Socket aims to solve the business and technical problem of securing the software supply chain by providing tools for developers and security teams to safely find, audit, and manage open-source code, thereby reducing security risks and busywork.
Requirements
- Strong background in one or more of the following: program analysis, data mining, applied machine learning, large-scale systems, or security research.
- Proficiency with languages commonly used for prototyping and research (e.g., JavaScript/TypeScript, Python, or similar).
- Familiarity with software and systems security concepts, such as threat modeling, malware analysis, or adversarial behavior in open ecosystems.
- Experience conducting research involving data analysis, statistical methods, or experimental evaluation.
- Static/dynamic analysis of software or binaries
- Open source security research or published academic work
- Building scalable data pipelines or visualization dashboards
Responsibilities
- Conduct applied research on emerging threats in the software supply chain (e.g., typosquatting, dependency confusion, malicious maintainers) and translate findings into detection prototypes.
- Design and evaluate novel algorithms for identifying malicious or inauthentic activity across ecosystems such as npm, PyPI, and GitHub.
- Leverage data science and machine learning techniques to model suspicious publishing behaviors, coordinated activity, and fraud campaigns.
- Develop automated research tools to collect, transform, and analyze large-scale datasets from third-party APIs (e.g., npm, GitHub, PyPI).
- Prototype and validate detection systems that can be integrated into Socket’s threat intelligence platform, bridging research insights with production impact.
- Collaborate with engineers and designers to experiment with new ways of surfacing research findings in user-facing interfaces and developer workflows.
- Publish research outputs internally (dashboards, reports, proofs-of-concept) to influence product strategy and share with the broader community when appropriate.
Other
- You are enrolled in a postgraduate or PhD program in computer science (or related field) and eager to apply your research expertise to real-world problems in software supply chain security.
- Strong analytical and creative problem-solving skills; able to explore novel approaches and rigorously evaluate their effectiveness.
- Self-motivated and comfortable driving independent research while collaborating with an interdisciplinary team.
- Strong written and verbal communication skills for presenting research findings and collaborating across engineering and design.
- Experience with Socket-supported ecosystems
