Security Research
Indexed description
We're looking for a highly skilled and driven Security Researcher to join our research group to analyze supply chain attacks, dissect malware, and build open-source tools. This is a high-impact role where you'll work with cross-functional teams to help scan and protect users and organizations around the world from the hottest cyber threats, playing a key part in shaping the future of OX.
Responsibilities:
What You'll Be Doing
- Build innovative open-source tools to detect and analyze software supply chain attacks, including compromised packages, malicious packages, and package vulnerability exploitation.
- Research supply chain attacks and investigate APT groups' tactics, techniques, and procedures (TTPs).
- Reverse engineer, dissect, and decompile malware and vulnerabilities, translating findings into comprehensive whitepapers.
- Drive research and development cycles end-to-end independently, ensuring high-quality execution from concept to delivery.
- Collaborate with internal teams and stakeholders to continuously improve our security posture and methodologies
What We're Looking For
- 5+ years of experience as a Cybersecurity Researcher.
- Proven ability to ship software in a production environment.
- Strong understanding of the SDLC and modern CI/CD pipelines.
- Comfortable leveraging AI tools to optimize research and development processes.
- Familiarity with open-source registry ecosystems ( npm, PyPI, Maven) and their respective attack surfaces.
- Proactive and independent mindset, with the ability to take full ownership of projects.
- Active contributions to open-source security tools or research projects.
- Hands-on experience with decompilers, debuggers, and network traffic analysis.
- Advanced malware analysis experience (including obfuscation, encryption, anti-analysis, and sandbox-evasion techniques).
- Web application penetration testing experience.
- Published CVEs, coordinated disclosures, writeups, blogs, or research papers.
- Experience public speaking at major industry conferences (e.g., Black Hat, DEFCON, RSAC).
- A genuine passion for cybersecurity, open-source communities, and solving complex ecosystem threats
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search