This position is based in the US and you must be on the East Coast.

GitGuardian is a global pre-Series C cybersecurity startup.

Among our early investors who saw our market value proposition, are the co-founder of GitHub, Scott Chacon, along with Docker co-founder / CTO Solomon Hykes 👀. American and European top-tier VC firms have also invested in GitGuardian.

GitGuardian teams have developed a source code security platform for the DevOps generation. Our solutions are already used by more than 400K developers worldwide!

Our typical customers are companies with hundreds of developers that are leveraging numerous services like SaaS applications, cloud infrastructures, or internal microservices and are mature on DevOps and cloud adoption.

Our products are used by different teams: Software Development and Ops teams, Application Security, Threat Response and the buying decision comes from CISOs / CTOs / Directors of Security / Head of Appsec.

Innovating in our field and showing deep expertise in cybersecurity topics is key to our success, your work will matter and will be advertised externally.

What would you work on?

We are seeking a highly skilled and motivated senior security researcher to join our global team, focusing on addressing security challenges related to code and application security.

As a cyber security researcher, you will identify and evaluate ideas for new products, conduct technical research, and run experiments. You will also participate in the larger security community through blog posts, research papers and participation in industry conferences.

Our ideal candidate will stay up-to-date with the latest code security trends and techniques, as well as work closely with our development and product teams to design new security features and with our marketing team to develop technical long-form content. You will report directly to our CMO.

Here are some of the primary projects you will work on in your first year:

Researching and publishing on topics related to code security, providing technical expertise to other R&D teams, developing tools to support analysts in their day-to-day duties, and collecting technical artifacts about adversary activity.

Analyzing, researching, and delving deep into the vast amount of data gathered by GitGuardian, technologies, tools, and products, existing and emerging, to understand how they work and how they can be utilized to build new solutions to user problems.

Reproduce emerging vulnerabilities and provide actionable technical information.

Author blog posts, research papers and conference presentations on topics and research in your area of expertise.

Analyze our different datasets to extract insights that can be shared to the community

Some of your research fields would include:

Secrets Leakage Analysis: Analyze historical code repositories to identify instances where secrets have been inadvertently leaked or been exposed. This could involve conducting forensic analysis of code commits, finding patterns, big leaks and potential attack surfaces.

Vulnerability Research: Identify and analyze vulnerabilities in software code, libraries, and frameworks. This includes both known vulnerabilities (CVEs) and zero-day vulnerabilities.

Threat Intelligence: Research emerging threats, attack vectors, and adversary tactics to stay ahead of potential security risks. This includes monitoring underground forums, analyzing threat actor behavior, and tracking new malware campaigns.

Supply Chain Security: Investigate supply chain attacks and vulnerabilities within third-party components, dependencies, or libraries used in software development.

More about you:

If you think you match at least 70% of these criteria, please apply!

Expected experience of 5+ years working in a security engineer role (Application Security, Security Operations, Security Development), with 2+ years of those dedicated to research-related work, or an equivalent educational experience.

Have a keen eye for identifying complex security problems in software and/or infrastructure, and defining their solutions.

Enjoy hacking things and rapidly prototyping ideas.

Be proficient in a scripting language (Python or Go).

Be data driven and have strong data analytics skills.

Be a team player and like collaborating on cross-functional teams.

Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

Benefits

• 🌴⛱️ 25 days of PTO (employees are strongly encouraged to use all of it!)
• 🗓️ 8 public holidays
• 🧘‍♂️ Health, Dental & Vision insurance (80% coverage), for individuals and their families
• 💡 Short term & long term disability insurance (100% paid)
• 🌎 Travel policy including to our annual off-sites ('23 was South of France!)
• 💻 Up to $300 towards your home office set-up
• 🔌 Monthly remote work stipend $70
• 🙌 Complimentary access to Talk Space
• 🤝 Referral bonus of $4000 for any new Guardians we might hire thanks to you
• 💳 Pre-tax commuter plan access 
• 💰 401(k) with Slavic

And also...

• 🚀 Becoming an early joiner of GitGuardian US team, with many opportunities for career development in the long term
• 👊 Working on a meaningful product; we've already helped more than 400k developers across the globe
• 📈 A robust engineering culture, discover our R&D projects
• 👫 Trust & autonomy on your perimeter with a very transparent internal communication and a strong impact on the company development

Recruitment process

1. Video call with a Talent Acquisition team member

To discover your professional projects and evaluate if there could be a mutual match.

2. Team interview: Meet the team and/or your future manager

To know more about yourself and your achievements, and present to you the team.

3. Business case

To work at home and to present to the team.

Objective: to evaluate your skills for the position and project yourself into the role.

4. Final interview with the CEO

Eric will detail our company’s vision and ambitions for the next couple of years. 

Curious to know more about us?

Products

• Want to go even further? Check out our public roadmap!
• Check out the State of Secrets Sprawl Report to understand our mission and the industry.
• Mackenzie (DevRel) will tell you about how GitGuardian works in this video!
• Our solutions are already used by hundreds of thousands of developers in all industries and GitGuardian platform is the n°1 security app on the GitHub marketplace 🔥

Clients

• GitGuardian helps organizations find exposed sensitive information that could often lead to tens of millions of dollars in potential damage.
• More than 80% of our customers are in the United States.
• Many F500 companies use GitGuardian's platform.

People

• The Guardians are knowledgeable, committed, serious, aligned with the company’s mission, and true team players: always willing to help each other grow our skill sets!
• The team is diverse and we hail from more than 20 different countries.
• We are also agile, remote-friendly, and fun people to work with.

GitGuardian is an equal opportunity employer committed to encouraging and celebrating its diverse and inclusive workforce. We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone.

We welcome all without regard to age, race, color, religion, gender identity and expression, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, citizenship, national origin, disability, military status, veteran status, political affiliation, or any other protected characteristics. All aspects of employment will be solely based on merit and qualifications related to professional competence. GitGuardian operates on a principle of mutual respect and acceptance, and every employee must follow GitGuardian's anti-harassment and anti-discrimination company policies.