Key Facts

Remote From:

Spain

Category: Security Engineer

Full time

Senior (5-10 years)

English

Hard Skills

Application Security Security Testing Penetration Testing Web Application Security Kubernetes Secure Coding Proof Of Concept (POC) Development Containerization Root Cause Analysis Security Testing +19 more

Other Skills

•
Communication
•
Team Management
•
Analytical Thinking
•
Team Building
•
Problem Solving

Roles & Responsibilities

7+ years in security research and penetration testing, with 2+ years leading application security research teams (SAAS or software company).
Strong coding skills and deep technical understanding of web, API, cloud-native, and backend technologies.
Experience with AI/LLM-based penetration testing and automation pipelines; proficiency with Burp Suite, Metasploit, and custom security tool development.
Ability to lead security testing engagements, report technical findings effectively, and work with CI/CD/SDLC tools; familiarity with modern architectures (cloud, microservices, containers, Kubernetes).

Requirements:

Build and lead a team of security researchers and penetration testers.
Plan and execute advanced penetration testing campaigns to reshape the Product Security Plan.
Develop tools and frameworks for scalable security testing, fuzzing, and AI-assisted security approaches.
Collaborate with engineering teams to reproduce, triage, and fix vulnerabilities; contribute to security research publications and CVE submissions.

Commit

About Commit

Commit is a global tech services company with offices in New York, Israel, and Europe. The company was founded in 2005 and has over 700 multi-disciplinary innovation experts who serve a broad range of companies, from small startups to large enterprises in multiple business sectors. Commit specializes in advanced technologies and applications with dedicated practices in Software, IoT, Big Data, Cloud, Cyber, Collaboration, Data center migration projects, and more. Commit offers innovative, end-to-end technology solutions by developing custom software and IoT platforms for clients looking to build their next-gen products within the modern ICT world. Commit’s complete and comprehensive engineering powerhouse of resources, and proprietary Flexible R&D methodology helps transform its clients’ technology visions into high-quality products while reducing costs and improving time-to-market.

Company type: SME

Founded: 2018

Company size: 501 - 1000

Website LinkedIn See all jobs →

Job description

Description

Company is seeking an Application Security Research Engineer. In this role, you will lead a team of researchers and ethical hackers focused on offensive security testing, automated exploit discovery, and advanced application security research. Your work will directly influence the security posture of company products and help scale secure-by-design principles. This is a hands-on technical role with a strong emphasis on offensive security, code exploitation, automation, and innovation.

What You will Do:

Build and lead a team of security researchers and penetration testers.
Help to reshape company Product Security
Plan and execute advanced penetration testing campaigns.
Develop tools and frameworks for scalable security testing and fuzzing.
Lead Security innovation by building and managing penetration testing tools \ AI Agents
Analyze vulnerabilities, perform root cause analysis, and develop proofs of concept.
Identify systemic product weaknesses and help define long-term mitigations.
Collaborate with engineering teams to reproduce, triage, and fix vulnerabilities.
Contribute to security research publications, CVE submissions, and industry knowledge sharing.
Continuously evolve internal testing capabilities using modern tooling and AI-assisted approaches.

Requirements

Requirements:

Proven 2+ years of experience in leading application security research Teams (SAAS or software company).
7+ year experience in Research and penetration testing.
Strong coding skills and deep technical understanding of web, API, cloud-native, and backend technologies.
AI and LLM Penetration testing knowldge and Experience
Experience with penetration testing tools (Burp Suite, Metasploit, etc.) and Custom Security Tools development.
Familiarity with modern architectures (e.g., Cloud, microservices, containers, Kubernetes).
Familiarity with secure software architecture and typical attack vectors.
Demonstrated ability to lead security testing engagements and report technical findings effectively.
Experience building or integrating automated PT or fuzzing pipelines is a strong advantage.
Knowledge and hands-on experience with SSDLC tools and CI/CD pipelines,
Publications or open-source contributions in the security domain are a plus.