As a Cybersecurity Engineer on the Product Team at Escape, you will improve the precision and reliability of our automated DAST and ASM engines.

Your main goal is to ensure our scanners detect real vulnerabilities, avoid regressions, and continuously increase their coverage. You will work both on automation and on manual pentesting to understand gaps between human and automated testing, then translate those insights into concrete improvements.

Your core responsibilities will include:

• Performing manual pentests on selected customers to compare real findings with Escape’s automated results and validate detection accuracy.

• Creating new vulnerable APIs and applications to generate real negative cases and test coverage in realistic conditions.

• Building new monitoring systems using statistical analysis, scan patterns, and insights from modern vulnerable application structures to detect drifts, anomalies, or quality issues early.

• Fixing, improving, and adapting existing security tests in our DAST and ASM engines.

• Improve scanners and build POCs for new CVEs, new vulnerability classes, or areas not yet covered by our engine.

💻 Development & Automation

You will work closely with our engineering and product teams to strengthen our detection engine:

• Build automated E2E workflows using Python or Go, and our public API.

• Create and maintain monitoring dashboards in Grafana and Metabase.

• Develop internal tooling to support coverage analysis and statistical monitoring.

🔬 Research & Security Testing

You will contribute to improving our detection logic through hands-on testing and research:

• Manually pentest customer environments to validate Escape’s findings.

• Analyze detection gaps between automated scanning and human testing.

• Study new CVEs and emerging vulnerability patterns.

• Build PoCs and controlled environments to train and evaluate our agents.

🌍 What You’ll Work On

You will contribute to the evolution of fully automated pentesting:

• Improving coverage on real-world applications.

• Building realistic vulnerable environments to train detection.

• Continuously monitoring engine accuracy using statistical methods.

• Strengthening the link between manual pentesting and automated scanning.

• Helping shape the next generation of our DAST and ASM capabilities.

Our Tech Stack

Backend

• Python — detection logic, automation, tooling

• Go — high-performance detection components

• Typescript — platform and API integrations

Monitoring & Analytics

• Grafana — alerting and operational monitoring

• Metabase — dashboards and statistical tracking

💡 As a Cybersecurity Engineer on the Product Team, you’ll work on both offensive security and engineering. You’ll build automated systems, test real applications, research vulnerabilities, and directly improve the intelligence of our scanning engine.

• Background in cybersecurity or computer science, with a strong foundation in security, networking, programming, and hands-on projects.

• Hands-on experience with penetration testing, vulnerability analysis, or offensive security tools.

• Good understanding of common pentesting methodologies (OWASP, PTES, etc.).

• Solid experience with at least one programming language (Python, Golang, Rust, Typescript, C, …).

• Experience with AI tools, LLMs, agents, or automation systems is a plus.

• Experience conducting academic or independent research in cybersecurity or another technical field is also a plus.

• Technical writing experience (documentation, blog posts, research notes) is appreciated.

• English proficiency.

We respect your time and will keep the process fast and efficient. The entire hiring process will be completed within a maximum of 2 weeks.

🤓 HR Interview – 30 minutes (visio)

🔍 Pentest Exercise – Practical pentesting evaluation

💻 Technical Challenge with our R&D Platform Engineer – 1 hour (visio)

🤔 Final Interview with the CTO – 1 hour (visio)

💌 Formal hiring proposal