Key Facts

Remote From:

Full time

Senior (5-10 years)

English

Hard Skills

Malware Analysis Open Source Development Development Environment CI/CD Computational Tools GNU Debuggers Network Traffic Analysis

Other Skills

•
Public Speaking
•
Problem Solving
•
Collaboration

Roles & Responsibilities

5+ years of experience as a Cybersecurity Researcher
Proven ability to ship software in a production environment
Strong understanding of the SDLC and modern CI/CD pipelines
Comfortable leveraging AI tools to optimize research and development processes

Requirements:

Build innovative open-source tools to detect and analyze software supply chain attacks
Research supply chain attacks and investigate APT groups' tactics, techniques, and procedures
Reverse engineer, dissect, and decompile malware and vulnerabilities
Drive research and development cycles end-to-end independently

Job description

Description

Ox Security secures the AI-driven SDLC from prompt to production. We eliminate critical, real-time risks from AI code generation through cloud runtime by doing what conventional tools can’t: unifying development and cloud context to stop vulnerabilities right at the source. At OX, we’re building the future of cyber security for the AI era. If you’re looking to work on disruptive technology with an amazing team, you belong here.

We're looking for a highly skilled and driven Security Researcher to join our research group to analyze supply chain attacks, dissect malware, and build open-source tools. This is a high-impact role where you'll work with cross-functional teams to help scan and protect users and organizations around the world from the hottest cyber threats, playing a key part in shaping the future of OX.

Responsibilities

What You'll Be Doing

Build innovative open-source tools to detect and analyze software supply chain attacks, including compromised packages, malicious packages, and package vulnerability exploitation.
Research supply chain attacks and investigate APT groups' tactics, techniques, and procedures (TTPs).
Reverse engineer, dissect, and decompile malware and vulnerabilities, translating findings into comprehensive whitepapers.
Drive research and development cycles end-to-end independently, ensuring high-quality execution from concept to delivery.
Collaborate with internal teams and stakeholders to continuously improve our security posture and methodologies

Requirements

What We're Looking For

5+ years of experience as a Cybersecurity Researcher.
Proven ability to ship software in a production environment.
Strong understanding of the SDLC and modern CI/CD pipelines.
Comfortable leveraging AI tools to optimize research and development processes.
Familiarity with open-source registry ecosystems ( npm, PyPI, Maven) and their respective attack surfaces.
Proactive and independent mindset, with the ability to take full ownership of projects.

Bonus Points For

Active contributions to open-source security tools or research projects.
Hands-on experience with decompilers, debuggers, and network traffic analysis.
Advanced malware analysis experience (including obfuscation, encryption, anti-analysis, and sandbox-evasion techniques).
Web application penetration testing experience.
Published CVEs, coordinated disclosures, writeups, blogs, or research papers.
Experience public speaking at major industry conferences (e.g., Black Hat, DEFCON, RSAC).
A genuine passion for cybersecurity, open-source communities, and solving complex ecosystem threats