Job Specifications
Escape is on a mission to reinvent how we protect our applications against hackers. Backed by YC, and with a growing customer base including industry giants like Société Générale, Lightspeed, and the Olympic Games, we’re on the road for our Series A funding round.
Our growing team of 23 passionate Escapers is at the core of the company’s success, tackling profound tech challenges and driving innovation in cybersecurity.
We love to break down barriers and bring innovation from R&D to the final product stages. At Escape, every team member has the chance to take on important responsibilities that drive impact.
We believe it’s time to bring more AI-driven innovation to the cybersecurity field. We’d love your help in building this dream
We are seeking our first Offensive Security Lead to join Escape and play a key role in validating and enhancing our AI-powered Code-to-cloud ASM and DAST platform. This role is central to Escape's mission: ensuring our security scanners accurately detect real-world vulnerabilities by thinking like an attacker. You will lead offensive security initiatives, conduct penetration testing and red team operations on customer applications, and work closely with our Security Research and Scanners teams to continuously improve our detection capabilities.
As the Offensive Security Lead, you will be responsible for designing and executing sophisticated attack scenarios, validating scanner findings against real-world exploitation techniques, and translating your offensive research into actionable improvements for our platform. You will be the internal adversary who stress-tests our technology and helps our enterprise customers understand their true security posture.
Context
Location: Paris (75002), 2 days remote/week
Company: Escape – Leading AI Cybersecurity Startup
Cofounders: CEO (Tristan Kalos) and CTO (Antoine Carossio)
Engineering Team: 16 Engineers, 4 Technical Leads, 1 Product Owner, 3 Pentesters
You'll be building and leading the offensive security practice, managing a team of 3 red teamers while remaining hands-on with technical work
Key Responsibilities
Team Leadership & Management: Build, mentor, and manage a team of 3 red teamers, establishing offensive security best practices, methodologies, and quality standards. Foster a culture of continuous learning and technical excellence while ensuring operational efficiency.
Offensive Security Operations: Design and execute penetration tests, red team engagements, and adversary simulations against modern web applications, APIs, cloud infrastructure, and codebases to validate Escape's detection capabilities.
Research-to-Detection Pipeline: Collaborate with the Security Research team to discover novel attack techniques, validate vulnerability detection logic, and ensure our scanners catch what real attackers would exploit.
Customer-Facing Validation: Support enterprise customer engagements by demonstrating real-world exploitability of findings, conducting proof-of-concept attacks, and helping VP Security and Security Engineer personas understand risk severity.
Attack Scenario Development: Build realistic attack chains and scenarios that combine Code-to-cloud vulnerabilities, helping customers understand end-to-end exploitation paths from code to runtime.
Scanner Quality Assurance: Act as the final validator for scanner accuracy by attempting to exploit reported vulnerabilities, reducing false positives, and identifying false negatives through manual testing.
Offensive Tooling & Automation: Develop custom tools, exploits, and automated attack workflows that can be integrated into our continuous security validation processes.
Strategic Planning: Define the offensive security roadmap, prioritize testing initiatives, and allocate team resources to maximize impact on product quality and customer success.
Knowledge Transfer: Train Security Engineers and developers on offensive security techniques, helping them build security intuition and understand attacker perspectives.
Tech Stack
Target Environment: Modern web applications, REST/GraphQL APIs, cloud-native infrastructure (AWS/Kubernetes), CI/CD pipelines, container environments
Offensive Tools: Burp Suite, custom Python/Go exploits, browser automation (Playwright), Metasploit Framework, cloud pentesting toolkits (Pacu, ScoutSuite)
Languages: Python (primary), Go, Bash scripting, proficiency in reading/writing exploits in multiple languages
Infrastructure: Kubernetes (EKS), Docker, AWS services
Collaboration: GitLab, Slack, direct integration with our scanner codebase (Python/Go)
4+ years of experience: Proven experience in offensive security roles (Penetration Tester, Red Teamer, Security Researcher) with at least 1+ years in a leadership or team lead capacity. Strong track record of finding and exploiting real vulnerabilities in production environments while coaching others.
People Leadership: Demonstrated ability to build, mentor, and manage technical teams. Experience setting
About the Company
Escape is the only DAST that works with your modern stack and tests business logic instead of missing headers. It fits right into your modern stack, supporting modern web frameworks, APIs, CI/CD, and Wiz without hassle.
With Escape, you can:
1. Document all your APIs & Web Apps in minutes and enrich your inventory with seamless integrations.
2. Discover vulnerabilities even at a business logic level with our proprietary AI-powered algorithm.
3. Remediate issues efficiently with code snippets tailored to each framework
Know more