Staff Security Research Engineer

Key Responsibilities

• Research and build AI-powered security capabilities that enhance early detection and prevention across SAST, SCA, DAST, and CI/CD pipelines.
• Research risks in AI-assisted development, including insecure code generation, dependency suggestions, and automated refactoring.
• Lead research into modern attack vectors targeting code, dependencies, build systems, CI/CD pipelines, and cloud environments.
• Develop AI-assisted detection and testing methods to improve accuracy, automation, and coverage across security tooling.
• Prototype and validate new detection methods that help developers prevent vulnerabilities before deployment.
• Collaborate with engineering and product teams to integrate research outcomes directly into developer workflows and platform features.
• Perform deep technical assessments of applications, APIs, source repositories, and build pipelines to uncover design flaws, dependency risks, and supply chain threats.
• Work with customers and internal teams to align research with real-world DevSecOps use cases and product improvements.
• Contribute to pre-sales and technical enablement through proof-of-concepts, demos, and solution design for code-to-cloud protection.
• Build internal tools and automation that accelerate vulnerability discovery, analysis, and AI-driven security research.
• Share insights and research outcomes through blogs, whitepapers, and conference talks to advance the field of Shift-Left and AI security.
• Continuously monitor emerging threats and apply learnings to improve product detection and protection capabilities.

About You

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
• 8 - 10+ years of experience with special focus on security research and application security.
• Strong background in shift-left security tools (SAST, DAST, SCA) with experience building or customizing scanning rules, engines, or pipelines.
• Prior hands-on development experience with a solid understanding of modern programming languages, frameworks, and build systems.
• Understanding of AI and LLM models, their integration into developer workflows, and potential security risks.
• Deep understanding of OWASP Top 10, API Security Top 10, LLM Top 10, and CI/CD Security Top 10, with the ability to map real-world vulnerabilities to these risk categories.
• Familiarity with AI-assisted development tools and experience evaluating or mitigating risks from AI-generated code and dependency suggestions.
• Proficient in at least one modern programming language (Python, Go, Java, JavaScript, etc.)
• Familiarity with dependency management ecosystems (npm, PyPI, Maven, Go modules) and open-source risk analysis.
• Demonstrated experience in publishing security research, authoring technical blogs, or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides) is a strong plus.
• Relevant credentials such as OSCP, OSCE, CEH, or equivalent security certifications are a plus.
• Strong analytical and problem-solving skills, with the ability to lead complex research independently; from hypothesis to validation and implementation.
• Proven ability to work autonomously, drive large research efforts, and collaborate cross-functionally with product and engineering teams.
• Passion for research, security, and continuous learning, with a never-give-up attitude.