Save Job
Posted 1d ago

Security Researcher

@ Commit
Yerevan, Yerevan, Armenia
RemoteFull Time
Responsibilities:analyzing attacks, dissecting malware, building tools
Requirements Summary:5+ years cybersecurity research experience with supply-chain attacks and malware analysis; familiarity with npm, PyPI, Maven ecosystems; ability to ship production software; SDLC/CI/CD knowledge; independent, proactive, strong communication.
Technical Tools Mentioned:npm, PyPI, Maven
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Description

The company is pioneer of Active ASPM, purpose-built to secure the modern software supply chain in the age of AI. While traditional tools overwhelm teams with endless alerts, company cuts through the noise to identify the critical 5% of risks — those that are truly reachable and exploitable. From GenAI-generated code to cloud runtime, we gives developers and security teams the visibility and automation needed to ship secure software, faster.

We're looking for a highly skilled, driven Security Researcher to join our research group to analyze supply chain attacks, dissect malware, and build open-source tools. This is a high-impact role: you'll work with cross-functional teams to scan and protect users and organizations worldwide from the hottest cyber threats, playing a key part in shaping the future of company.

Requirements

Must-Have Skills:

  • 5+ years of experience as a Cybersecurity Researcher (supply-chain attacks, malware analysis)
  • Familiarity with open-source registry ecosystems (npm, PyPI, Maven) and their respective attack surfaces
  • Proven ability to ship software in a production environment
  • Strong understanding of the SDLC and modern CI/CD pipelines
  • Comfortable leveraging AI tools to optimize research and development processes
  • Proactive and independent mindset, with the ability to take full ownership of projects

Nice to Have:

  • Active contributions to open-source security tools or research projects
  • Hands-on experience with decompilers, debuggers, and network traffic analysis
  • Advanced malware analysis experience (obfuscation, encryption, anti-analysis, and sandbox-evasion techniques)
  • Web application penetration testing experience
  • Published CVEs, coordinated disclosures, writeups, blogs, or research papers
  • Experience public speaking at major industry conferences (e.g., Black Hat, DEFCON, RSAC)
  • A genuine passion for cybersecurity, open-source communities, and solving complex ecosystem threats