Security Researcher (Supply Chain & Malware)

About the role

We are seeking an experienced Security Researcher to join a cutting‑edge cybersecurity team focused on defending modern software ecosystems. You will investigate sophisticated supply‑chain attacks, analyze malware, and create innovative tools that help organisations detect and mitigate security risks before they cause harm.

Key responsibilities

• Conduct in‑depth research on software supply‑chain threats, emerging attack techniques, and advanced adversary behaviors.
• Analyze, reverse engineer, and investigate malware, vulnerabilities, and malicious software packages.
• Design, build, and maintain open‑source tools for detection, analysis, and prevention of supply‑chain attacks.
• Research threat actors and APT groups, documenting tactics, techniques, and procedures.
• Translate technical findings into high‑quality research reports, whitepapers, and documentation.
• Lead research initiatives from concept through implementation, ensuring high standards of quality and innovation.
• Collaborate with engineering, product, and security teams to enhance detection capabilities and platform resilience.
• Continuously monitor evolving cybersecurity trends affecting open‑source and cloud‑native environments.

Required profile

• Minimum 5 years of experience in cybersecurity research, threat research, malware analysis, or vulnerability research.
• Proven ability to work autonomously on complex technical challenges.
• Strong understanding of software development lifecycles, DevSecOps, and CI/CD environments.
• Passion for uncovering vulnerabilities and advancing cybersecurity through research.

Required skills

• Malware analysis and reverse engineering
• Vulnerability research
• Software development and production‑quality tool building
• SDLC, DevSecOps, CI/CD practices
• Software supply‑chain security (npm, PyPI, Maven, etc.)
• Threat intelligence and APT research
• Use of AI‑powered tools for automation and analysis