Software Security Researcher / Engineer (m/f/x)
About CISPA
The CISPA Helmholtz Center for Information Security is a large-scale federal research institution within the Helmholtz Association.
CISPA’s researchers work in the fields of information security, artificial intelligence, and data privacy. They conduct cutting-edge fundamental research and develop solutions to the most pressing challenges of our digital world. CISPA research results are incorporated into industrial applications and products that are available worldwide, thereby strengthening the competitiveness of Germany and Europe.
As these fields rapidly evolve, software security is reaching a turning point. Growing system complexity and the rise of AI-generated code are pushing traditional methods for detecting and resolving vulnerabilities to their limits.
At CISPA Helmholtz Center for Information Security, we are therefore forming a research-driven team to address these emerging challenges. The team develops AI-native security systems that proactively detect, analyze, and remediate vulnerabilities in increasingly complex codebases. Our work focuses on building the next generation of security systems for both human developers and autonomous AI agents, designed to integrate seamlessly into modern development workflows.
Our vision is to transform software security from a reactive and fragmented process into a proactive, unified, and intelligent capability that keeps pace with the growing complexity of modern systems and becomes a fundamental part of how software is built.
In addition, CISPA actively promotes talent and educates highly qualified specialists and leaders for industry and research—thereby sustainably carrying its expertise into the future.
As a Software Security Researcher / Engineer (m/f/x), you will work on the core security intelligence layer of our platform. Your focus will be on developing advanced vulnerability detection techniques, building and maintaining a continuously evolving security knowledge base, and enabling context-rich security reasoning for AI-driven systems. This role demands technical excellence, creativity, and adaptability, and offers the opportunity to work in a fast-moving, highly dynamic environment with significant ownership.
Your future area of responsibility:
- Developing and maintaining a continuously updating security knowledge base, integrating sources such as CVE, CWE, and other security intelligence feeds.
- Designing and curating high-quality datasets, including real-world vulnerabilities and synthetic scenarios for AI model training.
- Developing software security analysis techniques to detect critical vulnerabilities across complex codebases.
- Designing structured, context-rich representations of vulnerabilities and security insights for consumption by AI agents.
- Contributing to the integration of security knowledge and analysis pipelines into AI-driven workflows.
- Evaluating detection accuracy and improving coverage across different vulnerability classes.
For content-related questions regarding the position, Hossein Hajipour is available as your contact person via email.
Your qualifications profile:
- Bachelor’s degree in Computer Science or a related field, Master’s or PhD preferred.
- Solid understanding of common vulnerability classes such as OWASP Top 10, CWE, and CVE ecosystems.
- Solid knowledge of secure coding practices in various languages.
- Experience with program analysis techniques, including static and dynamic analysis and taint tracking,
- Solid experience with existing SAST and DAST tools.
- Deep understanding of contextual and chained code-related vulnerabilities (real-world & CTF).
- Experience working with vulnerability datasets and security benchmarks.
- Understanding of software architecture, APIs, and modern development practices.
- Strong programming skills, proficiency in Go or Rust is a plus.
We’d be lucky if you also:
- Have experience applying machine learning to software security tasks.
- Have worked on large-scale or real-world software systems and security analysis pipelines.
- Have experience building or maintaining a security intelligence layer that integrates vulnerability data, threat intelligence, and system-specific context.
- Have developed or applied code reachability analysis methods for vulnerability detection or prioritization.
- Have experience with program analysis tools such as Tree-sitter.
- Have a track record of contributing to the broader security community or publishing original research, finding vulnerabilities in various code bases.
What we offer:
- Work on cutting-edge research at the intersection of AI and software security
- Contribute to technology that addresses real-world, high-impact security challenges
- Be part of a highly ambitious, research-driven team
- Shape the future of autonomous, intelligent security systems
- A challenging and exciting role with a high degree of creative freedom in a research institution dedicated to shaping the future of information security in a scientific and strongly international environment
- A strong commitment to work-life balance and equal opportunities; all positions are generally suitable for part-time work
- Compensation and social benefits in accordance with the German public sector collective agreement (TVöD Bund)
- A fixed-term position
- Up to two days of remote work per week (subject to operational requirements)
- Flexible working hours
- Occupational pension scheme (VBL)
- Opportunities for professional development and further training
- Subsidized job ticket
- Social and team-building activities
- Workplace health management programs
CISPA is committed to increasing the representation of women, minorities, people with disabilities, and neurodivergent individuals in computer science. Applications from severely disabled candidates will be given preferential consideration if they are equally qualified.
We welcome applications regardless of gender, nationality, background, religion/beliefs, disability, neurodivergent traits, age, sexual orientation, or identity.
Please note that travel expenses for job interviews will not be reimbursed.
Application documents are only accepted in PDF format and must be submitted via our career portal.
Applications submitted by email cannot be accepted.