scalable detection logic. Emphasize your experience with web security, your proficiency in relevant programming languages, and your analytical and detail-oriented approach.