We’re hiring a Security Backend Engineer for our Security Research group to build the systems that power our open-source intelligence efforts - ingesting public package ecosystems (NPM, PyPI), continuously monitoring them, and detecting malicious behavior at scale.

This role focuses on building the infrastructure behind large-scale open-source intelligence, package ecosystem monitoring, and supply chain threat detection. It is a highly autonomous individual contributor role with end-to-end ownership of projects, turning security research prototypes into scalable production systems.

Responsibilities

• Build scalable scraping and ingestion pipelines for public package registries such as NPM, PyPI, and similar ecosystems
• Design and maintain distributed systems using APIs, workers, queues, and databases
• Develop detection mechanisms for:
  • malicious install hooks
  • embedded binaries
  • obfuscation techniques
  • suspicious package behavior
• Build and improve risk-scoring algorithms to prioritize real threats
• Work closely with security researchers to productionize detection capabilities

Requirements

Must Have

• 5+ years of backend development experience with Python and/or Node.js / TypeScript
• Hands-on experience with large-scale scraping systems
• Strong knowledge of distributed architectures, including:
  • queues
  • workers
  • PostgreSQL
  • Redis
• Production experience with Docker / docker-compose
• Strong ownership mindset and ability to work autonomously

• Full professional English proficiency

Strong Advantage

• Malware analysis or reverse engineering experience
• Familiarity with ELF, PE, or Mach-O formats

• Background in security research or software supply-chain security

Nice to Have

• CTF participation
• Bug bounty experience
• OSCP / OSWE certifications
• Experience at companies in application security, supply-chain security, or developer security tooling
• Kafka and large-scale ETL experience