Senior CyberSecurity Researcher

Paris  

Hybrid / Full-time

Fledge

• Fractional Talent acquisition advisory
• Recruitment operation tools
• On-demand Talent sourcing expertise 

Job Summary

In this role, you will

• Day-to-day, you will investigate novel and existing tactics to find and abuse exposed credentials, then publish your findings as authoritative research. This means analyzing ongoing threats and attacks, exploring new exploitation techniques, and documenting emerging tactics. You will also collaborate with our engineering teams to identify ways to improve our products in terms of secret validation and coverage.

• This role requires cross-functional expertise, primarily in cybersecurity, as well as in software development and data analysis. You will collaborate closely with colleagues in the internal Security team and report to the cybersecurity research lead. You'll spend roughly 70% of your time on research and 30% producing content to share findings with the security community.

• As a researcher, you will track offensive trends and techniques, and work closely with our marketing team to produce 2–3 technical deep-dive articles or talks per quarter. Recent publications can be found on our security research blog.

About you:

• 5+ years of experience working in a security engineer role, with 2+ years dedicated to research-related work, or equivalent.

• Strong offensive security background (pentesting, vulnerability research, or red team experience) with the ability to think like an attacker and translate that into defensive insights.

• Experience with reverse engineering (binary analysis, malware inspection, malicious packages) and API/web security (OAuth, JWT, token validation, secret exposure patterns).

• Comfortable working with modern infrastructure, such as cloud platforms (AWS, GCP, or Azure) or AI/LLM ecosystems, and able to assess their specific security implications.

• Leverage AI tools actively in your day-to-day research workflow, whether for automation, analysis, or accelerating prototyping.

• Proficient in at least one system or scripting language (Python, Go, or Rust), fluent with a terminal, and able to independently retrieve, transform, and analyze datasets to support research conclusions.

• Track down complex security problems in software and infrastructure and define their solutions.

• Enjoy hacking things and rapidly prototyping ideas.

• Drive research autonomously, identify topics, conduct investigations, and publish findings, while partnering with engineering and product teams to translate insights into platform improvements.

• Public research track record: CVEs, conference presentations, open-source tooling, or technical publications.

• Fluent in English (written and spoken), with strong communication skills: you can explain complex vulnerabilities clearly to both technical and non-technical audiences and present at international conferences.

Nice to Have

• Understand supply chain security, including how attacks propagate through package registries (npm, PyPI, DockerHub), GitHub Actions workflows, and dependency automation tools.

• Experience monitoring ongoing attacks, correlating signals across multiple data sources, reconstruct breaches, and having published your findings to the security community.

Benefits

• Top of the market salary
• Equity plan  
• Relocation support
• 🏡 Remote policy: hybrid (3 days/week at the office in Paris)
• 📈 Opportunities for career development in the long term
• Etc.

How to Apply

🌈 Diversity, Equity, Inclusion and Belonging

ℹ️ Important