Senior Security Researcher

Summary

Join Endor Labs as a Senior Security Researcher to lead offensive security research in software supply chain security. You will identify zero-day vulnerabilities, analyze attack trends, and influence product development. This role demands deep technical expertise in vulnerability research, application security, and offensive security techniques. You will publish research findings and collaborate with engineers and developers. Endor Labs offers a competitive compensation, flexible work environment, and generous benefits. The ideal candidate has 5+ years of experience in security research and a proven track record of publishing research or presenting at top security conferences.

Requirements

• 5+ years of experience in security research, vulnerability discovery, and offensive security
• Deep expertise in reverse engineering, exploit development, and software vulnerability analysis
• Strong understanding of software supply chain security, including package management systems, CI/CD pipelines, and dependency analysis
• Experience discovering and responsibly disclosing zero-day vulnerabilities
• Proven track record of publishing high-quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides)
• Proficiency in programming languages such as Python, Rust, or Go
• Strong analytical skills and the ability to conduct complex security research autonomously
• Excellent communication skills, both written and verbal, to convey technical concepts to diverse audiences

Responsibilities

• Conduct offensive security research on software supply chain threats, identifying and analyzing zero-day vulnerabilities
• Develop and refine exploit techniques to understand modern attack vectors targeting software supply chain through malicious code, 3rd party libraries, and CI/CD systems
• Work closely with Product Management to translate research findings into innovative security capabilities within Endor Labs' products
• Publish research findings through technical blogs, white papers, and industry-leading security conferences
• Collaborate with security engineers and developers to prototype and implement detection and mitigation strategies for emerging threats
• Contribute to the security community by developing open-source tools, methodologies, or frameworks that enhance software supply chain security
• Stay ahead of the latest threats, attacker methodologies, and evolving security trends to continuously refine our research efforts

Benefits

• Competitive compensation
• Flexible work environment
• A generous benefits package