Job Specifications
What We Are Looking For
We are looking for a creative Cybersecurity Researcher who can both find real-world vulnerabilities in public code and designer practical protections. You’ll build PoCs (AST & LLM-based), hunt risky patterns in public repos, write clear blog posts, and help craft our CTF platform for conferences like DEFCON. If you love offensive research and build pragmatic defenses, we should talk.
Responsibilities
Research and discover new vulnerability classes in public repositories leveraging some code analysis tools.
Build reproducible PoCs demonstrating attacks and implement prototype protections (AST transforms, linters, static rules, and LLM-assisted remediations).
Design and implement detection rules and integrate them into developer workflows (IDE/CI).
Produce clear, engaging writeups: technical blog posts, disclosure advisories, and slide decks for events.
Design short, portable CTF challenges and demo content for booths and talks (DEFCON, AppSec Village, etc.).
Collaborate with product/engineering to turn research into product features and quality training modules.
Help maintain responsible disclosure processes when findings affect third parties or customers.
Qualifications
Master's degree in Computer Science or related field.
Proven experience (min 2-3 years) as a in a cybersecurity position.
Ability to write and understand code in various language.
Strong understanding of software architecture principles.
Proactive mindset with a passion for learning and staying updated on emerging technologies.
Portfolio of CTF done, vulnerability found, is a strong plus.
Experience working in an agile development environment is a plus.
French level B2 (mandatory), and professional English proficiency
Benefits
Competitive salary and equity options (BSPCE) from an early stage startup.
Health insurance fully covered.
€500 equipment budget to set up your ideal workspace (keyboard, mouse, etc.).
Swile meal card for lunch breaks.
RTT days on top of standard paid vacation.
Important opportunities for career advancement and professional development by being a pioneer within a new company.
Remote-friendly company: up to 2 days / week for people living near Paris.
Allowance for Sustainable Commuting (e.g., cycling, carpooling, public transport)
Strong product & engineering culture in the company.
Vibrant and inclusive company culture with regular team outings and events.
Chance to make a meaningful impact and shape the future of Symbiotic.
2000€ referral bonus.
About us
Symbiotic Security is a cybersecurity startup helping developers write secure code through an AI-powered assistant integrated into their IDE and CI/CD pipelines. Our solution has two unique strengths: it provides developers with interactive training to understand vulnerabilities as they code, and it automatically detects and remediates security flaws introduced by generative AI tools such as GitHub Copilot.
Founded in April 2024, we are currently a team of 16 based in Paris and 2 in New York.
Our product team brings together diverse profiles working collaboratively: fullstack engineers, AI engineers, cybersecurity experts, product managers, and product designers: all coming from different backgrounds.
The team :
Our product team brings together diverse profiles working collaboratively: fullstack engineers, AI engineers, cybersecurity experts, product managers, and product designers: all coming from different backgrounds.
MT – Lead Engineer
Abir – Engineering Manager
Édouard – CTO
Hiring Process
We respect your time and will make it quick and efficient. All of that will be completed within a week.
1 meeting with the TA - 30 minutes.
1 meeting with the CTO of the company - 45 minutes to 1 hour.
1 technical test - 1,5 hour (on site)
1 lunch or drink with the team
Formal hiring proposal.
About the Company
We secure AI coding at every step. From the first prompt to the final push, we enforce policy before code is written, instantly fix vulnerabilities after it’s created, and educate developers to build critical security thinking. Whether you’re vibe coding, accelerating with copilots, or scaling into agentic workflows, we deliver AI-native security that keeps you compliant, fast, and secure.
Know more