openteamtailorbalderton
Senior CyberSecurity Researcher, Paris
GitGuardian
LocationParis
Workplacehybrid
Posted2026-04-20T11:30:14+02:00
Last observed2026-06-29 00:42:34.369870
Job idbalderton-gitguardian:teamtailor:fc6f1063-e505-4e57-9789-107925db1e64
About GitGuardian GitGuardian is a global cybersecurity scale-up. The company is based in Paris, New-York City, Boston. Among our early investors who saw our market value proposition, are the co-founder of GitHub, Scott Chacon, along with Solomon Hykes , Docker's co-founder. American and European top-tier VC firms have also invested in GitGuardian. GitGuardian leads the way in Non-Human Identity security , offering end-to-end solutions from secrets detection in code, productivity tools and environments to strong remediation, observability and proactive prevention of leaks. Our solutions are already used by more than 600K developers worldwide! About your team and your mission We are seeking a highly skilled and motivated senior security researcher to join our team and focus on addressing security challenges related to secrets in the new world of agentic AI. You'll join the cybersecurity research team. The team brings backgrounds from CISO roles, red teaming, penetration testing, development, and vulnerability research, with recent participation at major conferences such as Real World Crypto, SSTIC, Black Alps, Northsec and KubeCon. Day-to-day, you will investigate novel and existing tactics to find and abuse exposed credentials, then publish your findings as authoritative research. This means analyzing ongoing threats and attacks, exploring new exploitation techniques, and documenting emerging tactics. You will also collaborate with our engineering teams to identify ways to improve our products in terms of secret validation and coverage. This role requires cross-functional expertise, primarily in cybersecurity, as well as in software development and data analysis. You will collaborate closely with colleagues in the internal Security team and report to the cybersecurity research lead. You'll spend roughly 70% of your time on research and 30% producing content to share findings with the security community. As a researcher, you will track offensive trends and techniques , and work closely with our marketing team to produce 2–3 technical deep-dive articles or talks per quarter. Recent publications can be found on our security research blog. About you If you think you match at least 70% of these criteria, please apply! Here's what we consider essential for success in this role: 5+ years of experience working in a security engineer role, with 2+ years dedicated to research-related work, or equivalent. Strong offensive security background (pentesting, vulnerability research, or red team experience) with the ability to think like an attacker and translate that into defensive insights. Experience with reverse engineering (binary analysis, malware inspection, malicious packages) and API/web security (OAuth, JWT, token validation, secret exposure patterns). Comfortable working with modern infrastructure , such as cloud platforms (AWS, GCP, or Azure) or AI/LLM ecosystems, and able to assess their specific security implications. Leverage AI tools actively in your day-to-day research workflow, whether for automation, analysis, or accelerating prototyping. Proficient in at least one system or scripting language (Python, Go, or Rust) , fluent with a terminal, and able to independently retrieve, transform, and analyze datasets to support research conclusions. Track down complex security problems in software and infrastructure and define their solutions. Enjoy hacking things and rapidly prototyping ideas. Drive research autonomously, identify topics, conduct investigations, and publish findings, while partnering with engineering and product teams to translate insights into platform improvements. Public research track record: CVEs, conference presentations, open-source tooling, or technical publications. Fluent in English (written and spoken), with strong communication skills: you can explain complex vulnerabilities clearly to both technical and non-technical audiences and present at international conferences. The following skills would strengthe
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.