Sr Security Researcher

Our mission is to help developers and AppSec teams spend more time accelerating development and less time dealing with security issues. Watch our 3 min pitch from our Founder & CEO here: https://www.youtube.com/watch?v=B0wmZBcPkFE

Endor Labs has been recognized as a Gartner Cool Vendor, a RSA Innovation Sandbox finalist, and a Black Hat Innovation Spotlight finalist, all in its first year from launch.

The company was founded by Varun Badhwar and Dimitri Stiliadis, who have created multiple category-defining cloud security companies. We have raised $70M in Series A funding and assembled a team of the world’s leading static analysis experts and enterprise software veterans to increase developer productivity and open source software adoption.

• →The primary tasks of this position relate to the detection, triage, and analysis of malicious open source software components — identifying threats across public package ecosystems (npm, PyPI, Maven, etc.) and assessing their scope, intent, and impact.
• →Day-to-day work includes triaging and assessing incoming malware alerts, reviewing Indicators of Compromise (IoCs), and maintaining threat campaign records to track attacker infrastructure, tactics, and patterns over time.
• →A core responsibility is the in-depth technical analysis of suspicious packages: reverse-engineering obfuscated code, identifying malicious behaviors (exfiltration, backdoors, dependency confusion, typosquatting, etc.), and producing detailed internal assessments.
• →You will author and publish external-facing content — blog posts, technical write-ups, and security advisories — communicating findings clearly to both technical and non-technical audiences, and contributing to the broader security community's awareness of emerging threats.
• →You will collaborate with internal teams to feed findings into detection pipelines, enrich our vulnerability and threat database, and help improve automated detection coverage over time.

• Bachelor's degree in engineering or a related field, with at least 3 years of hands-on professional experience specifically in malware analysis, threat intelligence, or open source package security
• Demonstrated experience triaging security alerts at scale and working within or alongside a SOC or threat intelligence team
• Hands-on experience reviewing and interpreting IoCs (file hashes, domains, IPs, behavioral signatures) and maintaining threat campaign tracking
• Proficiency in reading and analyzing code across multiple languages (Python, JavaScript/TypeScript, Java, Go) — including obfuscated or minified code
• Experience producing external security communications: blog posts, advisories, or technical reports intended for a public or customer-facing audience
• Understanding of package manager ecosystems and common attack patterns (typosquatting, dependency confusion, malicious install scripts, etc.)

• Experience contributing to or operating threat intelligence platforms or malware databases
• Familiarity with static and dynamic analysis tooling (sandboxes, YARA rules, SAST tools)
• Understanding of software supply chain security standards and frameworks (SLSA, SSDF, etc.)
• Prior public research, CVE credits, or published malware findings
• Security certifications such as GREM (GIAC Reverse Engineering Malware) or equivalent

• Strive for excellence in everything we do, prioritizing quality, speed, and impactful outcomes.
• Engage in first principles thinking to debate ideas, test assumptions, and make decisions.
• Put data above opinions, seeking truth and clarity in all our endeavors.
• Embrace a culture of feedback and continuous improvement, assuming good intent in all interactions.
• Celebrate wins as a team, understanding that our collective success is intertwined with the success of our customers.