**About CISPA**

The CISPA Helmholtz Center for Information Security is a large-scale federal research institution within the Helmholtz Association.

CISPA’s researchers work in the fields of information security, artificial intelligence, and data privacy. They conduct cutting-edge fundamental research and develop solutions to the most pressing challenges of our digital world. CISPA research results are incorporated into industrial applications and products that are available worldwide, thereby strengthening the competitiveness of Germany and Europe.

As these fields rapidly evolve, software security is reaching a turning point. Growing system complexity and the rise of AI-generated code are pushing traditional methods for detecting and resolving vulnerabilities to their limits.

At CISPA Helmholtz Center for Information Security, we are therefore forming a research-driven team to address these emerging challenges. The team develops AI-native security systems that proactively detect, analyze, and remediate vulnerabilities in increasingly complex codebases. Our work focuses on building the next generation of security systems for both human developers and autonomous AI agents, designed to integrate seamlessly into modern development workflows.

Our vision is to transform software security from a reactive and fragmented process into a proactive, unified, and intelligent capability that keeps pace with the growing complexity of modern systems and becomes a fundamental part of how software is built.

In addition, CISPA actively promotes talent and educates highly qualified specialists and leaders for industry and research—thereby sustainably carrying its expertise into the future.

As a Software Engineer (Program Analysis), you will design, build, and evolve program analysis capabilities that power AI agents and developer tooling. Your work will focus on building analysis engines that provide structured, security-relevant context, while also contributing to system integration, testing, and reliability across the platform. This role demands technical excellence, creativity, and adaptability, and offers the opportunity to work in a fast-moving, highly dynamic environment with significant ownership.

**Your future area of responsibility:  **

- Developing and extending program analysis engines to extract structured, security-relevant insights from code.
- Working with graph-based code representations (e.g., ASTs, CPGs, call graphs) to model and analyze program behavior.
- Integrating analysis components into larger systems, including pipelines that interface with AI agents.
- Designing and maintaining scalable, testable, and maintainable code for analysis frameworks.
- Building APIs and services that expose analysis results for downstream systems.
- Building testing strategies (unit, integration, and end-to-end) to ensure the correctness and reliability of analysis results.
- Collaborating closely with machine learning, security, and systems researchers to translate research into a usable system.

For content-related questions regarding the position, [**Hossein Hajipour**](https://mailto:hossein.hajipour@cispa.de) is available as your contact person via email.

We are looking for someone who is passionate about advancing the state of the art in software security and building systems that can reason about vulnerabilities at scale.

**Your qualifications profile: **

- Bachelor’s degree in computer science or a related field; master's or PhD preferred.
- Strong software engineering skills with experience building real-world systems.
- Solid understanding of program analysis concepts (e.g., static analysis, data-flow analysis, taint tracking).
- Experience with program analysis tools such as Tree-sitter.
- Experience writing clean, testable, and maintainable code, with a focus on reliability and scalability.
- Ability to effectively leverage AI coding agents and developer tools to accelerate development while maintaining high standards of code quality and reliability.

**We’d be lucky if you also:**

- Have hands-on experience integrating program analysis tools into real-world developer workflows or security pipelines.
- Have worked on vulnerability detection or secure code analysis in practice.
- Are comfortable bridging research and engineering.
- Have experience working with or alongside LLM-based systems or AI-assisted development tools
- Enjoy tackling ambiguous problems and shaping both the technical direction and implementation details.

**What we offer:**

- Work on cutting-edge research at the intersection of AI and software security
- Contribute to technology that addresses real-world, high-impact security challenges
- Be part of a highly ambitious, research-driven team
- Shape the future of autonomous, intelligent security systems
- A challenging and exciting role with a high degree of creative freedom in a research institution dedicated to shaping the future of information security in a scientific and strongly international environment
- A strong commitment to work-life balance and equal opportunities; all positions are generally suitable for part-time work
- Compensation and social benefits in accordance with the German public sector collective agreement (TVöD Bund)
- A fixed-term position
- Up to two days of remote work per week (subject to operational requirements)
- Flexible working hours
- Occupational pension scheme (VBL)
- Opportunities for professional development and further training
- Subsidized job ticket
- Social and team-building activities
- Workplace health management programs

CISPA is committed to increasing the representation of women, minorities, people with disabilities, and neurodivergent individuals in computer science. Applications from candidates with severe disabilities will be given preference in cases of equal qualification.

We welcome applications regardless of gender, nationality, origin, religion/belief, disability, neurodivergent characteristics, age, sexual orientation, or identity.

Please note that travel expenses for interview appointments cannot be reimbursed.

Please upload your documents exclusively via our career portal: [https://career.cispa.de/](https://career.cispa.de/)

Applications submitted by email cannot be accepted.