Senior Security Researcher

United States

Apply with AI Apply

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Application Security, CybersecurityIndustries

Requirements

Candidates should possess 5+ years of experience in security research, vulnerability discovery, and offensive security, along with deep expertise in reverse engineering, exploit development, and software vulnerability analysis. A strong understanding of software supply chain security, including package management systems, CI/CD pipelines, and dependency analysis is also required, as well as experience discovering and responsibly disclosing zero-day vulnerabilities.

Responsibilities

The Senior Security Researcher will conduct offensive security research on software supply chain threats, identifying and analyzing zero-day vulnerabilities, and developing exploit techniques to understand modern attack vectors. They will collaborate with Product Management to translate research findings into innovative security capabilities, publish research findings through technical blogs, white papers, and industry-leading security conferences, and contribute to the security community by developing open-source tools, methodologies, or frameworks. Furthermore, they will work closely with security engineers and developers to prototype and implement detection and mitigation strategies for emerging threats, and stay ahead of the latest threats, attacker methodologies, and evolving security trends.

Skills

Security Research

Vulnerability Discovery

Offensive Security

Reverse Engineering

Exploit Development

Software Vulnerability Analysis

Software Supply Chain Security

CI/CD Pipelines

Endor Labs

Cybersecurity software vulnerability analysis services

About Endor Labs

Endor Labs specializes in cybersecurity by focusing on reachability-based dependency analysis to identify vulnerabilities in software that hackers could exploit. Their team, composed of PhDs, analyzes software to provide a comprehensive risk score that evaluates security, quality, popularity, and activity. This analysis helps reduce alert noise by 80%, allowing clients to concentrate on the most critical issues. They offer a flexible policy engine for clients to create tailored risk profiles, minimizing disruptions in the software development process. Additionally, Endor Labs assists businesses in managing Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX) to understand the risks and costs associated with software ownership. Their goal is to enhance the security and quality of software for businesses of all sizes while generating revenue through their analysis and monitoring services.

Palo Alto, CaliforniaHeadquarters

2021Year Founded

$92.4MTotal Funding

SERIES_ACompany Stage

Data & Analytics, CybersecurityIndustries

51-200Employees

Benefits

Health Insurance

Dental Insurance

Vision Insurance

Mental Health Support

Unlimited Paid Time Off

401(k) Retirement Plan

Remote Work Options

Risks

Integration with Microsoft Cloud Defender may strain resources to maintain high performance.

New AI model evaluation tool could expose Endor Labs to risks of biases and inaccuracies.

Strategic investment from Citi Ventures may pressure the company for rapid financial growth.

Differentiation

Endor Labs specializes in reachability-based dependency analysis for software vulnerability detection.

The company offers a comprehensive risk score for software packages, reducing alert noise by 80%.

Endor Labs' flexible policy engine allows clients to create specific risk-based policies.

Upsides

Endor Labs' SCA tool is integrated with Microsoft Cloud Defender, expanding its market reach.

The company received strategic investment from Citi Ventures, boosting financial resources.

Endor Labs won 'Most Innovative Technology' award, enhancing its industry credibility.

Land your dream remote job 3x faster with AI

Try Jobo Free