Logo Cispa

Software Security Researcher / Engineer

Cispa

Job

  • Level
    Erfahren
  • Job Feld
    IT, Data, Security
  • Anstellung
    Vollzeit
  • Vertragsart
    Befristetes Dienstverhältnis
  • Ort
    Sankt Ingbert
  • Arbeitsmodell
    Hybrid, Onsite

    • Job Zusammenfassung

    In dieser Position entwickelst du Sicherheitsanalysetechniken zur Erkennung kritischer Schwachstellen, kuratierst hochwertige Datensätze und integrierst Sicherheitswissen in KI-gesteuerte Workflows.

    Job Technologien

    Deine Rolle im Team

    • Developing and maintaining a continuously updating security knowledge base, integrating sources such as CVE, CWE, and other security intelligence feeds.
    • Designing and curating high-quality datasets, including real-world vulnerabilities and synthetic scenarios for AI model training.
    • Developing software security analysis techniques to detect critical vulnerabilities across complex codebases.
    • Designing structured, context-rich representations of vulnerabilities and security insights for consumption by AI agents.
    • Contributing to the integration of security knowledge and analysis pipelines into AI-driven workflows.
    • Evaluating detection accuracy and improving coverage across different vulnerability classes.

    Unsere Erwartungen an dich

    Ausbildung

    • Bachelor's degree in Computer Science or a related field, Master's or PhD preferred.

    Qualifikationen

    • Solid understanding of common vulnerability classes such as OWASP Top 10, CWE, and CVE ecosystems.
    • Solid knowledge of secure coding practices in various languages.
    • Deep understanding of contextual and chained code-related vulnerabilities (real-world & CTF).
    • Understanding of software architecture, APIs, and modern development practices.
    • Strong programming skills, proficiency in Go or Rust is a plus.
    • Have worked on large-scale or real-world software systems and security analysis pipelines.
    • Have developed or applied code reachability analysis methods for vulnerability detection or prioritization.
    • Have a track record of contributing to the broader security community or publishing original research, finding vulnerabilities in various code bases.

    Erfahrung

    • Experience with program analysis techniques, including static and dynamic analysis and taint tracking.
    • Solid experience with existing SAST and DAST tools.
    • Experience working with vulnerability datasets and security benchmarks.
    • Have experience applying machine learning to software security tasks.
    • Have experience building or maintaining a security intelligence layer that integrates vulnerability data, threat intelligence, and system-specific context.
    • Have experience with program analysis tools such as Tree-sitter.

    Unser Angebot

    • Work on cutting-edge research at the intersection of AI and software security.
    • Contribute to technology that addresses real-world, high-impact security challenges.
    • Be part of a highly ambitious, research-driven team.
    • Shape the future of autonomous, intelligent security systems.
    • A challenging and exciting role with a high degree of creative freedom in a research institution dedicated to shaping the future of information security in a scientific and strongly international environment.
    • A strong commitment to work-life balance and equal opportunities; all positions are generally suitable for part-time work.
    • Compensation and social benefits in accordance with the German public sector collective agreement (TVöD Bund).
    • A fixed-term position.
    • Up to two days of remote work per week (subject to operational requirements).
    • Flexible working hours.
    • Occupational pension scheme (VBL).
    • Opportunities for professional development and further training.
    • Subsidized job ticket.
    • Social and team-building activities.
    • Workplace health management programs.

    Benefits

    Work-Life-Integration

    Themen mit denen du dich im Job beschäftigst

    Job Standorte

    • Standort Sankt Ingbert

      66386 Saarland

      Deutschland

    Das ist dein Arbeitgeber

    Cispa

    Cispa

    We - the Helmholtz Center for Information Security (CISPA) - are a German national Big Science Institution within the Helmholtz Association. Our research agenda comprises all aspects of Information Security.

    Description

  • Gründungsjahr
    2011
  • Unternehmenstyp
    Digitale Agentur
  • Arbeitsmodell
    Hybrid, Onsite
  • Branche
    Internet, IT, Telekom
    • Logo Cispa

    Software Security Researcher / Engineer

    Cispa
    Ort
    Sankt Ingbert
    Arbeitsmodell
    Hybrid, Onsite
    Diversität
    Für alle Personen geeignet (m/w/d)
    Nur Englisch
    Nur Englisch erforderlich

    Weitere Jobs