Vulnerability Research Engineer

Vulnerability Research Engineer About Us Socket helps devs and security teams ship faster by cutting out security busywork. Thousands of orgs use Socket to safely find, audit, and manage open source code. Our customers — from Anthropic to xAI, and Figma to Vercel — love Socket (just check out their tweets https://socket.dev/love to see for yourself!) Founded by Feross Aboukhadijeh https://www.linkedin.com/in/feross/, a long-time open source maintainer with software downloaded over a billion times a month, Socket has raised $65M in funding https://socket.dev/blog/series-b from top angels, operators, and security leaders. About the Role Join Socket to build and scale our patching infrastructure that delivers secure, vetted packages to developers worldwide. You’ll be at the forefront of supply chain security, creating patches for critical vulnerabilities and building the systems that help the entire open source ecosystem stay secure. This role combines deep technical work with meaningful community impact that benefits the entire ecosystem. As an early member of the Socket team, you’ll help shape how we scale this technology across the JavaScript ecosystem and beyond. What You'll Do - Master Socket workflows, tools, and patching processes - Lead patching efforts for high-impact vulnerabilities across npm packages - Scale patch production to dozens or hundreds of patches per week - Help select and prioritize high-value patches - Provide technical input on patch prioritization based on ecosystem and customer impact - Build and improve automated patching infrastructure and tooling - Design and implement scalable patch generation and delivery systems - Develop automated vulnerability detection and patch creation workflows - Build APIs and integrations to deliver certified packages - Create tooling for patch quality assurance and testing - Work with security researchers to understand and patch critical vulnerabilities - Help shape the technical roadmap for expansion - Give developers quick, safe remediation options for widely-used packages - Help secure the software supply chain for millions of developers What You'll Bring Required: - 3+ years of software engineering experience with production systems - Strong proficiency in Node.js, JavaScript, and TypeScript - Experience with package managers (npm, yarn, pnpm) and the JavaScript ecosystem - Understanding of software security concepts and vulnerability management - Experience building and scaling APIs and data processing pipelines - Familiarity with automated testing, CI/CD, and deployment systems Preferred: - Experience with security tooling, vulnerability scanning, or patch management - Knowledge of software supply chain security challenges - Experience with other package ecosystems (Python, Go, Rust, etc.) - Open source contributions or package maintenance experience - Background in DevSecOps or security engineering - Experience with high-throughput data processing systems Our Interview Process 1. Informational with a member from our Talent Team 2. Hiring Manager Interview 3. Take-home problem 1. Internal review of take-home 2. Live review of take-home 4. Debrief 5. Final Interview with Feross 6. References 7. Decision/Offer We know how important clarity is when looking for a new role, so we've put together a read-me about the Interview Process at Socket. https://docs.google.com/document/d/1Nn4jGlO_yTo4mwidE0wn8DNWoBjQbRkkpMj1Ry75WoM/edit?usp=sharing Benefits: Our benefits are crafted to support you and your family, so you can take care of what matters most and thrive in and outside of work. We offer: - Market competitive salary bands - Meaningful equity program - Comprehensive health benefits for you and your family - Flexible time-off, holidays, and winter shutdown to rest & recharge - Paid parental leave - Remote-first, with quarterly team off-sites At Socket, we 1. Pursue Excellence: We set ourselves apart by consistently ... (truncated, view full listing at source)