Description

Company is the pioneer of Active ASPM, securing the modern software supply chain. We cut through alert noise to surface the critical 5% of risks that are truly reachable and exploitable.

We're hiring a Backend Engineer for our Security Research group to build the systems thatpower our open-source intelligence work - ingesting public package ecosystems (NPM, PyPI),monitoring them continuously, and detecting malicious behavior at scale.This is a highly autonomous IC role where you’ll own projects end-to-end - transforming researcher prototypes into scalable production systems.

Responsibilities:

• Build scalable scraping and ingestion pipelines for public package registries (NPM, PyPI, etc.)
• Design and maintain distributed systems based on APIs, workers, queues, and databases
• Develop detection mechanisms for: malicious install hooks, embedded binaries, obfuscation techniques, suspicious package behavior
• Build and improve risk-scoring algorithms to prioritize real threats
• Work closely with security researchers to productionize detection capabilities

Requirements

Requirements:

• 5+ years of backend development experience with Python and/or Node.js / TypeScript
• Hands-on experience with large-scale scraping systems
• Strong knowledge of distributed architectures: queues, workers, PostgreSQL, Redis
• Production experience with Docker / docker-compose
• Strong ownership mindset and ability to work autonomously
• Full professional English proficiency

Strong Advantage:

• Malware analysis or reverse engineering experience
• Familiarity with ELF / PE / Mach-O formats
• Background in security research or software supply-chain security