Skip to content
SocketSocketUnited States

Vulnerability Research Engineer

Builds and scales automated patching infrastructure for high-impact vulnerabilities in npm packages, leads patch production, and develops detection workflows and APIs to secure the JavaScript open source ecosystem. Requires 3+ years engineering experience with Node.js, JS/TS, package managers, and security concepts.

Salary not listed
Remote3+ YOESecurity Engineering

About the role

What You'll Do

  • Master Socket workflows, tools, and patching processes
  • Lead patching efforts for high-impact vulnerabilities across npm packages
  • Scale patch production to dozens or hundreds of patches per week
  • Help select and prioritize high-value patches
  • Provide technical input on patch prioritization based on ecosystem and customer impact
  • Build and improve automated patching infrastructure and tooling
  • Design and implement scalable patch generation and delivery systems
  • Develop automated vulnerability detection and patch creation workflows
  • Build APIs and integrations to deliver certified packages
  • Create tooling for patch quality assurance and testing
  • Work with security researchers to understand and patch critical vulnerabilities
  • Help shape the technical roadmap for expansion
  • Give developers quick, safe remediation options for widely-used packages
  • Help secure the software supply chain for millions of developers

What You'll Bring

Required:

  • 3+ years of software engineering experience with production systems
  • Strong proficiency in Node.js, JavaScript, and TypeScript
  • Experience with package managers (npm, yarn, pnpm) and the JavaScript ecosystem
  • Understanding of software security concepts and vulnerability management
  • Experience building and scaling APIs and data processing pipelines
  • Familiarity with automated testing, CI/CD, and deployment systems

Preferred:

  • Experience with security tooling, vulnerability scanning, or patch management
  • Knowledge of software supply chain security challenges
  • Experience with other package ecosystems (Python, Go, Rust, etc.)
  • Open source contributions or package maintenance experience
  • Background in DevSecOps or security engineering
  • Experience with high-throughput data processing systems

Skills

Node.jsJavaScriptTypeScriptNpmYarnPnpmAPIsCI/CDSoftware SecurityVulnerability ManagementPatch ManagementDevSecOpsKubernetes
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k/yr
HybridSecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k/yr
RemoteSecurity Engineering
Cloudflare

Detection & Mitigation Engineer

CloudflareUnited States

Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.

Salary not listed
HybridSecurity Engineering
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k/yr
On-site3+ YOESecurity Engineering