Senior Fullstack Engineer (Security & AI) • Paris Office

• Company: Escape : Leading AI Cybersecurity Startup
• Location: Paris (hybrid: 3 days in office, occasional NYC trips)
• Founders: CEO Tristan Kalos (primary manager) and CTO Antoine Carossio
• Visa & relocation: We sponsor and relocate. France's passeport talent makes this fast for research profiles.
• Compensation: €70–100 base + up to 0.5% equity (4y vest, 1y cliff)
• Start date: ASAP

____

About Escape

Escape is offensive security for the teams that are 100x outnumbered. We build AI agents that find and exploit vulnerabilities in modern applications, APIs, and microservices: the way a real attacker would, but at the speed of a CI pipeline.

We're a Y Combinator W23 company. We just closed an $18M Series A in March 2026 led by Balderton Capital (with Uncorrelated Ventures, IRIS, and YC following on). Our customers and partners include Zoom, Schibsted, Wiz, Pandadoc, and a growing list of teams who've stopped pretending annual pen tests are enough. We're 40 people split between Paris and NYC, scaling to 80 in the next 12 months

The product surface is real: ASM, business-logic-aware DAST, and AI Pentesting GA-ing this year. The competitive thesis is that LLMs collapsed the cost of offensive engineering by 1000x, and the companies that ship that capability into production first will own the next decade of the category. We're betting we're those companies.

What you'll own

You'll join a squad of 4 engineers with a Tech Lead. "Senior" here means you drive decisions, not implement tickets. Concretely:

• Ship product that works at enterprise scale: tens of thousands of assets, millions of findings, complex search, real-time refresh. You'll make it stay fast.
• Solve hard data problems: PostgreSQL performance, query design, indexing strategies, pagination, caching. Our product is data-heavy and latency-sensitive. This isn't CRUD.
• Build AI-native workflows: guided triage, assisted remediation, smart extraction from noisy scans. AI is embedded into the product, not bolted on.
• Own the full journey: from vulnerability ingestion → triage → remediation. Risk scoring, developer integrations (CI/CD, Git, ticketing), the whole loop.
• Shape the architecture: data modelling, system design, GraphQL schema. You'll influence how we build, not just what.

Stack

• Frontend: Svelte + TypeScript, GraphQL client
• Backend: Node.js, GraphQL (Yoga + Pothos), Prisma, PostgreSQL, Kafka
• Infra: AWS, GitLab CI, Grafana
• Deep tech: Python (AI/ML), Go (network tooling)

SOC-2 compliant. Rigorous code review. Comprehensive test coverage. Not bureaucratic.

Experience

• 5+ years shipping production web apps, strong on both frontend and backend
• TypeScript fluency: you actually leverage the type system, not just tolerate it
• GraphQL depth: you've designed schemas, not just consumed them
• Ownership mindset: you see a problem, you fix it, you don't file a ticket and wait
• Clear communicator: can explain tradeoffs to non-technical stakeholders

Bonus: Svelte experience · Security/DevSecOps background · Startup DNA

What's in it for you

• €70K–100K base salary, based on experience
• Meaningful equity (BSPCE): you're joining a rocketship post-Series A, pre-scale
• Real impact: you'll talk to customers, see your work in production weekly, influence product direction
• Conference speaking: we send engineers to RSAC, BlackHat, DEFCON, BSides (NYC, Vegas, SF, London, Paris)
• Growth path: Tech Lead track is open and real, not theoretical
• Health (Alan), meals (Swile), sport (EGYM Wellpass), top-tier equipment, open-source time

Interview in 1 week, no BS

1. HR chat — 30 min
2. In-person challenge and technical deep dive — 1h
3. Leadership & strategy with CTO — 30 min
4. Offer