The Role
Lead research into credential and secret-exposure threats for agentic AI. Perform offensive investigations, prototype exploits, analyze datasets, collaborate with engineering to improve secret validation, and publish 2-3 technical deep-dives or talks per quarter.
Summary Generated by Built In
Senior CyberSecurity Researcher
Paris Hybrid / Full-time
Fledge
Job Summary
In this role, you will
About you:
Nice to Have
Benefits
How to Apply
🌈 Diversity, Equity, Inclusion and Belonging
ℹ️ Important
Paris Hybrid / Full-time
Fledge
We are a boutique Talent search firm connecting exceptional Talent with the most innovative companies in the AI and software development industries across EMEA. Our clients are among companies with innovative products that have a positive impact on our societies and we present them with a solution model between fine consulting and flexible recruitment process outsourcing :
- Fractional Talent acquisition advisory
- Recruitment operation tools
- On-demand Talent sourcing expertise
Job Summary
We are seeking a highly skilled and motivated Senior Security Researcher to join our team and focus on addressing security challenges related to secrets in the new world of agentic AI.
You'll join the cybersecurity research team. The team brings backgrounds from CISO roles, red teaming, penetration testing, development, and vulnerability research, with recent participation at major conferences such as Real World Crypto, SSTIC, Black Alps, Northsec and KubeCon.
- Day-to-day, you will investigate novel and existing tactics to find and abuse exposed credentials, then publish your findings as authoritative research. This means analyzing ongoing threats and attacks, exploring new exploitation techniques, and documenting emerging tactics. You will also collaborate with our engineering teams to identify ways to improve our products in terms of secret validation and coverage.
- This role requires cross-functional expertise, primarily in cybersecurity, as well as in software development and data analysis. You will collaborate closely with colleagues in the internal Security team and report to the cybersecurity research lead. You'll spend roughly 70% of your time on research and 30% producing content to share findings with the security community.
- As a researcher, you will track offensive trends and techniques, and work closely with our marketing team to produce 2–3 technical deep-dive articles or talks per quarter. Recent publications can be found on our security research blog.
If you think you match at least 70% of these criteria, please apply!
Here's what we consider essential for success in this role:
- 5+ years of experience working in a security engineer role, with 2+ years dedicated to research-related work, or equivalent.
- Strong offensive security background (pentesting, vulnerability research, or red team experience) with the ability to think like an attacker and translate that into defensive insights.
- Experience with reverse engineering (binary analysis, malware inspection, malicious packages) and API/web security (OAuth, JWT, token validation, secret exposure patterns).
- Comfortable working with modern infrastructure, such as cloud platforms (AWS, GCP, or Azure) or AI/LLM ecosystems, and able to assess their specific security implications.
- Leverage AI tools actively in your day-to-day research workflow, whether for automation, analysis, or accelerating prototyping.
- Proficient in at least one system or scripting language (Python, Go, or Rust), fluent with a terminal, and able to independently retrieve, transform, and analyze datasets to support research conclusions.
- Track down complex security problems in software and infrastructure and define their solutions.
- Enjoy hacking things and rapidly prototyping ideas.
- Drive research autonomously, identify topics, conduct investigations, and publish findings, while partnering with engineering and product teams to translate insights into platform improvements.
- Public research track record: CVEs, conference presentations, open-source tooling, or technical publications.
- Fluent in English (written and spoken), with strong communication skills: you can explain complex vulnerabilities clearly to both technical and non-technical audiences and present at international conferences.
- Understand supply chain security, including how attacks propagate through package registries (npm, PyPI, DockerHub), GitHub Actions workflows, and dependency automation tools.
- Experience monitoring ongoing attacks, correlating signals across multiple data sources, reconstruct breaches, and having published your findings to the security community.
Benefits
- Top of the market salary
- Equity plan
- Relocation support
- 🏡 Remote policy: hybrid (3 days/week at the office in Paris)
- 📈 Opportunities for career development in the long term
- Etc.
If you are excited about this opportunity and believe you are a great fit for the role, please send your resume and a brief cover letter outlining your experience and what motivates you to join our client.
We are committed to enabling everyone to feel included and valued and trust our partners to do the same. Both the company and its culture are strongest when composed of diverse experiences and backgrounds.
All qualified applicants will receive consideration for employment without regard to age, color, family, gender identity, marital status, national origin, physical or mental disability, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws.
If you have a medical condition or an individual need for an adjustment to our process, and you believe this may affect your ability to be at your best - please let us know so we can talk about how we can best support you and make any adjustments that may be needed.
In case of any doubts or questions, please contact Julien - [email protected]
Skills Required
- 5+ years as a security engineer with 2+ years of research-focused work or equivalent
- Strong offensive security background (pentesting, vulnerability research, red teaming)
- Experience with reverse engineering, binary analysis, and malware inspection
- Experience with API/web security including OAuth, JWT, and token validation
- Comfortable with cloud platforms or AI/LLM ecosystems (AWS, GCP, Azure, or similar)
- Active use of AI tools in research workflows for automation and prototyping
- Proficiency in at least one system or scripting language (Python, Go, or Rust) and fluency with a terminal
- Demonstrated ability to investigate complex security problems and define solutions
- Ability to drive research autonomously and collaborate with engineering/product teams
- Public research track record (CVEs, conference talks, open-source tooling, publications)
- Fluent English, written and spoken, strong communication skills for technical and non-technical audiences
- Understanding of supply chain security (npm, PyPI, DockerHub, GitHub Actions) and dependency attack vectors
- Experience monitoring and correlating ongoing attacks and publishing findings
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Fledge is the conscious company accelerator, focused on mission-driven for-profit startups addressing the most important problems of the world: poverty, hunger, unemployment, communities, and the environment.
