This position is full remote, based in Europe or on the East Coast of the US (manager based in Paris, France).

Context

GitGuardian is a global pre-Series C cybersecurity startup.

Among our early investors who saw our market value proposition, are the co-founder of GitHub, Scott Chacon, along with Docker co-founder / CTO Solomon Hykes 👀. American and European top-tier VC firms have also invested in GitGuardian.

GitGuardian teams have developed a source code security platform for the DevOps generation. Our solutions are already used by more than 400K developers worldwide!

We are seeking a highly skilled and motivated senior security researcher to join our team, focusing on addressing security challenges related to code and application security.

Innovating in our field and showing deep expertise in cybersecurity topics is key to our success, your work will matter and will be advertised externally.

Mission

As a cyber security researcher, you will conduct technical research, and run experiments. You are also expected to participate in the larger security community through blog posts, research papers and participation in industry conferences.

This role involves staying up-to-date with the latest code security trends and techniques, as well as working closely with our development and product teams to design new security features and with our marketing team to develop technical long-form content. The role reports directly to the CMO.

• Researching and publishing on topics related to code security, providing technical expertise to other R&D teams, developing tools to support analysts in their day-to-day duties, and collecting technical artifacts about adversary activity.
• Analyzing, researching, and delving deep into the vast amount of data gathered by GitGuardian, technologies, tools, and products, existing and emerging, to understand how they work and how they can be utilized to build new solutions to user problems.
• Reproduce emerging vulnerabilities and provide actionable technical information.
• Author blog posts, research papers and conference presentations on topics and research in your area of expertise.
• Analyze our different datasets to extract insights that can be shared to the community.

Some of the research fields would include:

Secrets Leakage Analysis: Analyze historical code repositories to identify instances where secrets have been inadvertently leaked or been exposed. This could involve conducting forensic analysis of code commits, finding patterns, big leaks and potential attack surfaces.

Vulnerability Research: Identify and analyze vulnerabilities in software code, libraries, and frameworks. This includes both known vulnerabilities (CVEs) and zero-day vulnerabilities.

Threat Intelligence: Research emerging threats, attack vectors, and adversary tactics to stay ahead of potential security risks. This includes monitoring underground forums, analyzing threat actor behavior, and tracking new malware campaigns.

Supply Chain Security: Investigate supply chain attacks and vulnerabilities within third-party components, dependencies, or libraries used in software development.

Requirements

If you think you match at least 70% of these criteria, please apply!

• 5+ years experience working in a security engineer role (Application Security, Security Operations, Security Development), with 2+ years of those dedicated to research-related work.
  
• Experience in bugbounty, pentesting or red teaming is a must
• Keen eye for identifying complex security problems in software and/or infrastructure, and defining their solutions.
• Ability to rapidly prototyping ideas.
• Proficiency in a scripting language (Python or Go).
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

Benefits

• 🌴⛱️ 25 days of PTO (employees are strongly encouraged to use all of it!)
• 🗓️ 8 public holidays
• 🧘‍♂️ Health, Dental & Vision insurance (80% coverage), for individuals and their families
• 💡 Short term & long term disability insurance (100% paid)
• 🌎 Travel policy including to our annual off-sites ('23 was South of France!)
• 💻 Up to $300 towards your home office set-up
• 🔌 Monthly remote work stipend $70
• 🙌 Complimentary access to Talk Space
• 🤝 Referral bonus of $4000 for any new Guardians we might hire thanks to you
• 💳 Pre-tax commuter plan access
• 💰 401(k) with Slavic

And also...

• 🚀 Becoming the first Security Researcher of the marketing team, with opportunities for career development in the long term
• 👊 Working on a meaningful product; we've already helped more than 400k developers across the globe
• 📈 A robust engineering culture, discover our R&D projects
• 👫 Trust & autonomy on your perimeter with a very transparent internal communication and a strong impact on the company development

Recruitment process

1. Video call with a Talent Acquisition team member

To discover your professional projects and evaluate if there could be a mutual match.

2. Interview with Carole (CMO)

To know more about yourself and your writing / publication achievements, and present to you the team.

3. Final interview with Eric (CEO, co-founder)

To assess your technical expertise in the security and development field, also to detail our company’s vision and ambitions for the next couple of years.

Curious to know more about us?

Products

• Want to go even further? Check out our public roadmap!
• Check out the State of Secrets Sprawl Report to understand our mission and the industry.
• Mackenzie (DevRel) will tell you about how GitGuardian works in this video!
• Our solutions are already used by hundreds of thousands of developers in all industries and GitGuardian platform is the n°1 security app on the GitHub marketplace 🔥

Clients

• GitGuardian helps organizations find exposed sensitive information that could often lead to tens of millions of dollars in potential damage.
• More than 80% of our customers are in the United States.
• Many F500 companies use GitGuardian's platform.

People

• The Guardians are knowledgeable, committed, serious, aligned with the company’s mission, and true team players: always willing to help each other grow our skill sets!
• The team is diverse and we hail from more than 20 different countries.
• We are also agile, remote-friendly, and fun people to work with.

GitGuardian is an equal opportunity employer committed to encouraging and celebrating its diverse and inclusive workforce. We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone.

We welcome all without regard to age, race, color, religion, gender identity and expression, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, citizenship, national origin, disability, military status, veteran status, political affiliation, or any other protected characteristics. All aspects of employment will be solely based on merit and qualifications related to professional competence. GitGuardian operates on a principle of mutual respect and acceptance, and every employee must follow GitGuardian's anti-harassment and anti-discrimination company policies.

Team

Marketing

Locations

Paris, Boston

Remote status

Fully Remote

Employment type

Full-time

Already working at GitGuardian?

Let’s recruit together and find your next colleague.