CrawlJobs Logo

Vulnerability Research Engineer

Socket

Location Icon

Location:
United States

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

Join Socket to build and scale our patching infrastructure that delivers secure, vetted packages to developers worldwide. You’ll be at the forefront of supply chain security, creating patches for critical vulnerabilities and building the systems that help the entire open source ecosystem stay secure. This role combines deep technical work with meaningful community impact that benefits the entire ecosystem. As an early member of the Socket team, you’ll help shape how we scale this technology across the JavaScript ecosystem and beyond.

Job Responsibility:

  • Master Socket workflows, tools, and patching processes
  • Lead patching efforts for high-impact vulnerabilities across npm packages
  • Scale patch production to dozens or hundreds of patches per week
  • Help select and prioritize high-value patches
  • Provide technical input on patch prioritization based on ecosystem and customer impact
  • Build and improve automated patching infrastructure and tooling
  • Design and implement scalable patch generation and delivery systems
  • Develop automated vulnerability detection and patch creation workflows
  • Build APIs and integrations to deliver certified packages
  • Create tooling for patch quality assurance and testing
  • Work with security researchers to understand and patch critical vulnerabilities
  • Help shape the technical roadmap for expansion
  • Give developers quick, safe remediation options for widely-used packages
  • Help secure the software supply chain for millions of developers

Requirements:

  • 3+ years of software engineering experience with production systems
  • Strong proficiency in Node.js, JavaScript, and TypeScript
  • Experience with package managers (npm, yarn, pnpm) and the JavaScript ecosystem
  • Understanding of software security concepts and vulnerability management
  • Experience building and scaling APIs and data processing pipelines
  • Familiarity with automated testing, CI/CD, and deployment systems

Nice to have:

  • Experience with security tooling, vulnerability scanning, or patch management
  • Knowledge of software supply chain security challenges
  • Experience with other package ecosystems (Python, Go, Rust, etc.)
  • Open source contributions or package maintenance experience
  • Background in DevSecOps or security engineering
  • Experience with high-throughput data processing systems
What we offer:
  • Market competitive salary bands
  • Meaningful equity program
  • Comprehensive health benefits for you and your family
  • Flexible time-off, holidays, and winter shutdown to rest & recharge
  • Paid parental leave
  • Remote-first, with quarterly team off-sites

Additional Information:

Job Posted:
February 18, 2026

Employment Type:
Fulltime
Work Type:
Remote work
Icon
Socket - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Vulnerability Research Engineer

Expert/Senior iOS Vulnerability Researcher

The project focuses on enhancing national and commercial resilience against mobi...
Location
Location
United States , McLean, Virginia
Salary
Salary:
Not provided
eleks.com Logo
ELEKS
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Eligibility for a U.S. security clearance
  • 5+ years of experience in mobile vulnerability research or reverse engineering
  • Strong proficiency in Objective-C, Swift, and ARM64 assembly
  • In-depth understanding of iOS platform security mechanisms, including sandboxing and jailbreak techniques
  • Hands-on experience with browser/JavaScript fuzzing, Apple kernel internals, and memory corruption vulnerabilities
  • Exceptional attention to detail with the ability to clearly document technical findings
  • Ability to work professionally, reliably, and independently
Job Responsibility
Job Responsibility
  • Conduct static and dynamic vulnerability research across iOS applications and firmware
  • Design and execute fuzzing campaigns targeting iOS components
  • Reverse engineer iOS binaries using tools such as IDA Pro, Ghidra, and Hopper
  • Develop proof-of-concept exploits and support the responsible disclosure process
  • Collaborate with offensive security and red teams to assess real-world impact
  • Document research findings and contribute to technical reports and internal security advisories
  • Maintain and enhance internal mobile fuzzing frameworks
  • Assist in threat emulation and defense hardening initiatives
What we offer
What we offer
  • 14 paid days off
  • 8 paid sick leaves
  • Paid federal US holidays
  • Nonpaid leaves
  • Medical insurance (including dental and vision)
  • Close cooperation with a customer
  • Challenging tasks
  • Competence development
  • 401(k) plan
Read More
Arrow Right

Expert/Senior Android Vulnerability Researcher

The project focuses on enhancing national and commercial resilience against mobi...
Location
Location
United States , McLean, Virginia
Salary
Salary:
Not provided
eleks.com Logo
ELEKS
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Ability to obtain and maintain a U.S. security clearance
  • 5+ years of experience in Android or embedded systems security
  • Deep knowledge of Android kernel internals, Binder IPC, TEE/TrustZone, and SELinux
  • Proficiency in Java, Kotlin, C/C++, and ARM assembly
  • Hands-on experience with browser fuzzing and mobile application vulnerability discovery
  • Strong communication and documentation skills
  • Self-motivated, technically curious, and results-driven
Job Responsibility
Job Responsibility
  • Discover kernel and system-level vulnerabilities in Android-based operating systems
  • Analyze vendor customizations, identify weaknesses in OEM forks, and develop root/privilege escalation exploits
  • Create custom fuzzers and tooling for Android IPC (e.g., Binder, HIDL, AIDL)
  • Conduct reverse engineering using tools like Frida, Ghidra, and QEMU
  • Lead technical engagements with partners and present findings both internally and externally
  • Mentor junior vulnerability researchers and provide technical guidance across the team
  • Contribute to red team exercises and adversarial simulation projects
What we offer
What we offer
  • 14 paid days off
  • 8 paid sick leaves
  • Paid federal US holidays
  • Nonpaid leaves
  • Medical insurance (including dental and vision)
  • Close cooperation with a customer
  • Challenging tasks
  • Competence development
  • 401(k) plan
Read More
Arrow Right

Product Security Engineer- Threat Researcher

The Senior Security Engineer/Threat Researcher position will be part of Aruba Th...
Location
Location
Puerto Rico , Aguadilla
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • B.S. or M.S. in software engineering, computer science, cybersecurity or a related field (or equivalent experience)
  • 6+ years of professional experience in software engineering, vulnerability research, penetration testing, or a related security discipline
  • Programming experience in C and at least one additional language used for secure software development, such as Rust, Go, or Python
  • Hands-on experience with security testing tools and techniques, such as fuzzing, reverse engineering, and exploit development frameworks (e.g., Metasploit, Immunity Debugger, Ghidra, or IDA Pro)
  • Understanding of memory-unsafe vulnerabilities, including buffer overflows, use-after-free, integer overflows, and format string vulnerabilities, as well as mitigation techniques such as ASLR, DEP, and stack canaries
  • Strong knowledge of web application security, including OWASP Top 10 vulnerabilities such as XSS, SQL injection, XXE, CSRF and insecure deserialization
  • Familiarity with secure coding practices, threat modeling, and static and dynamic application security testing (SAST/DAST) tools
  • Knowledge of modern cryptographic algorithms and security protocols (e.g., TLS, IPsec, OAuth) and their implementation pitfalls
  • Demonstrated ability to analyze, exploit, and remediate security vulnerabilities in complex codebases
  • Strong written and verbal communication skills, with the ability to create detailed technical reports and convey complex concepts to both technical and non-technical stakeholders. English advanced
Job Responsibility
Job Responsibility
  • Conduct advanced security assessments of HPE Aruba networking products, including manual code reviews and penetration testing, to uncover vulnerabilities such as memory-unsafe errors, insecure deserialization, and authentication/authorization flaws
  • Develop proofs of concept (PoCs) to demonstrate the exploitability of identified vulnerabilities and provide actionable remediation guidance to engineering teams when requested
  • Develop and maintain custom tools to assist in vulnerability discovery, exploit development, and tracking and disclosure of vulnerabilities to the public
  • Assist in managing Aruba’s bug bounty program, collaborating with external researchers and product engineering teams to triage, reproduce, and remediate reported vulnerabilities
  • Assist in writing vulnerability disclosure bulletins and managing the process of releasing those bulletins to the public
  • Serve as a subject-matter expert on secure coding practices, particularly in memory-safe and memory-unsafe programming languages, and evangelize these practices across product engineering teams
  • Conduct original security research on non-Aruba products and technologies, including discovering new vulnerabilities, publishing papers, and presenting at leading security conferences
  • Positively represent Aruba in the global security community by fostering collaboration with security researchers while balancing the goals of researchers with the needs of our customers
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Threat Intelligence Research Engineer

We’re looking for a Threat Intelligence Research Engineer who can bridge two wor...
Location
Location
United States , Orlando
Salary
Salary:
Not provided
threatlocker.com Logo
ThreatLocker
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in cybersecurity research, threat intelligence, security engineering, SOC analysis, or malware analysis
  • Strong knowledge of attacker TTPs, MITRE ATT&CK, malware behavior, incident response, and threat hunting workflows
  • Hands-on familiarity with tools such as SIEMs, sandboxes, EDR platforms, packet analyzers, and OSINT frameworks
  • Ability to read logs, investigate incidents, and interpret technical artifacts
  • Proven experience writing technical reports, threat advisories, security research, or cybersecurity analysis
  • Ability to translate complex material into clear, concise content without losing technical accuracy
  • Strong editorial judgment and an understanding of narrative clarity and structure
  • Deep curiosity and a research-driven mindset
  • Commitment to accuracy, integrity, and evidence-backed analysis
  • Ability to juggle multiple research topics while meeting publishing deadlines
Job Responsibility
Job Responsibility
  • Monitor, analyze, and report on emerging threats, indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and global threat trends
  • Investigate vulnerabilities, misconfigurations, malware behavior, ransomware campaigns, and exploit chains
  • Conduct independent research on threat actors, intrusion patterns, and security gaps relevant to our customer base
  • Collaborate with internal engineering, SOC, and threat teams to access proprietary intelligence and validate findings
  • Produce clear, defensible, and high-accuracy analysis based on data and technical evidence
  • Transform threat research into high-quality reports, whitepapers, blogs, briefs, advisories, and thought-leadership content
  • Write in a way that resonates with cybersecurity professionals, executives, and IT leaders
  • Contribute to articles under the names of internal subject matter experts (SMEs) to elevate their voices and strengthen company authority
  • Develop clear visuals, diagrams, and technical explanations to support complex research
  • Ensure all content is technically rigorous, original, and aligned with our Zero Trust security philosophy
Read More
Arrow Right

Product Security Engineer

The Senior Security Engineer/Threat Researcher position will be part of Aruba Th...
Location
Location
United States , Remote
Salary
Salary:
101900.00 - 234500.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • B.S. or M.S. in software engineering, computer science, cybersecurity, or a related field (or equivalent experience)
  • 7+ years of professional experience in software engineering, vulnerability research, penetration testing, or a related security discipline
  • Programming experience in C and at least one additional language used for secure software development, such as Rust, Go, or Python
  • Hands-on experience with security testing tools and techniques, such as fuzzing, reverse engineering, and exploit development frameworks (e.g., Metasploit, Immunity Debugger, Ghidra, or IDA Pro)
  • Understanding of memory-unsafe vulnerabilities, including buffer overflows, use-after-free, integer overflows, and format string vulnerabilities, as well as mitigation techniques such as ASLR, DEP, and stack canaries
  • Strong knowledge of web application security, including OWASP Top 10 vulnerabilities such as XSS, SQL injection, XXE, CSRF, and insecure deserialization
  • Familiarity with secure coding practices, threat modeling, and static and dynamic application security testing (SAST/DAST) tools
  • Knowledge of modern cryptographic algorithms and security protocols (e.g., TLS, IPsec, OAuth) and their implementation pitfalls
  • Demonstrated ability to analyze, exploit, and remediate security vulnerabilities in complex codebases
  • Strong written and verbal communication skills, with the ability to create detailed technical reports and convey complex concepts to both technical and non-technical stakeholders
Job Responsibility
Job Responsibility
  • Conduct advanced security assessments of HPE Aruba networking products, including manual code reviews and penetration testing, to uncover vulnerabilities such as memory-unsafe errors, insecure deserialization, and authentication/authorization flaws
  • Develop proofs of concept (PoCs) to demonstrate the exploitability of identified vulnerabilities and provide actionable remediation guidance to engineering teams when requested
  • Develop and maintain custom tools to assist in vulnerability discovery, exploit development, and tracking and disclosure of vulnerabilities to the public
  • Assist in managing Aruba’s bug bounty program, collaborating with external researchers and product engineering teams to triage, reproduce, and remediate reported vulnerabilities
  • Assist in writing vulnerability disclosure bulletins and managing the process of releasing those bulletins to the public
  • Serve as a subject-matter expert on secure coding practices, particularly in memory-safe and memory-unsafe programming languages, and evangelize these practices across product engineering teams
  • Conduct original security research on non-Aruba products and technologies, including discovering new vulnerabilities, publishing papers, and presenting at leading security conferences
  • Positively represent Aruba in the global security community by fostering collaboration with security researchers while balancing the goals of researchers with the needs of our customers.
What we offer
What we offer
  • Comprehensive suite of benefits that supports physical, financial, and emotional wellbeing
  • Specific programs catered to helping employees reach career goals
  • Inclusive working environment.
  • Fulltime
Read More
Arrow Right

Product Security Engineer

The Senior Security Engineer/Threat Researcher position will be part of Aruba Th...
Location
Location
Puerto Rico , Aguadilla
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • B.S. or M.S. in software engineering, computer science, cybersecurity or a related field (or equivalent experience)
  • 6+ years of professional experience in software engineering, vulnerability research, penetration testing, or a related security discipline
  • Programming experience in C and at least one additional language used for secure software development, such as Rust, Go, or Python
  • Hands-on experience with security testing tools and techniques, such as fuzzing, reverse engineering, and exploit development frameworks (e.g., Metasploit, Immunity Debugger, Ghidra, or IDA Pro)
  • Understanding of memory-unsafe vulnerabilities, including buffer overflows, use-after-free, integer overflows, and format string vulnerabilities, as well as mitigation techniques such as ASLR, DEP, and stack canaries
  • Strong knowledge of web application security, including OWASP Top 10 vulnerabilities such as XSS, SQL injection, XXE, CSRF and insecure deserialization
  • Familiarity with secure coding practices, threat modeling, and static and dynamic application security testing (SAST/DAST) tools
  • Knowledge of modern cryptographic algorithms and security protocols (e.g., TLS, IPsec, OAuth) and their implementation pitfalls
  • Demonstrated ability to analyze, exploit, and remediate security vulnerabilities in complex codebases
  • Strong written and verbal communication skills, with the ability to create detailed technical reports and convey complex concepts to both technical and non-technical stakeholders. English advanced
Job Responsibility
Job Responsibility
  • Conduct advanced security assessments of HPE Aruba networking products, including manual code reviews and penetration testing, to uncover vulnerabilities such as memory-unsafe errors, insecure deserialization, and authentication/authorization flaws
  • Develop proofs of concept (PoCs) to demonstrate the exploitability of identified vulnerabilities and provide actionable remediation guidance to engineering teams when requested
  • Develop and maintain custom tools to assist in vulnerability discovery, exploit development, and tracking and disclosure of vulnerabilities to the public
  • Assist in managing Aruba’s bug bounty program, collaborating with external researchers and product engineering teams to triage, reproduce, and remediate reported vulnerabilities
  • Assist in writing vulnerability disclosure bulletins and managing the process of releasing those bulletins to the public
  • Serve as a subject-matter expert on secure coding practices, particularly in memory-safe and memory-unsafe programming languages, and evangelize these practices across product engineering teams
  • Conduct original security research on non-Aruba products and technologies, including discovering new vulnerabilities, publishing papers, and presenting at leading security conferences
  • Positively represent Aruba in the global security community by fostering collaboration with security researchers while balancing the goals of researchers with the needs of our customers
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Senior Security Researcher

Endor Labs is building the Application Security platform for the software develo...
Location
Location
United States
Salary
Salary:
Not provided
https://www.endorlabs.com Logo
Endor Labs
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in security research, vulnerability discovery, and offensive security
  • deep expertise in reverse engineering, exploit development, and software vulnerability analysis
  • strong understanding of software supply chain security, including package management systems, CI/CD pipelines, and dependency analysis
  • experience discovering and responsibly disclosing zero-day vulnerabilities
  • proven track record of publishing high-quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides)
  • proficiency in programming languages such as Python, Rust, or Go
  • strong analytical skills and the ability to conduct complex security research autonomously
  • excellent communication skills, both written and verbal, to convey technical concepts to diverse audiences.
Job Responsibility
Job Responsibility
  • Conduct offensive security research on software supply chain threats, identifying and analyzing zero-day vulnerabilities
  • develop and refine exploit techniques to understand modern attack vectors targeting software supply chain through malicious code, 3rd party libraries, and CI/CD systems
  • work closely with Product Management to translate research findings into innovative security capabilities within Endor Labs' products
  • publish research findings through technical blogs, white papers, and industry-leading security conferences
  • collaborate with security engineers and developers to prototype and implement detection and mitigation strategies for emerging threats
  • contribute to the security community by developing open-source tools, methodologies, or frameworks that enhance software supply chain security
  • stay ahead of the latest threats, attacker methodologies, and evolving security trends to continuously refine our research efforts.
What we offer
What we offer
  • Work with a world-class team dedicated to pushing the boundaries of security research
  • directly influence the security of modern software supply chains
  • a culture that values innovation, collaboration, and continuous learning
  • competitive compensation, flexible work environment, and a generous benefits package
  • opportunity to present groundbreaking research and contribute to the global security community.
  • Fulltime
Read More
Arrow Right

Senior Software Reverse Engineer

STR is hiring a Senior Software Reverse Engineer who has a passion for research ...
Location
Location
United States , San Diego
Salary
Salary:
134000.00 - 184000.00 USD / Year
str.us Logo
STR
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Active Top Secret (TS) security clearance
  • U.S. citizenship
  • Bachelors Degree in Computer Science, Computer Engineering, Cybersecurity or related field plus a minimum of 5 years relevant experience
  • Experience with binary analysis of software/firmware
  • Experience with disassembly tools, such as IDA Pro, Binary Ninja, or Ghidra
  • Proficiency in one or more programming languages: C/C++, Python, etc.
  • Proficiency in one or more Assembly Languages: x86, ARM, etc.
  • General understanding of reverse engineering fundamentals: memory layout, calling conventions, etc.
Job Responsibility
Job Responsibility
  • Reverse engineering complex software or firmware targets, ranging from typical Windows/Linux binaries to embedded firmware running non-traditional computer architectures and operating systems
  • Developing and applying automated reverse engineering and binary analysis tools to characterize protocols, interfaces, and functionality of target systems
  • Developing innovative cybersecurity solutions
  • Working in multi-discipline teams to tackle challenging problems from a wide variety of technologies to develop innovative cybersecurity solutions
  • Performing vulnerability weaponization, exploit development, payload development, and exploit mitigation on a variety of challenging targets
  • Documenting, demonstrating, and presenting research
  • Solving real world problems that have an impact on national security
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy