Malware Researcher (Cybersecurity)

TL;DR

Malware Researcher (Cybersecurity): Protecting the open-source ecosystem and customers against malicious packages with an accent on detection rule development and pipeline analysis. Focus on building advanced detection patterns using OpenGrep and YARA, extending language support, and conducting large-scale malware research.

Location: Must be based in Sydney, Australia (Hybrid setup).

Company

A developer-first security startup building self-securing software solutions to reduce risk without slowing down development cycles.

What you will do

• Triage packages from the analysis pipeline and validate security findings.
• Develop and refine detection rules using OpenGrep and YARA to identify novel malware.
• Extend analysis pipeline support for additional programming languages.
• Experiment with cutting-edge techniques to detect malware at scale.
• Author blog posts detailing novel attacks and large-scale security incidents.
• Contribute to internal research and shape the public research agenda.

Requirements

• Broad knowledge of programming languages, specifically JavaScript (Python is a plus).
• Strong understanding of security principles, standards, and best practices.
• Experience researching and solving complex algorithmic problems, such as AST parsing.
• Fluent in English with strong communication skills for technical and non-technical audiences.

Nice to have

• Experience with OpenGrep or Semgrep.
• Practical experience with YARA.
• Background in static analysis.
• Experience building production-ready systems.

Culture & Benefits

• High-impact role within a fast-growing, well-funded startup.
• Fast-tracked professional growth and increasing responsibilities.
• Competitive salary package.
• Culture focused on openness, informality, and execution.
• Flexible working hours and hybrid work environment.