Key Facts

Remote From:

Poland

Category: Back-End Engineer

Full time

Senior (5-10 years)

English

Hard Skills

Distributed Computing Web Crawling TypeScript Python (Programming Language) PostgreSQL Malware Analysis Docker (Software) Risk Selection Open Source Intelligence Continuous Monitoring +10 more

Roles & Responsibilities

5+ years of backend development experience with Python and/or Node.js/TypeScript
Hands-on experience with large-scale scraping systems
Strong knowledge of distributed architectures including queues, workers, PostgreSQL, and Redis
Production experience with Docker and docker-compose

Requirements:

Build scalable scraping and ingestion pipelines for public package registries (NPM, PyPI, etc.)
Design and maintain distributed systems based on APIs, workers, queues, and databases
Develop detection mechanisms for malicious install hooks, embedded binaries, obfuscation techniques, and suspicious package behavior
Build and improve risk-scoring algorithms to prioritize real threats

Commit

About Commit

Commit is a global tech services company with offices in New York, Israel, and Europe. The company was founded in 2005 and has over 700 multi-disciplinary innovation experts who serve a broad range of companies, from small startups to large enterprises in multiple business sectors. Commit specializes in advanced technologies and applications with dedicated practices in Software, IoT, Big Data, Cloud, Cyber, Collaboration, Data center migration projects, and more. Commit offers innovative, end-to-end technology solutions by developing custom software and IoT platforms for clients looking to build their next-gen products within the modern ICT world. Commit’s complete and comprehensive engineering powerhouse of resources, and proprietary Flexible R&D methodology helps transform its clients’ technology visions into high-quality products while reducing costs and improving time-to-market.

Company type: SME

Founded: 2018

Company size: 501 - 1000

Website LinkedIn See all jobs →

Job description

Description

Company is the pioneer of Active ASPM, securing the modern software supply chain. We cut through alert noise to surface the critical 5% of risks that are truly reachable and exploitable.

We're hiring a Backend Engineer for our Security Research group to build the systems thatpower our open-source intelligence work - ingesting public package ecosystems (NPM, PyPI),monitoring them continuously, and detecting malicious behavior at scale.This is a highly autonomous IC role where you’ll own projects end-to-end - transforming researcher prototypes into scalable production systems.

Responsibilities:

Build scalable scraping and ingestion pipelines for public package registries (NPM, PyPI, etc.)
Design and maintain distributed systems based on APIs, workers, queues, and databases
Develop detection mechanisms for: malicious install hooks, embedded binaries, obfuscation techniques, suspicious package behavior
Build and improve risk-scoring algorithms to prioritize real threats
Work closely with security researchers to productionize detection capabilities

Requirements

Requirements:

5+ years of backend development experience with Python and/or Node.js / TypeScript
Hands-on experience with large-scale scraping systems
Strong knowledge of distributed architectures: queues, workers, PostgreSQL, Redis
Production experience with Docker / docker-compose
Strong ownership mindset and ability to work autonomously
Full professional English proficiency

Strong Advantage: