Skip to main content
BeBee

Application Security Research Engineer

Technology
CommIT
Warsaw, ישראללפני 1 חודשיםעד 13.5.2026
משרה מלאה

תיאור המשרה

The J is seeking an Application Security Research Engineer. In this role, you will lead a team of researchers and ethical hackers focused on offensive security testing, automated exploit discovery, and advanced application security research. Your work will directly influence the security posture of company products and help scale secure-by-design principles. This is a hands-on technical role with a strong emphasis on offensive security, code exploitation, automation, and innovation.

What You will Do:

  • Build and lead a team of security researchers and penetration testers.
  • Help to reshape company Product Security 
  • Plan and execute advanced penetration testing campaigns.
  • Develop tools and frameworks for scalable security testing and fuzzing.
  • Lead Security innovation by building and managing penetration testing tools \ AI Agents
  • Analyze vulnerabilities, perform root cause analysis, and develop proofs of concept.
  • Identify systemic product weaknesses and help define long-term mitigations.
  • Collaborate with engineering teams to reproduce, triage, and fix vulnerabilities.
  • Contribute to security research publications, CVE submissions, and industry knowledge sharing.
  • Continuously evolve internal testing capabilities using modern tooling and AI-assisted approaches.
Requirements:
  • Proven 2+ years of experience in leading application security research Teams (SAAS or software company).
  • 7+ year experience in Research and penetration testing.
  • Strong coding skills and deep technical understanding of web, API, cloud-native, and backend technologies.
  • AI and LLM Penetration testing knowldge and Experience 
  • Experience with penetration testing tools (Burp Suite, Metasploit, etc.) and Custom Security Tools development.
  • Familiarity with modern architectures (e.g., Cloud, microservices, containers, Kubernetes).
  • Familiarity with secure software architecture and typical attack vectors.
  • Demonstrated ability to lead security testing engagements and report technical findings effectively.
  • Experience building or integrating automated PT or fuzzing pipelines is a strong advantage.
  • Knowledge and hands-on experience with SSDLC tools and CI/CD pipelines,
  • Publications or open-source contributions in the security domain are a plus.

¿Te interesa este puesto?