Socket (socket.dev) Logo

Socket (socket.dev)

Vulnerability Research Engineer

Reposted 2 Days Ago
Remote
Hiring Remotely in United States
Mid level
Remote
Hiring Remotely in United States
Mid level
The role involves building and scaling patching infrastructure to secure open source code against vulnerabilities, focusing on automation and community impact.
The summary above was generated by AI

About Us

Socket helps devs and security teams ship faster by cutting out security busywork. Thousands of orgs use Socket to safely find, audit, and manage open source code. Our customers - from Anthropic to xAI, and Figma to Vercel - love Socket (just check out their tweets to see for yourself!)


Founded by Feross Aboukhadijeh, a long-time open source maintainer with software downloaded over a billion times a month, Socket has raised $125M in funding from top angels, operators, and security leaders.

About the Role

Join Socket to build and scale our patching infrastructure that delivers secure, vetted packages to developers worldwide. You’ll be at the forefront of supply chain security, creating patches for critical vulnerabilities and building the systems that help the entire open source ecosystem stay secure.

This role combines deep technical work with meaningful community impact that benefits the entire ecosystem. As an early member of the Socket team, you’ll help shape how we scale this technology across the JavaScript ecosystem and beyond.

What You'll Do

  • Master Socket workflows, tools, and patching processes

  • Lead patching efforts for high-impact vulnerabilities across npm packages

  • Scale patch production to dozens or hundreds of patches per week

  • Help select and prioritize high-value patches

  • Provide technical input on patch prioritization based on ecosystem and customer impact

  • Build and improve automated patching infrastructure and tooling

  • Design and implement scalable patch generation and delivery systems

  • Develop automated vulnerability detection and patch creation workflows

  • Build APIs and integrations to deliver certified packages

  • Create tooling for patch quality assurance and testing

  • Work with security researchers to understand and patch critical vulnerabilities

  • Help shape the technical roadmap for expansion

  • Give developers quick, safe remediation options for widely-used packages

  • Help secure the software supply chain for millions of developers

What You'll Bring

Required:

  • 3+ years of software engineering experience with production systems

  • Strong proficiency in Node.js, JavaScript, and TypeScript

  • Experience with package managers (npm, yarn, pnpm) and the JavaScript ecosystem

  • Understanding of software security concepts and vulnerability management

  • Experience building and scaling APIs and data processing pipelines

  • Familiarity with automated testing, CI/CD, and deployment systems

Preferred:

  • Experience with security tooling, vulnerability scanning, or patch management

  • Knowledge of software supply chain security challenges

  • Experience with other package ecosystems (Python, Go, Rust, etc.)

  • Open source contributions or package maintenance experience

  • Background in DevSecOps or security engineering

  • Experience with high-throughput data processing systems

Our Interview Process

  1. Informational with a member from our Talent Team

  2. Hiring Manager Interview

  3. Take-home problem

    1. Internal review of take-home

    2. Live review of take-home

  4. Debrief

  5. Final Interview with Feross

  6. References

  7. Decision/Offer

We know how important clarity is when looking for a new role, so we've put together a read-me about the Interview Process at Socket.

Benefits: Our benefits are crafted to support you and your family, so you can take care of what matters most and thrive in and outside of work. We offer:

  • Market competitive salary bands

  • Meaningful equity program

  • Comprehensive health benefits for you and your family (99% coverage)

  • Flexible time-off, holidays, and winter shutdown to rest & recharge

  • Paid parental leave

  • Remote-first, with quarterly team off-sites

At Socket, we

  1. Pursue Excellence: We set ourselves apart by consistently delivering work of exceptional quality and distinction.

  2. Move with urgency and focus: We prioritize swift, decisive action.

  3. Think rigorously: We care about being right and it often takes reasoning from first principles to get there. We value alternative perspectives and have constructive discussions.

  4. Trust and amplify: We overtrust, always assume good intent, and give specific feedback to help each other improve.

  5. Feel a strong sense of ownership: We wear many hats and feel a strong sense of overall ownership of the company and we're non-territorial regarding our nominal domains.

  6. Are customer obsessed: We relentlessly prioritize the needs of our customers, striving to exceed their expectations and delight them at every interaction.

Similar Jobs

2 Days Ago
In-Office or Remote
148K-267K Annually
Expert/Leader
148K-267K Annually
Expert/Leader
Information Technology • Security • Cybersecurity
Perform vulnerability research and reverse engineering against hardware and software targets, develop and integrate cyber tools, allocate tasking for larger tool development, and test solutions in Windows and Linux environments to support specialized military cyber operations.
Top Skills: CC++Ci/Cd PipelinesGitLinuxNetworking FundamentalsPythonWindowsX86
44 Minutes Ago
In-Office or Remote
New York, NY, USA
107K-182K Annually
Mid level
107K-182K Annually
Mid level
Artificial Intelligence • Hardware • Information Technology • Machine Learning
Develop and integrate thin film deposition processes for advanced DRAM, focusing on EUV patterning films. Perform process characterization, defect reduction, DOE-driven experiments, roadmap activities, supplier and tool collaboration, and physical/electrical data analysis to guide process decisions and transfer to high-volume manufacturing.
Top Skills: AfmAldArtificial Intelligence (Ai)CvdDoeEuvPecvdSimsSpcXpsXrd
2 Hours Ago
In-Office or Remote
62K-111K Annually
Mid level
62K-111K Annually
Mid level
Fintech
Join a cross-functional Agile/DevOps team to build scalable front-end experiences and API services. Implement responsive designs, automated testing, CI/CD pipelines, and secure, compliant solutions while collaborating with product, design, and QA and pursuing continuous learning.
Top Skills: AngularApi/RestAzure DevopsC#C++Ci/CdDevOpsFlutterGdprGitHipaaHybrid CloudIntegration TestingIntellijIso 27001JavaJavaScriptAzurePci-DssPythonReactReact NativeSecure CodingSql/T-SqlUnit TestingVb.NetVisual Studio Code

What you need to know about the NYC Tech Scene

As the undisputed financial capital of the world, New York City is an epicenter of startup funding activity. The city has a thriving fintech scene and is a major player in verticals ranging from AI to biotech, cybersecurity and digital media. It also has universities like NYU, Columbia and Cornell Tech attracting students and researchers from across the globe, providing the ecosystem with a constant influx of world-class talent. And its East Coast location and three international airports make it a perfect spot for European companies establishing a foothold in the United States.

Key Facts About NYC Tech

  • Number of Tech Workers: 549,200; 6% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Capgemini, Bloomberg, IBM, Spotify
  • Key Industries: Artificial intelligence, Fintech
  • Funding Landscape: $25.5 billion in venture capital funding in 2024 (Pitchbook)
  • Notable Investors: Greycroft, Thrive Capital, Union Square Ventures, FirstMark Capital, Tiger Global Management, Tribeca Venture Partners, Insight Partners, Two Sigma Ventures
  • Research Centers and Universities: Columbia University, New York University, Fordham University, CUNY, AI Now Institute, Flatiron Institute, C.N. Yang Institute for Theoretical Physics, NASA Space Radiation Laboratory

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account