Vulnerability Research Engineer

What You'll Do

• Master Socket workflows, tools, and patching processes
• Lead patching efforts for high-impact vulnerabilities across npm packages
• Scale patch production to dozens or hundreds of patches per week
• Help select and prioritize high-value patches
• Provide technical input on patch prioritization based on ecosystem and customer impact
• Build and improve automated patching infrastructure and tooling
• Design and implement scalable patch generation and delivery systems
• Develop automated vulnerability detection and patch creation workflows
• Build APIs and integrations to deliver certified packages
• Create tooling for patch quality assurance and testing
• Work with security researchers to understand and patch critical vulnerabilities
• Help shape the technical roadmap for expansion
• Give developers quick, safe remediation options for widely-used packages
• Help secure the software supply chain for millions of developers

What You'll Bring

Required:

• 3+ years of software engineering experience with production systems
• Strong proficiency in Node.js, JavaScript, and TypeScript
• Experience with package managers (npm, yarn, pnpm) and the JavaScript ecosystem
• Understanding of software security concepts and vulnerability management
• Experience building and scaling APIs and data processing pipelines
• Familiarity with automated testing, CI/CD, and deployment systems

Preferred:

• Experience with security tooling, vulnerability scanning, or patch management
• Knowledge of software supply chain security challenges
• Experience with other package ecosystems (Python, Go, Rust, etc.)
• Open source contributions or package maintenance experience
• Background in DevSecOps or security engineering
• Experience with high-throughput data processing systems