Software Security Researcher / Engineer
Role details
Job location
Tech stack
Job description
security reasoning for AI-driven systems. This role demands technical excellence, creativity, and adaptability, and offers the opportunity to work in a fast-moving, highly dynamic environment with significant ownership. Your future area of responsibility: - Developing and maintaining a continuously updating security knowledge base, integrating sources such as CVE, CWE, and other security intelligence feeds. - Designing and curating high-quality datasets, including real-world vulnerabilities and synthetic scenarios for AI model training. - Developing software security analysis techniques to detect critical vulnerabilities across complex codebases. - Designing structured, context-rich representations of vulnerabilities and security insights for consumption by AI agents. - Contributing to the integration of security knowledge and analysis pipelines into AI-driven workflows. - Evaluating detection accuracy and improving coverage across different vulnerability classes. For
Requirements
content-related questions regarding the position, Hossein Hajipour is available as your contact person via email. Your qualifications profile: - Bachelor's degree in Computer Science or a related field, Master's or PhD preferred. - Solid understanding of common vulnerability classes such as OWASP Top 10, CWE, and CVE ecosystems. - Solid knowledge of secure coding practices in various languages. - Experience with program analysis techniques, including static and dynamic analysis and taint tracking, - Solid experience with existing SAST and DAST tools. - Deep understanding of contextual and chained code-related vulnerabilities (real-world & CTF). - Experience working with vulnerability datasets and security benchmarks. - Understanding of software architecture, APIs, and modern development practices. - Strong programming skills, proficiency in Go or Rust is a plus. We'd be lucky if you also: - Have experience
Benefits & conditions
applying machine learning to software security tasks. - Have worked on large-scale or real-world software systems and security analysis pipelines. - Have experience building or maintaining a security intelligence layer that integrates vulnerability data, threat intelligence, and system-specific context. - Have developed or applied code reachability analysis methods for vulnerability detection or prioritization. - Have experience with program analysis tools such as Tree-sitter. - Have a track record of contributing to the broader security community or publishing original research, finding vulnerabilities in various code bases. What we offer: - Work on cutting-edge research at the intersection of AI and software security - Contribute to technology that addresses real-world, high-impact security challenges - Be part of a highly ambitious, research-driven team - Shape the future of autonomous, intelligent security systems - A challenging and exciting role with a high degree of creative freedom in a research institution dedicated to shaping the future of information security in a scientific and strongly international environment - A strong commitment to work-life balance and equal opportunities; all positions are generally suitable for part-time work - Compensation and social benefits in accordance with the German public sector collective agreement (TVöD Bund) - A fixed-term position - Up to two days of remote work per week (subject to operational requirements) - Flexible working hours - Occupational pension scheme (VBL) - Opportunities for professional development and further training - Subsidized job ticket - Social and team-building activities - Workplace health management programs CISPA is committed to increasing the representation of women, minorities, people with disabilities, and neurodivergent individuals in computer science. Applications from severely disabled candidates will
