# Vulnerability Research Engineer
**Company:** [Socket](https://hotfix.jobs/companies/socket)
**Location:** Remote
**Experience:** 3+ years
**Skills:** Node.js, JavaScript, TypeScript, Npm, Yarn, Pnpm, APIs, CI/CD, Software Security, Vulnerability Management, Patch Management, DevSecOps, Kubernetes
**Posted:** 2025-11-26
> Builds and scales automated patching infrastructure for high-impact vulnerabilities in npm packages, leads patch production, and develops detection workflows and APIs to secure the JavaScript open source ecosystem. Requires 3+ years engineering experience with Node.js, JS/TS, package managers, and security concepts.
## Job Description
## What You'll Do
- Master Socket workflows, tools, and patching processes
- Lead patching efforts for high-impact vulnerabilities across npm packages
- Scale patch production to dozens or hundreds of patches per week
- Help select and prioritize high-value patches
- Provide technical input on patch prioritization based on ecosystem and customer impact
- Build and improve automated patching infrastructure and tooling
- Design and implement scalable patch generation and delivery systems
- Develop automated vulnerability detection and patch creation workflows
- Build APIs and integrations to deliver certified packages
- Create tooling for patch quality assurance and testing
- Work with security researchers to understand and patch critical vulnerabilities
- Help shape the technical roadmap for expansion
- Give developers quick, safe remediation options for widely-used packages
- Help secure the software supply chain for millions of developers

## What You'll Bring
**Required:**
- 3+ years of software engineering experience with production systems
- Strong proficiency in Node.js, JavaScript, and TypeScript
- Experience with package managers (npm, yarn, pnpm) and the JavaScript ecosystem
- Understanding of software security concepts and vulnerability management
- Experience building and scaling APIs and data processing pipelines
- Familiarity with automated testing, CI/CD, and deployment systems

**Preferred:**
- Experience with security tooling, vulnerability scanning, or patch management
- Knowledge of software supply chain security challenges
- Experience with other package ecosystems (Python, Go, Rust, etc.)
- Open source contributions or package maintenance experience
- Background in DevSecOps or security engineering
- Experience with high-throughput data processing systems
**Apply:** https://hotfix.jobs/jobs/vulnerability-research-engineer-at-socket-fdab7f88-b53e-4368-96dd-77b08fb0b404
**Canonical:** https://hotfix.jobs/jobs/vulnerability-research-engineer-at-socket-fdab7f88-b53e-4368-96dd-77b08fb0b404