Security Researcher (Cybersecurity)

TL;DR

Security Researcher (Cybersecurity): Building open-source tools and analyzing software supply chain attacks to identify critical risks with an accent on malware dissection and APT TTP investigation. Focus on reverse engineering malicious packages and translating findings into comprehensive whitepapers.

Company

hirify.global is a pioneer of Active ASPM, focused on securing the modern software supply chain by identifying the most critical and exploitable risks.

What you will do

• Build innovative open-source tools to detect and analyze software supply chain attacks in ecosystems like npm, PyPI, and Maven.
• Research supply chain attacks and investigate APT groups' tactics, techniques, and procedures (TTPs).
• Reverse engineer, dissect, and decompile malware and vulnerabilities.
• Translate research findings into comprehensive whitepapers.
• Drive end-to-end research and development cycles from concept to delivery.
• Collaborate with internal teams to improve the overall security posture and methodologies.

Requirements

• 5+ years of experience as a Cybersecurity Researcher.
• Proven ability to ship software in a production environment.
• Strong understanding of the SDLC and modern CI/CD pipelines.
• Comfortable leveraging AI tools to optimize research and development processes.
• Familiarity with open-source registry ecosystems and their respective attack surfaces.
• Proactive and independent mindset with the ability to take full ownership of projects.

Nice to have

• Active contributions to open-source security tools or research projects.
• Hands-on experience with decompilers, debuggers, and network traffic analysis.
• Advanced malware analysis experience, including obfuscation and sandbox-evasion techniques.
• Web application penetration testing experience.
• Published CVEs, coordinated disclosures, or research papers.
• Experience public speaking at major industry conferences like Black Hat, DEFCON, or RSAC.