Company is the pioneer of Active ASPM, securing the modern software supply chain. We cut through alert noise to surface the critical 5% of risks that are truly reachable and exploitable.
We're hiring a Backend Engineer for our Security Research group to build the systems thatpower our open-source intelligence work - ingesting public package ecosystems (NPM, PyPI),monitoring them continuously, and detecting malicious behavior at scale.This is a highly autonomous IC role where you’ll own projects end-to-end - transforming researcher prototypes into scalable production systems.
Responsibilities:
-
Build scalable scraping and ingestion pipelines for public package registries (NPM, PyPI, etc.)
-
Design and maintain distributed systems based on APIs, workers, queues, and databases
-
Develop detection mechanisms for: malicious install hooks, embedded binaries, obfuscation techniques, suspicious package behavior
-
Build and improve risk-scoring algorithms to prioritize real threats
-
Work closely with security researchers to productionize detection capabilities
Requirements:
Requirements:
-
5+ years of backend development experience with Python and/or Node.js / TypeScript
-
Hands-on experience with large-scale scraping systems
-
Strong knowledge of distributed architectures: queues, workers, PostgreSQL, Redis
-
Production experience with Docker / docker-compose
-
Strong ownership mindset and ability to work autonomously
-
Full professional English proficiency
Strong Advantage:
-
Malware analysis or reverse engineering experience
-
Familiarity with ELF / PE / Mach-O formats
-
Background in security research or software supply-chain security
