Logo Cispa

Software Security Researcher/Engineer

Cispa

Job

  • Level
    Experienced
  • Job Field
    IT, Data, Security
  • Employment Type
    Full Time
  • Contract Type
    Temporary employment
  • Location
    Sankt Ingbert
  • Working Model
    Hybrid, Onsite

    • Job Summary

    In this role, you will develop security analysis techniques to detect critical vulnerabilities, curate high-quality datasets, and integrate security knowledge into AI-driven workflows.

    Job Technologies

    Your role in the team

    • Developing and maintaining a continuously updating security knowledge base, integrating sources such as CVE, CWE, and other security intelligence feeds.
    • Designing and curating high-quality datasets, including real-world vulnerabilities and synthetic scenarios for AI model training.
    • Developing software security analysis techniques to detect critical vulnerabilities across complex codebases.
    • Designing structured, context-rich representations of vulnerabilities and security insights for consumption by AI agents.
    • Contributing to the integration of security knowledge and analysis pipelines into AI-driven workflows.
    • Evaluating detection accuracy and improving coverage across different vulnerability classes.

    This text has been machine translated. Show original

    Our expectations of you

    Education

    • Bachelor's degree in Computer Science or a related field, Master's or PhD preferred.

    Qualifications

    • Solid understanding of common vulnerability classes such as OWASP Top 10, CWE, and CVE ecosystems.
    • Solid knowledge of secure coding practices in various languages.
    • Deep understanding of contextual and chained code-related vulnerabilities (real-world & CTF).
    • Understanding of software architecture, APIs, and modern development practices.
    • Strong programming skills, proficiency in Go or Rust is a plus.
    • Have worked on large-scale or real-world software systems and security analysis pipelines.
    • Have developed or applied code reachability analysis methods for vulnerability detection or prioritization.
    • Have a track record of contributing to the broader security community or publishing original research, finding vulnerabilities in various code bases.

    Experience

    • Experience with program analysis techniques, including static and dynamic analysis and taint tracking.
    • Solid experience with existing SAST and DAST tools.
    • Experience working with vulnerability datasets and security benchmarks.
    • Have experience applying machine learning to software security tasks.
    • Have experience building or maintaining a security intelligence layer that integrates vulnerability data, threat intelligence, and system-specific context.
    • Have experience with program analysis tools such as Tree-sitter.

    This text has been machine translated. Show original

    What we offer

    • Work on cutting-edge research at the intersection of AI and software security.
    • Contribute to technology that addresses real-world, high-impact security challenges.
    • Be part of a highly ambitious, research-driven team.
    • Shape the future of autonomous, intelligent security systems.
    • A challenging and exciting role with a high degree of creative freedom in a research institution dedicated to shaping the future of information security in a scientific and strongly international environment.
    • A strong commitment to work-life balance and equal opportunities; all positions are generally suitable for part-time work.
    • Compensation and social benefits in accordance with the German public sector collective agreement (TVöD Bund).
    • A fixed-term position.
    • Up to two days of remote work per week (subject to operational requirements).
    • Flexible working hours.
    • Occupational pension scheme (VBL).
    • Opportunities for professional development and further training.
    • Subsidized job ticket.
    • Social and team-building activities.
    • Workplace health management programs.

    This text has been machine translated. Show original

    Benefits

    Work-Life-Integration

    Topics that you deal with on the job

    Job Locations

    • Location Sankt Ingbert

      66386 Saarland

      Germany

    This is your employer

    Cispa

    Cispa

    We - the Helmholtz Center for Information Security (CISPA) - are a German national Big Science Institution within the Helmholtz Association. Our research agenda comprises all aspects of Information Security.

    Description

  • Founding year
    2011
  • Company Type
    Digital Agency
  • Working Model
    Hybrid, Onsite
  • Industry
    Internet, IT, Telecommunication
    • Logo Cispa

    Software Security Researcher/Engineer

    Cispa
    Location
    Sankt Ingbert
    Working Model
    Hybrid, Onsite
    Diversity
    Open for all genders
    English Only
    English only required

    More Jobs