# Vulnerability Research Engineer

**Company:** [Socket](https://hotfix.jobs/companies/socket)
**Location:** Remote
**Role:** Security Engineering
**Experience:** 3+ years
**Skills:** Node.js, JavaScript, TypeScript, Npm, Yarn, Pnpm, APIs, CI/CD, Software Security, Vulnerability Management, Patch Management, DevSecOps, Kubernetes
**Posted:** 2025-11-26

> Builds and scales automated patching infrastructure for high-impact vulnerabilities in npm packages, leads patch production, and develops detection workflows and APIs to secure the JavaScript open source ecosystem. Requires 3+ years engineering experience with Node.js, JS/TS, package managers, and security concepts.

## Job Description

## What You'll Do
- Master Socket workflows, tools, and patching processes
- Lead patching efforts for high-impact vulnerabilities across npm packages
- Scale patch production to dozens or hundreds of patches per week
- Help select and prioritize high-value patches
- Provide technical input on patch prioritization based on ecosystem and customer impact
- Build and improve automated patching infrastructure and tooling
- Design and implement scalable patch generation and delivery systems
- Develop automated vulnerability detection and patch creation workflows
- Build APIs and integrations to deliver certified packages
- Create tooling for patch quality assurance and testing
- Work with security researchers to understand and patch critical vulnerabilities
- Help shape the technical roadmap for expansion
- Give developers quick, safe remediation options for widely-used packages
- Help secure the software supply chain for millions of developers

## What You'll Bring
**Required:**
- 3+ years of software engineering experience with production systems
- Strong proficiency in Node.js, JavaScript, and TypeScript
- Experience with package managers (npm, yarn, pnpm) and the JavaScript ecosystem
- Understanding of software security concepts and vulnerability management
- Experience building and scaling APIs and data processing pipelines
- Familiarity with automated testing, CI/CD, and deployment systems

**Preferred:**
- Experience with security tooling, vulnerability scanning, or patch management
- Knowledge of software supply chain security challenges
- Experience with other package ecosystems (Python, Go, Rust, etc.)
- Open source contributions or package maintenance experience
- Background in DevSecOps or security engineering
- Experience with high-throughput data processing systems

## Similar roles

- [Security Program Manager](https://hotfix.jobs/jobs/e7f7fcaf-1979-4194-9131-83689809fe47) - Forus - New York, NY
- [Safeguards Enforcement Analyst, Account Takeover & Credential Abuse](https://hotfix.jobs/jobs/31f5d0ec-9b31-4419-a4b1-2e826ec7a358) - Anthropic - San Francisco, CA - $245k – $285k/yr
- [Application Security Engineer](https://hotfix.jobs/jobs/d240253e-6098-4419-8f04-aaf793f42c03) - Zocdoc - Remote - $100k – $140k/yr
- [Detection & Mitigation Engineer](https://hotfix.jobs/jobs/61def9c4-f4a5-41a5-99c6-579a61033a73) - Cloudflare
- [Security & Compliance Operations Manager](https://hotfix.jobs/jobs/90ac6643-526f-4aeb-bb4f-d71bc1af1fcd) - Mintlify - San Francisco, CA - $120k – $180k/yr

**Apply:** https://hotfix.jobs/jobs/fdab7f88-b53e-4368-96dd-77b08fb0b404
**Canonical:** https://hotfix.jobs/jobs/fdab7f88-b53e-4368-96dd-77b08fb0b404