CrawlJobs Logo

Vulnerability Research Engineer

United States · Job Posted February 18, 2026
Apply Position
Job Link Share

Job Description

Join Socket to build and scale our patching infrastructure that delivers secure, vetted packages to developers worldwide. You’ll be at the forefront of supply chain security, creating patches for critical vulnerabilities and building the systems that help the entire open source ecosystem stay secure. This role combines deep technical work with meaningful community impact that benefits the entire ecosystem. As an early member of the Socket team, you’ll help shape how we scale this technology across the JavaScript ecosystem and beyond.

Job Responsibility

  • Master Socket workflows, tools, and patching processes
  • Lead patching efforts for high-impact vulnerabilities across npm packages
  • Scale patch production to dozens or hundreds of patches per week
  • Help select and prioritize high-value patches
  • Provide technical input on patch prioritization based on ecosystem and customer impact
  • Build and improve automated patching infrastructure and tooling
  • Design and implement scalable patch generation and delivery systems
  • Develop automated vulnerability detection and patch creation workflows
  • Build APIs and integrations to deliver certified packages
  • Create tooling for patch quality assurance and testing
  • Work with security researchers to understand and patch critical vulnerabilities
  • Help shape the technical roadmap for expansion
  • Give developers quick, safe remediation options for widely-used packages
  • Help secure the software supply chain for millions of developers

Requirements

  • 3+ years of software engineering experience with production systems
  • Strong proficiency in Node.js, JavaScript, and TypeScript
  • Experience with package managers (npm, yarn, pnpm) and the JavaScript ecosystem
  • Understanding of software security concepts and vulnerability management
  • Experience building and scaling APIs and data processing pipelines
  • Familiarity with automated testing, CI/CD, and deployment systems

Nice to have

  • Experience with security tooling, vulnerability scanning, or patch management
  • Knowledge of software supply chain security challenges
  • Experience with other package ecosystems (Python, Go, Rust, etc.)
  • Open source contributions or package maintenance experience
  • Background in DevSecOps or security engineering
  • Experience with high-throughput data processing systems

What we offer

  • Market competitive salary bands
  • Meaningful equity program
  • Comprehensive health benefits for you and your family
  • Flexible time-off, holidays, and winter shutdown to rest & recharge
  • Paid parental leave
  • Remote-first, with quarterly team off-sites

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Vulnerability Research Engineer

8 matching positions

Cleared Vulnerability Research Engineer

This role is focused on end-to-end exploit development for real-world targets. T...
Location
Location
United States
Salary
Salary:
154800.00 - 193500.00 USD / Year
bugcrowd.com Logo
Bugcrowd
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Expertise in reverse engineering of binaries (x86-64, ARM64, etc) using tools such as Binary Ninja, Ghidra, or IDA Pro
  • Precise understanding of stack and heap objects and exploit-relevant vulnerabilities (e.g., Use-after-free, Type confusion, Integer truncation, Buffer overflow)
  • Demonstrated ability to discover new vulnerabilities, not just exploit known ones
  • Experience with both manual analysis and automated techniques (e.g., fuzzing)
  • Ability to code and debug C, Python, and Assembly (x86-64, ARM, etc)
  • Ability to independently translate an under defined mission objective into a concrete, technically novel capability
  • Comfort operating with minimal supervision
  • TS/SCI clearance required (inactive SCI acceptable if SCI-clearable)
  • Ability to travel to customer sites as required
Job Responsibility
Job Responsibility
  • Design, develop, and validate novel vulnerability discovery and exploitation capabilities
  • Conduct expert reverse engineering of binaries (x86-64, ARM64, etc.) using industry-standard tools
  • Identify and exploit real-world vulnerabilities such as Use-after-free, Type confusion, Integer truncation, and Buffer overflow
  • Demonstrate ability to discover new, novel vulnerabilities in complex systems
  • Rapidly understand current vulnerability research and apply findings to identify new instances of vulnerability classes
  • Employ both manual analysis and automated techniques (e.g., fuzzing) for vulnerability discovery
  • Code and debug complex functions in C, Python, and Assembly (x86-64, ARM, etc.)
  • Independently manage and execute research objectives, including scoping, research, experimentation, validation, and iteration
  • Travel to customer sites as required
  • Perform on-site for extended periods of time
What we offer
What we offer
  • Discretionary bonus program or commission plan
  • Fulltime
Read More
Arrow Right

Cyber Security Research Engineer 3 / Application Penetration Tester

In this contingent resource assignment, you may: Consult on or participate in mo...
Location
Location
United States , Charlotte
Salary
Salary:
Not provided
apexsystems.com Logo
Apex Systems
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years of hands-on application penetration testing experience (manual testing required)
  • Experience with DAST tools and validating/triaging vulnerabilities
  • Strong knowledge of web application security (OWASP Top 10, APIs, authentication/authorization)
Job Responsibility
Job Responsibility
  • Conduct manual penetration testing of web applications, APIs, and mobile platforms
  • Perform authentication, authorization, and business logic testing
  • Identify, validate, and exploit vulnerabilities beyond automated scanner results
  • Configure and tune DAST tools to enhance testing coverage
  • Use industry tools (Burp Suite, WebInspect, Fiddler, etc.) to support manual testing
  • Triage false positives and validate scan findings
  • Reproduce and demonstrate security vulnerabilities with clear impact
  • Document findings with detailed steps, evidence, and remediation guidance
  • Deliver high-quality reports for both technical and non-technical audiences
  • Partner with development and security teams to drive vulnerability remediation
What we offer
What we offer
  • Medical
  • Dental
  • Vision
  • Life insurance
  • Disability insurance
  • ESPP (employee stock purchase program)
  • 401K program with company match after 12 months
  • HSA (Health Savings Account on the HDHP plan)
  • SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions
  • Corporate discount savings program
  • Fulltime
Read More
Arrow Right

Staff Software Engineer, Vulnerability Management

GEICO is seeking an experienced full-stack engineer with a deep technical expert...
Location
Location
United States , Chevy Chase; Palo Alto; Seattle; Renton
Salary
Salary:
115000.00 - 230000.00 USD / Year
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Tech-lead with data engineering and software development experience in a hybrid environment (AWS, Azure, on-prem)
  • Proficiency in at least one modern programming language (Python, Java, Scala, Go) and deep experience building scalable production-grade data services, APIs, or ingestion frameworks
  • Expertise in designing, building, and operating large‑scale, resilient, and high‑performance data pipelines across distributed systems, with strong knowledge of ETL/ELT patterns, data orchestration, and data quality frameworks
  • Advanced proficiency in modern data storage and processing technologies, including SQL/NoSQL databases (e.g., PostgreSQL), query optimization, and data modeling for analytical and operational use cases
  • Hands‑on experience with reporting and analytics tools such as Power BI, Tableau, or equivalent, including developing semantic models, optimizing reporting datasets, and enabling business teams with curated data
  • Strong applied skills in distributed compute ecosystems (e.g., Spark or similar), and the ability to optimize workloads for performance, cost efficiency, and reliability
  • Extensive knowledge and experience of building data intensive large-scale distributed systems on cloud
  • Experience building the architecture and design of new and current systems (architecture, design patterns, reliability, and scaling)
  • Fluency in DevOps concepts and best practices in CI/CD pipelines and infrastructure as a code
  • Experience with application performance monitoring tools and performance assessments
Job Responsibility
Job Responsibility
  • Lead software design, development, and delivery of integrated systems to drive Vulnerability Management initiatives
  • Deliver automation initiatives, conduct advanced research, and develop proofs of concept to enhance our capabilities and improve overall efficiency
  • Achieve business outcomes through force multiplication
  • Develop, integrate, and maintain multilevel cybersecurity designs, architectures, policies, and procedures
  • Provide secure design guidance and recommendations to developers, infrastructure, and product engineers
  • Influence and educate partner teams to bring an engineering first approach to develop sustainable security systems
  • Mentor peers and team members in security technologies, enterprise solution design, deployment, and effective customer interaction
  • Provide motivating demonstrations and communications to show the value of our security measures to the business, highlighting the low impact on systems, improved operability and resiliency
What we offer
What we offer
  • Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being
  • Financial benefits including market-competitive compensation
  • a 401K savings plan vested from day one that offers a 6% match
  • performance and recognition-based incentives
  • and tuition assistance
  • Access to additional benefits like mental healthcare as well as fertility and adoption assistance
  • Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year
  • Fulltime
Read More
Arrow Right

Security Research Engineer

Security represents one of the most critical priorities for customers operating ...
Location
Location
Costa Rica , San José
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 1+ year(s) experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 2+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience
  • Minimum 3 years of hands‑on experience in areas such as Security Operations (SOC Tier 2+), Cybersecurity Investigations, Incident Response, or Threat Hunting
  • Proven ability to analyze alerts and telemetry from EDR/XDR solutions—preferably Microsoft 365 Defender—and conduct investigations involving identity misuse, authentication anomalies, or suspicious access patterns
  • Solid understanding of operating system internals, security mitigations, and common threats across Windows, Linux, and Mac environments
  • Familiarity with MITRE ATT&CK and Cyber Kill Chain frameworks to structure, guide, and communicate investigative findings
  • Advanced English level
Job Responsibility
Job Responsibility
  • Analyze and validate security alerts, anomalies, and behavioral patterns within Microsoft 365 Defender and related telemetry to validate detections and understand attacker intent
  • Apply attacker methodology frameworks (MITRE ATT&CK, Cyber Kill Chain) to contextualize threats, assess progression, and determine potential impact
  • Investigate identity centric threats, credential misuse, lateral movement, cloud-based attacks, and modern techniques commonly used in human operated ransomware, Business Email Compromise (BEC), and stealthy persistence campaigns
  • Correlate large and complex datasets using Kusto Query Language (KQL) and investigate tooling to uncover relationships, patterns and root cause
  • Differentiate benign, misconfigured, suspicious, and malicious activity with confidence, supported by defensible evidence
  • Deliver customer facing investigation summaries that clearly articulate what occurred, why it matters, and the recommended next steps
  • Contribute to continuous improvement efforts by identifying gaps, false positives, attacker trends, and opportunities for tooling or process enhancements
  • Stay informed on SOC and threat landscape trends, including AI driven attack automation, identity-targeted campaigns, cloud compromise techniques, and evolving redteam tradecraft
  • Fulltime
Read More
Arrow Right

Senior Security Research Engineer

Microsoft Defender Experts Team is looking for an experienced professional to jo...
Location
Location
Costa Rica , San José
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field
  • Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • equivalent experience
  • Over 7 years of hands‑on experience in technical cybersecurity roles—including Security Operations, Threat Intelligence, Incident Response, and Penetration Testing/Red Team
  • Advanced English level
  • Advanced Portuguese level
Job Responsibility
Job Responsibility
  • Work directly with senior leaders of our customers’ security organizations as design partners on new cloud detection and response innovations, as well as to ensure excellent customer satisfaction with our products and services
  • Partner with your team of Microsoft Threat Experts providing deep research and analysis of threats impacting our customers
  • Work cross-functionally with engineering, marketing, and business leaders to innovate and deliver new security service offerings at a global scale
  • Investigate, analyze, and learn from security researchers, attackers, and real incidents to develop durable detection solutions/strategies across customer tools
  • Work with other internal and external teams to forge new and improve existing partnerships that help mature the products that support Defender Experts service offerings
  • Provide technical leadership in a challenging and rewarding environment and influence the organization
  • Fulltime
Read More
Arrow Right

Senior Research Engineer – OT Cyber Security

Senior Research Engineer role focusing on OT Cyber Security at The Manufacturing...
Location
Location
United Kingdom , Coventry
Salary
Salary:
50000.00 - 60000.00 GBP / Year
the-mtc.org Logo
Manufacturing Technology Centre
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in working in an OT environment, with good knowledge of manufacturing challenges
  • Awareness of relevant cyber security standards and frameworks, such as NIST CSF, UK Cyber Essentials Scheme, OWASP guidance (incl. on AI), IEC 62443, legislation on cyber resilience including EU Cyber Resilience Act (CRA) and UK PTSI
  • Familiarity with network and infrastructure design and the implementation of secure-by-design principles
  • Bachelor’s degree in Cyber Security, Computer Science, Information Systems, or relevant industrial/commercial experience
  • 5+ years of experience in cyber security roles, preferably in OT/IT environments
  • Strong communication and presentation skills to both internal and external stakeholders
  • Ability to work collaboratively across departments and with external partners
  • Mindset for continuous development of new skills and knowledge
  • Analytical mindset with attention to detail and problem-solving abilities
Job Responsibility
Job Responsibility
  • Contribute to the design and implementation of infrastructure architecture (IT) and manufacturing (OT) systems based on secure by design principles, for MTC internal as well as customer research projects
  • Oversee cybersecurity testing activities to identify vulnerabilities and exploits
  • Work with colleagues and technology partners to further expand MTC’s capabilities in this domain, to deliver impact for UK manufacturing
  • Support MTC’s Digital Transformation Advisors with customer cyber security queries, and knowledge on implementation and adherence to national cyber security standards such as Cyber Essentials +
  • Work with MTC’s technology partners to maintain and expand testbeds to demonstrate cyber security best practices in the OT domain (network monitoring, asset management, etc.)
  • Keeping abreast of latest developments in standards and technologies in the cyber security domain, in relation to OT, critical infrastructure and AI
  • Create and maintain collateral to keep our customers informed about the latest guidance, legislation and best practice
  • Support MTC Business Development (BD) with proposal writing to win collaborative research & industrial projects in the cyber security domain
  • Provide clear communication and presentations to technical and non-technical stakeholders and manage relationships with customers and suppliers to align their cybersecurity expectations
What we offer
What we offer
  • Hybrid/Flexible working
  • Vitality Medical
  • Company Pension
  • Tusker Car Scheme
  • Cycle 2 work scheme
  • Fulltime
Read More
Arrow Right

Principal Red Team Operator

Principal Operator, Red Team Role Summary The Operator, Red Team is a hands on ...
Location
Location
United States , Charlotte, North Carolina; Boston, Massachusetts; Manchester, New Hampshire; Pittsburgh, Pennsylvania; Westwood, Massachusetts; Johnston, Rhode Island
Salary
Salary:
120000.00 - 210000.00 USD / Year
citizensbank.com Logo
Citizens Bank
Expiration Date
July 30, 2026
Flip Icon
Requirements
Requirements
  • 4 to 8 years of hands on cybersecurity experience with a strong focus on Red Team operations, adversary emulation, or advanced offensive security
  • Demonstrated experience executing Red Team or Purple Team engagements in assumed breach or adversary based scenarios
  • Proven ability to design and execute attack paths rather than relying solely on automated tools or point in time testing
  • Strong technical capability across multiple attack surfaces, including identity and access attacks, endpoint and network exploitation, cloud and SaaS environments, and command and control frameworks
  • Understanding of campaign based red teaming and continuous testing approaches, including iterative and regression style validation
  • Working knowledge of AI security concepts, including how AI enabled systems, inputs, and workflows can be manipulated or abused
  • Ability to collaborate with Blue Team and Detection Engineering to translate offensive activity into improved detection and response capabilities
  • Strong operational discipline, including clear documentation, safe execution, and adherence to engagement constraints
  • Effective communication skills, with the ability to explain technical findings to security practitioners and cross functional partners
  • Demonstrated curiosity, adaptability, and ability to operate in rapidly evolving threat and technology environments
Job Responsibility
Job Responsibility
  • Execute Red Team and Purple Team engagements as a primary operator, including adversary emulation, assumed breach scenarios, and intelligence driven attack paths
  • Design and execute campaign based attack operations that simulate real world adversary behavior across enterprise environments
  • Perform hands on exploitation and abuse across on prem, cloud, SaaS, and hybrid infrastructures
  • Simulate advanced attacker tradecraft, including living off the land techniques, identity abuse, privilege escalation, lateral movement, persistence, command and control, and controlled data exfiltration
  • Conduct testing against AI enabled systems and workflows, including abuse and misuse of AI assistants, copilots, and automation platforms
  • Execute prompt manipulation, indirect prompt injection, and AI model misuse scenarios to evaluate emerging attack surfaces
  • Collaborate closely with Detection Engineering and Blue Team during Purple Team engagements to validate detections, identify coverage gaps, and refine response effectiveness
  • Translate offensive findings into actionable remediation insights and partner with stakeholders to ensure vulnerabilities are addressed and control effectiveness is improved
  • Contribute to full lifecycle execution of engagements, ensuring findings are tracked through resolution and result in measurable risk reduction
  • Leverage and extend red team tooling and frameworks and develop targeted scripts or payloads to emulate specific adversary behaviors
What we offer
What we offer
  • competitive pay
  • comprehensive medical, dental, and vision coverage
  • retirement benefits
  • maternity and paternity leave
  • flexible work arrangements
  • education reimbursement
  • wellness programs
  • Fulltime
Read More
Arrow Right

Internship

Digisailor's internship program in Tuticorin gives local students and graduates ...
Location
Location
India , Tuticorin
Salary
Salary:
Not provided
Digisailor
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • B.E. / B.Tech students (CSE, IT, ECE, EEE, Mechanical, Mechatronics)
  • M.Tech, MCA, M.Sc (Data Science / AI / IT) students
  • Final-year and pre-final-year engineering candidates
  • Diploma and polytechnic students with strong fundamentals
  • Fresh graduates seeking their first tech role
  • Self-learners with portfolio projects on GitHub
Job Responsibility
Job Responsibility
  • Build production-grade web and mobile applications using React, Node.js, and modern frameworks
  • Design secure systems and apply Cyber Security fundamentals — penetration testing, vulnerability assessment, and threat modeling
  • Train and deploy AI / ML models with Python, TensorFlow, and cloud-based ML pipelines
  • Implement Cloud & DevOps workflows on AWS, Azure, and GCP with CI/CD and containerization
  • Develop IoT and Industrial Automation solutions integrating PLC, SCADA, and edge gateways
  • Analyze large datasets and build dashboards using Data Science & Analytics tools
  • Create intuitive UI/UX designs and conduct user research for real-world products
  • Write smart contracts and build decentralized apps with Blockchain Development fundamentals
  • Execute end-to-end Digital Marketing campaigns including SEO, SEM, and content strategy
  • Manage real projects with Agile methodologies, sprint planning, and stakeholder communication
What we offer
What we offer
  • Real-world project experience with global clients
  • 1:1 mentorship from senior engineers and architects
  • Performance-based monthly stipend
  • Internship certificate & recommendation letter
  • Pre-placement offer (PPO) for top performers
  • Flexible hybrid / remote work model
  • Exposure to modern stack: React, Python, AI, Cloud, IoT
  • Networking with Digisailor's global offices
Read More
Arrow Right