Stay in Touch



Security Researcher








At SourceClear we are on the lookout for a passionate, high energy, hands on Security Researcher to work on our Research and Development Team. As a Security Researcher at SourceClear, you will work within a distributed team researching and maintaining a list of artifacts consisting of vulnerabilities in Java, JavaScript, Ruby, Python, Objective C, and GoLang. The Research Team curates the vulnerabilities that are added to the platform as well as develops tools and techniques to identify new and undisclosed vulnerabilities. You will be part of the conduit between SourceClear Product Engineering and the vast landscape of open source software vulnerabilities. Your passion for understanding and analyzing software vulnerabilities and their exploitation methods will directly impact how effectively SourceClear is able to provide value to its customers and the security community. What You’ll Do: Review incoming commits, emails, and bug reports to look for vulnerabilities in open source libraries Triage the newest vulnerabilities released Track library release notes and associated security bulletins Publish high quality vulnerability advisories with exploit information, details about risk, and mitigation/workaround details Develop tools and techniques to identify new vulnerabilities and analyze vulnerable methods Perform risk assessments on vulnerabilities identified, then describe the risk posed to SourceClear’s customers Take personal responsibility for the quality and reliability of open source library vulnerability data in SourceClear’s registry Use in-house SourceClear tooling and/or custom tooling to do low probability, high payoff moonshot style research into the most popular libraries Other activities relating to security research around library vulnerabilities What We’re Looking For: BS/MS/PhD in Computer Science or EE, or relevant industry experience is required Working knowledge of programming languages such as Java, Python, JavaScript, Ruby, Go, or C/C++ Knowledge of package management systems such as Maven, RubyGems or Npm Knowledge of software security vulnerability types and common attack methods Experience doing security research and writing detailed vulnerability advisories, understanding how software exploits work and able to communicate that back to both technical and non-technical audiences A strong ownership attitude and a track record of taking responsibility for problems, deadlines, and SLAs A detective mindset, wielding an understanding of vulnerable and/ or malicious code and how/where it might be hidden in the open source ecosystem and how to find it Strong problem solving and communication skills required Strong written (English) and verbal communication skills necessary for writing up vulnerability publications Nice to Have: Familiarity working in an environment that heavily utilizes cloud services and cloud-based infrastructure Experience working as a security researcher, Enjoys working on low probability but huge payoff research problems Familiarity working in an environment with strict security requirements At SourceClear, we celebrate and support our differences. We know employing a team rich in diverse thoughts, experiences, and opinions allows our employees, our products and our community to flourish. SourceClear is honored to be an equal opportunity workplace. We are dedicated to equal employment opportunities regardless of race, color, ancestry, religion, sex, national orientation, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.

Apply for the job

Subscribe to our blog.


Blog & Newsletter Signup