# Threat Analyst

**Company:** [Socket](https://hotfix.jobs/companies/socket)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $126k – $170k/yr
**Experience:** 3+ years
**Skills:** Malware Analysis, Reverse Engineering, Threat Intelligence, Threat Hunting, Digital Forensics, Incident Response, Detection Engineering, TypeScript, JavaScript, LLMs, Ai-Based Tools, Automation Scripting, GitHub, GitLab
**Posted:** 2025-12-23

> Analyzes software supply chain threats using AI scanners, conducts malware analysis and threat hunting, builds automation tools, and integrates research into products to protect open source ecosystems. Requires 3+ years in security operations and master's degree.

## Job Description

## What You'll Do
- Analyze numerous unique threats daily, maintaining a standard of quality that sets the industry benchmark for supply chain security.
- Author high-impact technical blog posts on malicious open source code packages and extensions, and publish deep-dive research pieces on malicious campaigns, threat actor profiles, novel attack vectors, and ecosystem-wide trends.
- Design and build automated scripts and tools to streamline malware analysis, enhancing our data collection, threat analysis, and threat hunting workflows.
- Partner with our engineering team to integrate your research into our core product, turning manual insights into scalable, real-time protection.
- Leverage expertise in open source software ecosystems to enhance security across package registries, browser extensions (Chrome/VS Code), and proactively monitor GitHub/GitLab for emerging malicious campaigns.
- Track APT (Advanced Persistent Threat) adversaries, characterizing various TTPs (Tactics, Techniques, and Procedures), capabilities, infrastructure, and campaigns.

## What You'll Bring
**Required:**
- 3+ years of work experience and a master’s degree in computer science, engineering, or a related field (or equivalent experience).
- Technical experience across several areas of security operations, including investigations, incident response and management, digital forensics, malware analysis, reverse engineering, threat intelligence, threat hunting, and detection engineering.
- Excellent communication skills and the ability to assess the relevance and impact of threats.
- Experience building tools for automation, data collection, and threat hunting.
- Passion for open source and code.

**Preferred:**
- Familiarity with TypeScript/JavaScript and/or other programming languages and ecosystems protected by Socket.
- Experience leveraging LLMs or AI-based tools for threat detection.

## Benefits
- Market competitive salary bands
- Meaningful equity program
- Comprehensive health benefits for you and your family
- Flexible time-off, holidays, and winter shutdown to rest & recharge
- Paid parental leave
- Remote-first, with quarterly team off-sites

## Similar roles

- [Cloud Security Engineer](https://hotfix.jobs/jobs/ee2696b4-a225-461e-a9de-7e16b1547cd7) - Applied Intuition - Sunnyvale, CA - $125k – $160k/yr
- [Product Security Engineer](https://hotfix.jobs/jobs/9d882237-2bab-40b2-ac5d-126cebd6af93) - Applied Intuition - Sunnyvale, CA - $125k – $160k/yr
- [Security Engineer, Research & Engineering](https://hotfix.jobs/jobs/37b9318e-1e3e-4709-b828-ed49f907d8b9) - Trail of Bits - Remote - $125k – $185k/yr
- [Security Software Engineer II, Detection and Response](https://hotfix.jobs/jobs/d92f8db9-2819-40be-bcab-2545034f8ee0) - Pinterest - Remote - $124k – $255k/yr
- [GRC Engineer](https://hotfix.jobs/jobs/74fe741b-d4b0-4bf7-a4cf-e46547a0f775) - NinjaTrader - Chicago, IL - $130k – $145k/yr

**Apply:** https://hotfix.jobs/jobs/4b2b74c9-ad53-4093-b1b0-636a8b41216c
**Canonical:** https://hotfix.jobs/jobs/4b2b74c9-ad53-4093-b1b0-636a8b41216c