Software Security Researcher / Engineer

• Developing and maintaining a continuously updating security knowledge base, integrating sources such as CVE, CWE, and other security intelligence feeds.
• Designing and curating high-quality datasets, including real-world vulnerabilities and synthetic scenarios for AI model training.
• Developing software security analysis techniques to detect critical vulnerabilities across complex codebases.
• Designing structured, context-rich representations of vulnerabilities and security insights for consumption by AI agents.
• Contributing to the integration of security knowledge and analysis pipelines into AI-driven workflows.
• Evaluating detection accuracy and improving coverage across different vulnerability classes.

For content-related questions regarding the position, Hossein Hajipour is available as your contact person via email.

• Bachelor's degree in Computer Science or a related field, Master's or PhD preferred.
• Solid understanding of common vulnerability classes such as OWASP Top 10, CWE, and CVE ecosystems.
• Solid knowledge of secure coding practices in various languages.
• Experience with program analysis techniques, including static and dynamic analysis and taint tracking,
• Solid experience with existing SAST and DAST tools.
• Deep understanding of contextual and chained code-related vulnerabilities (real-world & CTF).
• Experience working with vulnerability datasets and security benchmarks.
• Understanding of software architecture, APIs, and modern development practices.
• Strong programming skills, proficiency in Go or Rust is a plus.

We'd be lucky if you also:

• Have experience applying machine learning to software security tasks.
• Have worked on large-scale or real-world software systems and security analysis pipelines.
• Have experience building or maintaining a security intelligence layer that integrates vulnerability data, threat intelligence, and system-specific context.
• Have developed or applied code reachability analysis methods for vulnerability detection or prioritization.
• Have experience with program analysis tools such as Tree-sitter.
• Have a track record of contributing to the broader security community or publishing original research, finding vulnerabilities in various code bases.

• Work on cutting-edge research at the intersection of AI and software security
• Contribute to technology that addresses real-world, high-impact security challenges
• Be part of a highly ambitious, research-driven team
• Shape the future of autonomous, intelligent security systems
• A challenging and exciting role with a high degree of creative freedom in a research institution dedicated to shaping the future of information security in a scientific and strongly international environment
• A strong commitment to work-life balance and equal opportunities; all positions are generally suitable for part-time work
• Compensation and social benefits in accordance with the German public sector collective agreement (TVöD Bund)
• A fixed-term position
• Up to two days of remote work per week (subject to operational requirements)
• Flexible working hours
• Occupational pension scheme (VBL)
• Opportunities for professional development and further training
• Subsidized job ticket
• Social and team-building activities
• Workplace health management programs