Our client is a top cybersecurity company in the software supply chain field.
The company maintains the industry’s leading Python vulnerability database and their Safety scanner is popularly used by Python teams worldwide (with >1 million downloads every month).
The software and vulnerability data are trusted by thousands of software development teams including top companies like Amazon, Apple, and Intel.
It is a fully remote team with members in North America, South America, and Europe.
As a Cyber Security Analyst you will have the opportunity to join a dynamic Cybersecurity Intelligence team as a senior member.
You’ll be responsible for:
- Conduct more thorough or complex vulnerability assessments
- Find new and unknown vulnerabilities in Python, Javascript and Java packages, and submit them to NVD, Mitre, and other central vulnerability organizations
- Plan the direction of vulnerability and package database, including research into automation, finding new data sources, and new data types and metrics for vulnerability classification
- Provide expert advice and guidance to internal teams and enterprise customers
- Conducting CVSS and other severity analyzes on vulnerabilities
- Collaborate with open source maintainers to find and remediate vulnerabilities in their packages
- Collaborate with academic groups to discuss and understand software supply chain security research
- Stay up-to-date with new threats, vulnerabilities, and industry trends
Qualifications and Experience:
- 5+ years of experience working in Python, Java or Javascript
- Expert knowledge of security attack vectors and common anti-patterns in Python, Javascript, or Java
- Proficiency in open source package management tools and ecosystems including PyPi, NPM, Yarn, Maven, and Gradle
- 3+ years of experience in vulnerability research and/or exploit development
- Experience in vulnerability research through CVEs, and conducting vulnerability assessments including CVSS
- Experience with SCA fundamentals and tools
- Experience in static and dynamic code analysis for security and vulnerability analysis
- Experience in scripting and programming for research purposes
- 2+ years of hands-on experience in coding tools, CTF, and pentests
- Ability to analyze and interpret vulnerability scan data
- Excellent written and verbal English
- Ability to work in a team environment and mentor team members
- Certifications in relevant security and IT fields are a plus
We offer:
- competitive salary paid in USD
- B2B contract with paid vacation
- fully remote work with flexible hours to fit your lifestyle
Our online recruitment process is simple and efficient:
- introduction interview with the recruiter
- technical interview with the client
If you meet our requirements, we’ll extend a job offer to you.
Don’t miss out on this amazing opportunity to work with a leading cybersecurity company in the software supply chain space!
IMPORTANT: Reliable high-speed internet access and a computer to work from.