Offensive Security Lead - Paris - Escape

Description

Escape is on a mission to reinvent how we protect our applications against hackers. Backed by YC, and with a growing customer base including industry giants like Société Générale, Lightspeed, and the Olympic Games, we're on the road for our Series A funding round.

Our growing team of 23 passionate Escapers is at the core of the company's success, tackling profound tech challenges and driving innovation in cybersecurity.

We love to break down barriers and bring innovation from R&D to the final product stages. At Escape, every team member has the chance to take on important responsibilities that drive impact.

We believe it's time to bring more AI‑driven innovation to the cybersecurity field. We'd love your help in building this dream

We are seeking our first Offensive Security Lead to join Escape and play a key role in validating and enhancing our AI‑powered Code‑to‑cloud ASM and DAST platform. This role is central to Escape's mission: ensuring our security scanners accurately detect real‑world vulnerabilities by thinking like an attacker. You will lead offensive security initiatives, conduct penetration testing and red team operations on customer applications, and work closely with our Security Research and Scanners teams to continuously improve our detection capabilities.

As the Offensive Security Lead, you will be responsible for designing and executing sophisticated attack scenarios, validating scanner findings against real‑world exploitation techniques, and translating your offensive research into actionable improvements for our platform. You will be the internal adversary who stress‑tests our technology and helps our enterprise customers understand their true security posture.

Context

• Location: Paris , 2 days remote/week
• Company: Escape – Leading AI Cybersecurity Startup
• Cofounders: CEO (Tristan Kalos) and CTO (Antoine Carossio)
• Engineering Team: 16 Engineers, 4 Technical Leads, 1 Product Owner, 3 Pentesters
• You'll be building and leading the offensive security practice, managing a team of 3 red teamers while remaining hands‑on with technical work

Key Responsibilities

• Team Leadership & Management: Build, mentor, and manage a team of 3 red teamers, establishing offensive security best practices, methodologies, and quality standards. Foster a culture of continuous learning and technical excellence while ensuring operational efficiency.
• Offensive Security Operations: Design and execute penetration tests, red team engagements, and adversary simulations against modern web applications, APIs, cloud infrastructure, and codebases to validate Escape's detection capabilities.
• Research‑to‑Detection Pipeline: Collaborate with the Security Research team to discover novel attack techniques, validate vulnerability detection logic, and ensure our scanners catch what real attackers would exploit.
• Customer‑Facing Validation: Support enterprise customer engagements by demonstrating real‑world exploitability of findings, conducting proof‑of‑concept attacks, and helping VP Security and Security Engineer personas understand risk severity.
• Attack Scenario Development: Build realistic attack chains and scenarios that combine Code‑to‑cloud vulnerabilities, helping customers understand end‑to‑end exploitation paths from code to runtime.
• Scanner Quality Assurance: Act as the final validator for scanner accuracy by attempting to exploit reported vulnerabilities, reducing false positives, and identifying false negatives through manual testing.
• Offensive Tooling & Automation: Develop custom tools, exploits, and automated attack workflows that can be integrated into our continuous security validation processes.
• Strategic Planning: Define the offensive security roadmap, prioritize testing initiatives, and allocate team resources to maximize impact on product quality and customer success.
• Knowledge Transfer: Train Security Engineers and developers on offensive security techniques, helping them build security intuition and understand attacker perspectives.

Tech Stack

• Target Environment: Modern web applications, REST/GraphQL APIs, cloud‑native infrastructure (AWS/Kubernetes), CI/CD pipelines, container environments
• Offensive Tools: Burp Suite, custom Python/Go exploits, browser automation (Playwright), Metasploit Framework, cloud pentesting toolkits (Pacu, ScoutSuite)
• Languages: Python (primary), Go, Bash scripting, proficiency in reading/writing exploits in multiple languages
• Infrastructure: Kubernetes (EKS), Docker, AWS services
• Collaboration: GitLab, Slack, direct integration with our scanner codebase (Python/Go)

4+ years of experience: Proven experience in offensive security roles (Penetration Tester, Red Teamer, Security Researcher) with at least 1+ years in a leadership or team lead capacity. Strong track record of finding and exploiting real vulnerabilities in production environments while coaching others.

People Leadership: Demonstrated ability to build, mentor, and manage technical teams. Experience setting technical direction, conducting performance reviews, and fostering a high‑performing offensive security culture.

Application Security Expertise: Deep understanding of web application vulnerabilities (OWASP Top 10, API security, business logic flaws), modern frameworks, and cloud‑native architectures. Demonstrated ability to exploit complex vulnerability chains.

Hands‑on Exploitation: Strong practical experience with exploitation techniques, custom exploit development, and proof‑of‑concept creation. Comfortable with both manual testing and automated attack techniques. Maintains hands‑on technical skills while managing a team.

Code Analysis Skills: Ability to perform security code review and identify vulnerabilities in Python, Go, JavaScript/TypeScript, and other common languages. Experience bridging static analysis findings with runtime exploitation.

Cloud & Container Security: Experience with cloud infrastructure pentesting (AWS, Azure, GCP), Kubernetes security, container escape techniques, and CI/CD pipeline attacks.

Tooling & Automation: Proficiency in Python or Go for developing custom offensive security tools, exploits, and automation scripts. Experience extending or contributing to open‑source security tools.

Research Mindset: Curiosity‑driven approach to security, constantly exploring new attack vectors, staying current with security research, and translating findings into practical detection improvements.

Startup Enthusiast: Motivated by joining a fast‑growing deep‑tech startup, eager to have a direct impact on product quality and team building, and interested in shaping the future of AI‑driven cybersecurity from an adversarial perspective.

We respect your time and will make it quick and efficient. The entire process will be completed within 2 weeks.

1 meeting with HR representative – 30 minutes

Technical challenge

1 technical deep dive with Technical Lead – 1 hour

1 personal experience interview with Head of Engineering – 1 hour

1 leadership & strategy interview with CTO – 30 minutes

Formal hiring proposal.