Security Research

• Conduct in-depth research into software supply chain threats, emerging attack techniques, and advanced adversary behaviors targeting modern development environments.


• Analyze, reverse engineer, and investigate malware, vulnerabilities, and malicious software packages to identify risks and develop effective detection methods.


• Design, build, and maintain open-source tools that improve the detection, analysis, and prevention of software supply chain attacks.


• Research threat actors and advanced persistent threat (APT) groups, documenting tactics, techniques, and procedures to strengthen threat intelligence capabilities.


• Translate technical findings into high-quality research reports, whitepapers, and technical documentation for both internal and external audiences.


• Lead research initiatives independently from concept through implementation, ensuring high standards of quality, accuracy, and innovation.


• Collaborate with engineering, product, and security teams to enhance security methodologies, detection capabilities, and overall platform resilience.


• Continuously monitor evolving cybersecurity trends, vulnerabilities, and attack vectors affecting open-source ecosystems and cloud-native environments.

Requirements

• Minimum of 5 years of experience in cybersecurity research, threat research, malware analysis, vulnerability research, or a related security discipline.


• Strong software development skills with a proven track record of building and delivering production-quality tools or applications.


• Deep understanding of the Software Development Lifecycle (SDLC), DevSecOps practices, and modern CI/CD environments.


• Knowledge of software supply chain security, including common risks associated with open-source package ecosystems such as npm, PyPI, Maven, or similar repositories.


• Experience using AI-powered tools and technologies to enhance research, automation, and analytical workflows.


• Strong analytical, investigative, and problem-solving abilities with the capacity to work independently and take ownership of complex projects.


• Excellent communication skills, including the ability to document findings and communicate technical concepts clearly to diverse audiences.


• Passion for cybersecurity research, threat intelligence, and protecting software ecosystems from evolving threats.

Preferred Qualifications

• Contributions to open-source security projects, tools, or research initiatives.


• Hands-on experience with malware reverse engineering, decompilers, debuggers, and network traffic analysis tools.


• Advanced knowledge of malware evasion techniques, obfuscation methods, encryption mechanisms, and anti-analysis strategies.


• Experience conducting web application security assessments or penetration testing.


• Published CVEs, security advisories, research papers, technical blogs, or coordinated vulnerability disclosures.


• Experience presenting technical research at industry conferences, security events, or community meetups.

Benefits

• Competitive compensation package aligned with experience and expertise.


• Flexible remote or hybrid work arrangements.


• Opportunity to work on highly innovative cybersecurity technologies and emerging threat landscapes.


• Significant ownership and autonomy over research projects and technical initiatives.


• Exposure to advanced security challenges involving cloud-native environments, software supply chains, and AI-driven development ecosystems.


• Collaborative environment with experienced security researchers, engineers, and technology leaders.


• Professional development opportunities, including research publication and conference participation support.


• Access to modern tools, technologies, and resources to accelerate research and innovation.


• Inclusive and mission-driven culture focused on continuous learning and technical excellence.