Security Researcher – Supply Chain & Malware Analysis

About the role

We are seeking an experienced Security Researcher to join a cutting‑edge cybersecurity team in Germany. You will work at the intersection of software development, cloud technologies, and threat intelligence to protect modern software ecosystems from emerging threats.

Key responsibilities

• Conduct in‑depth research on software supply‑chain threats, emerging attack techniques, and advanced adversary behaviors.
• Analyze, reverse‑engineer, and investigate malware, vulnerabilities, and malicious packages.
• Design, build, and maintain open‑source tools for detection, analysis, and prevention of supply‑chain attacks.
• Research threat actors and APT groups, documenting tactics, techniques, and procedures.
• Translate technical findings into high‑quality research reports, whitepapers, and documentation.
• Lead research initiatives from concept through implementation, ensuring high standards of quality and innovation.
• Collaborate with engineering, product, and security teams to enhance detection capabilities and platform resilience.
• Monitor evolving cybersecurity trends affecting open‑source and cloud‑native environments.

Required profile

• Minimum 5 years of experience in cybersecurity research, threat research, malware analysis, or vulnerability research.
• Strong software development background with production‑quality tool delivery.
• Deep understanding of the Software Development Lifecycle, DevSecOps, and modern CI/CD pipelines.
• Knowledge of software supply‑chain security and open‑source package ecosystems (npm, PyPI, Maven, etc.).
• Experience using AI‑powered tools to enhance research and automation.

Required skills

• Software development
• AI‑powered research tools
• Software Development Lifecycle (SDLC)
• DevSecOps practices
• CI/CD pipelines
• npm, PyPI, Maven package management
• Reverse engineering
• Malware analysis