Vulnerability Research Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Socket · 1 month ago

Vulnerability Research Engineer

positionUnited States
timeFull-time
remoteRemote
seniorityMid Level
date3+ years exp

Socket is a company that helps developers and security teams streamline their processes by reducing security busywork. The Vulnerability Research Engineer will be responsible for building and scaling patching infrastructure to deliver secure packages, creating patches for critical vulnerabilities, and enhancing the security of the open source ecosystem.

Artificial Intelligence (AI)Cloud SecurityCyber SecurityDeveloper ToolsInternetOpen SourceSecuritySoftware
check
H1B Sponsor Likelynote

Responsibilities

Master Socket workflows, tools, and patching processes
Lead patching efforts for high-impact vulnerabilities across npm packages
Scale patch production to dozens or hundreds of patches per week
Help select and prioritize high-value patches
Provide technical input on patch prioritization based on ecosystem and customer impact
Build and improve automated patching infrastructure and tooling
Design and implement scalable patch generation and delivery systems
Develop automated vulnerability detection and patch creation workflows
Build APIs and integrations to deliver certified packages
Create tooling for patch quality assurance and testing
Work with security researchers to understand and patch critical vulnerabilities
Help shape the technical roadmap for expansion
Give developers quick, safe remediation options for widely-used packages
Help secure the software supply chain for millions of developers

Qualification

Node.jsJavaScriptTypeScriptVulnerability managementAPI developmentData processing pipelinesAutomated testingCI/CDSecurity toolingOpen source contributionsDevSecOpsHigh-throughput systems

Required

3+ years of software engineering experience with production systems
Strong proficiency in Node.js, JavaScript, and TypeScript
Experience with package managers (npm, yarn, pnpm) and the JavaScript ecosystem
Understanding of software security concepts and vulnerability management
Experience building and scaling APIs and data processing pipelines
Familiarity with automated testing, CI/CD, and deployment systems

Preferred

Experience with security tooling, vulnerability scanning, or patch management
Knowledge of software supply chain security challenges
Experience with other package ecosystems (Python, Go, Rust, etc.)
Open source contributions or package maintenance experience
Background in DevSecOps or security engineering
Experience with high-throughput data processing systems

Company

Socket

twittertwittertwitter
company-logo
Socket is a developer-first security platform that protects your most critical apps from software supply chain attacks.
dateFounded in 2020
location
Stanford, California, USA
people-size51-200 employees
web-link
https://socket.dev

H1B Sponsorship

Socket has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2024 (1)

Funding

Current Stage
Growth Stage
Total Funding
$64.6M
Key Investors
AbstractAndreessen Horowitz
2024-10-22Series B· $40M
2023-08-01Series A· $20M
2022-05-11Seed· $4.6M

Leadership Team

leader-logo
Feross Aboukhadijeh
Founder & CEO
linkedin

Recent News

Help Net Security
Heisenberg: Open-source software supply chain health check tool
2025-11-03
thisweekinreact.com
This Week In React
2025-10-03
Dark Reading
Npm Package Hides Malware in Steganographic QR Codes
2025-10-03
Company data provided by crunchbase