We are a forward-thinking cybersecurity company dedicated to protecting thousands of developers worldwide. Our mission is to ensure the safety and integrity of the global software supply chain through cutting-edge systems and solutions. Currently we are focused on building the world's first AI-powered Software Supply Chain Firewall.
If you're passionate about innovation, collaboration, and making a meaningful impact, we want you to join our team.
The RoleAs a Cybersecurity Engineer, you'll be at the forefront of identifying and analyzing security vulnerabilities in the open source ecosystem. Your research will directly contribute to protecting thousands of developers worldwide. You'll work closely with our AI and engineering teams to develop novel detection methods and create scalable security solutions.
Your role will involve investigating complex supply chain attacks, researching emerging threats, and developing innovative methodologies for detecting and preventing security breaches. You'll also contribute to our knowledge base and help shape industry best practices in software supply chain security.
RequirementsWhat You'll DoReview and assess the validity of known vulnerabilities, occasionally delving deeper to thoroughly understand the issues at hand
Conduct in-depth research on individual software packages and the software package ecosystems including npm, PyPI, Maven and more
Contribute to the development and maintenance of the vulnerability database, focusing on Python, Java, and JavaScript ecosystems
Experiment with and discover novel ways to detect potential vulnerabilities in packages or software
Collaborate with data engineers to translate novel vulnerability detection methods into systematic, repeatable processes within our data processing system
Work closely with the Lead System Architect and Senior Data Engineer to integrate security findings into the data processing system
Develop and optimize AI-driven modules and components to enhance the system's security capabilities
Stay up-to-date with the latest security trends and incorporate this knowledge into the system
Embrace a fast-paced, iterative development approach, delivering working solutions quickly and continuously improving based on feedback
Present research findings at security conferences and industry events
Impact:
As a Cybersecurity Research Engineer, you will play a vital role in building and maintaining an industry-leading vulnerability database that will protect and secure the Python, Java, and JavaScript ecosystems. Your work will have a massive impact on the cybersecurity landscape, empowering organizations worldwide to safeguard their software supply chains and mitigate vulnerabilities. Be part of a team that is at the forefront of innovation, leveraging cutting-edge AI technologies to revolutionize the way we approach cybersecurity.
If you are excited about the opportunity to make a significant impact in the cybersecurity domain and build a world-class vulnerability database, we want to hear from you! Join our dynamic and fast-paced startup, where you'll have the chance to work with cutting-edge technologies, shape the future of software supply chain security, and deliver impactful results through iterative deployments.
About YouStrong multi-year technical and cybersecurity research experience, specifically in software supply chain security. This should include research experience with "accidental vulnerabilities" as well as "intentionally malicious" components.
Programming experience in Python, Java, or JavaScript, complemented by an understanding of their package ecosystems and associated vulnerabilities.
Experience using LLMs, such as GPT, Claude, or Copilot, for security research and analysis
Strong communication skills and experience working in remote teams
Passionate about staying at the forefront of cybersecurity research and AI-driven solutions
We prioritize supporting our team’s growth, wellness, and success. Benefits include:
Competitive salary: 120,000 CAD - 150,000 CAD (depending on experience)
Private Healthcare Plan
Generous equity stock options to share in our success
Ability to work remotely and thrive in an adaptable, inclusive environment
Flexible working hours, providing responsibilities are effectively managed
We believe in building products that make a real difference in the security landscape. Our team values technical excellence, open collaboration, and continuous learning.
One of our core commitments to our team and the culture is fostering belonging. We're committed to fostering an inclusive environment where diverse perspectives are valued and everyone's growth is supported. We recognize the value diversity brings not only to us as individuals, but as an organization. And we go out of our way to make each other feel understood, respected, and supported..
Check out our Core Commitments here.
Our Commitment to InclusionWe believe that diverse teams build better products. We actively strongly encourage applications from individuals who identify as women, people of color, LGBTQIA+, Indigenous, Native American, First Nations, Inuit, Métis, people with disabilities, or as part of other marginalized and historically underrepresented.
If you're passionate about full-stack development, excited about cybersecurity, and want to work in an inclusive environment where your voice is heard and your growth is actively supported, we'd love to hear from you. Join us in our mission to make the digital world safer for everyone!
Ready to Apply?We're looking for people who are passionate about building secure, scalable solutions. Don't worry if you don't match every requirement – we value diverse backgrounds and perspectives. If you're excited about our mission and think you can contribute, we'd love to hear from you!
We are committed to working with applicants requesting accommodations at any stage of the hiring process. If you require accommodations, please let us know.
Hiring Process OutlineTimeline: The process should roughly take 2 weeks, if scheduling and timing will allow for it.
Short Screening Interview
Core Commitment Interview with our Head of Research
Technical Interview with security team
Interview with our CEO
Along the way, we'll talk through your background and interests to determine whether Safety is a good fit for your career goals.
Top Skills
What We Do
Safety CLI is a Python dependency vulnerability scanner designed to enhance software supply chain security by detecting packages with known vulnerabilities and malicious packages in local development environments, CI/CD, and production systems.
Safety CLI can be deployed in minutes and provides clear, actionable recommendations for remediation of detected vulnerabilities.
Leveraging the industry's most comprehensive database of vulnerabilities and malicious packages, Safety CLI Scanner allows teams to detect vulnerabilities at every stage of the software development lifecycle.
Key Features
- Versatile, comprehensive dependency security scanning for Python packages.
- Leverages Safety DB, the most comprehensive vulnerability data available for Python.
- Clear output with detailed recommendations for vulnerability remediation.
- Automatically updates requirements files to secure versions of dependencies where available, guided by your project's policy settings.
- Scanning of individual requirements files and project directories or system-wide scans on developer machines, CI/CD pipelines, and Production systems to detect vulnerable or malicious dependencies.
- JSON, SBOM, HTML and text output.
- Easy integration with CI/CD pipelines, including GitHub Actions.
- Enterprise Ready: Safety CLI can be deployed to large teams with complex project setups with ease, on-premise or as a SaaS product.
