Cybersecurity Researcher

Safety secures the software supply chain for the world's data and development teams. We protect everywhere packages are actually used, from local developer machines to production environments, from traditional IDEs to AI coding assistants without disrupting existing workflows. Our mission is to make open source packaging secure by default, providing complete visibility, governance, and protection across Python, Java, and JavaScript ecosystems.

We're building the infrastructure that will secure companies and shape how enterprises adopt AI-driven development safely. If you're passionate about defending critical infrastructure at scale and want your work to directly protect millions of installations, we want you to join us.

As a Cybersecurity Researcher, you'll be the engine behind what makes Safety's security offering better than alternatives. Your research will directly contribute to protecting thousands of developers worldwide and millions of package installations across Python, Java, and JavaScript ecosystems.

You'll hunt malicious packages in real-time, enrich vulnerability data that powers our industry-leading database, and validate reachability analysis that tells customers exactly which vulnerabilities matter in their code. Your research becomes the intelligence layer behind Safety's Firewall. When you catch a malicious release, you're auto-blocking attacks before they reach production environments.

This isn't research in isolation. You'll work at the intersection of security analysis and product development, seeing your findings ship to customers within days. You'll develop detection rules that run against 70,000+ daily package releases, reduce false positives that improve customer trust, and contribute original research that positions Safety as a thought leader in supply chain security.

• Hunt Malicious Packages: Analyze suspicious packages across PyPI, npm, and Maven in real-time, developing detection rules that protect customers before threats reach production

• Enrich Vulnerability Data: Review and validate vulnerabilities, adding reachability analysis and context that makes Safety's database more accurate than baseline sources like OSV

• Reduce False Positives: Refine our own tooling and the detection logic by analyzing flagged packages, documenting patterns, and optimizing rules to improve customer trust

• Build AI-Driven Detection Systems: Collaborate with data engineers to develop LLM-assisted analysis tools and automated detection processes that scale to 70,000+ daily package releases

• Drive Research Innovation: Experiment with AI-powered techniques for vulnerability detection, changelog analysis, and threat identification to stay ahead of emerging attacks

• Ship with Velocity: Embrace fast-paced iteration, deliver detection improvements quickly, refine based on customer feedback, and see your work protect thousands of developers and environments within days

• Establish Thought Leadership: Contribute original research through blog posts and conference presentations that position Safety as an industry leader in supply chain security

• Security Research Experience: multi-year experience in cybersecurity research with hands-on experience investigating both accidental vulnerabilities and intentionally malicious components in software supply chains

• Ecosystem Expertise: Deep understanding of package ecosystems (PyPI, npm, Maven) including how they work, common attack vectors, and vulnerability patterns, with programming ability in Python, Java, or JavaScript

• AI-Powered Analysis: Experience using LLMs (GPT, Claude, Copilot) for security research, code analysis, or threat detection. Comfortable experimenting with prompts and integrating AI into research workflows

• Detection Development: Track record of building or improving automated security detection systems, including writing rules, reducing false positives, and scaling analysis to large datasets

• Velocity & Collaboration: Comfortable working in fast-paced environments where research ships to production quickly, with strong communication skills for remote team collaboration

• Mission-Driven: Passionate about protecting the open-source ecosystem and staying ahead of emerging threats in supply chain security

Bonus Points

• Experience building or contributing to security tools, malware analysis frameworks, or threat intelligence platforms

• Background in static analysis, dynamic analysis, or software composition analysis

• Published security research, CVE discoveries, or conference presentations

• Contributions to open-source security projects or vulnerability databases

• Experience with data engineering pipelines or working closely with ML/data teams

We prioritize supporting our team’s growth, wellness, and success. Benefits include:

• Competitive salary: 120,000 CAD - 150,000 CAD (depending on experience)

• 20 days paid vacation per year

• Private Healthcare Plan

• Generous equity stock options to share in our success

• Ability to work remotely and thrive in an adaptable, inclusive environment

• Flexible working hours, providing responsibilities are effectively managed

We believe in building products that make a real difference in the security landscape. Our team values technical excellence, open collaboration, and continuous learning.

One of our core commitments to our team and the culture is fostering belonging. We're committed to fostering an inclusive environment where diverse perspectives are valued and everyone's growth is supported. We recognize the value diversity brings not only to us as individuals, but as an organization. And we go out of our way to make each other feel understood, respected, and supported.

Check out our Core Commitments here.

We believe that diverse teams build better products. We actively and strongly encourage applications from individuals who identify as women, people of color, 2SLGBTQI+, Indigenous, First Nations, Inuit, Métis, people with disabilities, or as part of other marginalized and historically underrepresented groups.

If you're passionate about full-stack development, excited about cybersecurity, and want to work in an inclusive environment where your voice is heard and your growth is actively supported, we'd love to hear from you. Join us in our mission to make the digital world safer for everyone!

We're looking for people who are passionate about building secure, scalable solutions. Don't worry if you don't match every requirement – we value diverse backgrounds and perspectives. If you're excited about our mission and think you can contribute, we'd love to hear from you!

We are committed to working with applicants requesting accommodations at any stage of the hiring process. If you require accommodations, please let us know.

Timeline: The process should roughly take 2 weeks, if scheduling and timing will allow for it.

1. Short Screening Interview

2. Core Commitment Interview with our VP of R&D

3. Technical Interview with our Research team

4. Interview with one of Safety’s co-founders

Along the way, we'll talk through your background and interests to determine whether Safety is a good fit for your career goals.