Application Security Research Engineer

combit
Konstanz, Germany
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Canton of Toulouse-5, France

Tech stack

API
Artificial Intelligence
Software System Penetration Testing
Architectural Patterns
Burp Suite
Software as a Service
Cloud Computing
Cloud Engineering
Fuzz Testing
Systems Integration
Software Security
Kubernetes
Metasploit
Free and Open-Source Software
Software Coding
Vulnerability Analysis
Microservices

Job description

Company is seeking an Application Security Research Engineer. In this role, you will lead a team of researchers and ethical hackers focused on offensive security testing, automated exploit discovery, and advanced application security research. Your work will directly influence the security posture of company products and help scale secure-by-design principles. This is a hands-on technical role with a strong emphasis on offensive security, code exploitation, automation, and innovation.

What You will Do:

  • Build and lead a team of security researchers and penetration testers.
  • Help to reshape company Product Security
  • Plan and execute advanced penetration testing campaigns.
  • Develop tools and frameworks for scalable security testing and fuzzing.
  • Lead Security innovation by building and managing penetration testing tools \ AI Agents
  • Analyze vulnerabilities, perform root cause analysis, and develop proofs of concept.
  • Identify systemic product weaknesses and help define long-term mitigations.
  • Collaborate with engineering teams to reproduce, triage, and fix vulnerabilities.
  • Contribute to security research publications, CVE submissions, and industry knowledge sharing.
  • Continuously evolve internal testing capabilities using modern tooling and AI-assisted approaches.

Requirements:

  • Proven 2 years of experience in leading application security research Teams (SAAS or software company).
  • 7 year experience in Research and penetration testing.
  • Strong coding skills and deep technical understanding of web, API, cloud-native, and backend technologies.
  • AI and LLM Penetration testing knowldge and Experience
  • Experience with penetration testing tools (Burp Suite, Metasploit, etc.) and Custom Security Tools development.
  • Familiarity with modern architectures (e.g., Cloud, microservices, containers, Kubernetes).
  • Familiarity with secure software architecture and typical attack vectors.
  • Demonstrated ability to lead security testing engagements and report technical findings effectively.
  • Experience building or integrating automated PT or fuzzing pipelines is a strong advantage.
  • Knowledge and hands-on experience with SSDLC tools and CI/CD pipelines,
  • Publications or open-source contributions in the security domain are a plus.

Requirements

Etudes/recherche, Security

About the company

combit is a leading provider in the field of reporting components for software development. The portfolio includes the award-winning reporting tool List & Label, which has been continuously enhanced for almost 30 years. The development tool can be seamlessly integrated into ASP.NET applications with any front-end technologies as well as into WPF or WinForms applications, extending them with numerous data visualization options and powerful print and export functions. 

Apply for this position