Security Researcher – Supply Chain Threats

About the role

We are seeking an experienced Security Researcher to join a cutting‑edge cybersecurity team in Italy. The role focuses on defending modern software ecosystems by investigating supply‑chain attacks, analysing malware, and creating innovative detection tools.

Key responsibilities

• Conduct in‑depth research on software supply‑chain threats, emerging attack techniques and advanced adversary behaviours.
• Analyze, reverse‑engineer and investigate malware, vulnerabilities and malicious packages to develop detection methods.
• Design, build and maintain open‑source tools that improve detection, analysis and prevention of supply‑chain attacks.
• Research threat actors and APT groups, documenting tactics, techniques and procedures.
• Translate technical findings into research reports, whitepapers and documentation for internal and external audiences.
• Lead research initiatives from concept through implementation, ensuring high quality and innovation.
• Collaborate with engineering, product and security teams to enhance security methodologies and platform resilience.
• Monitor evolving cybersecurity trends affecting open‑source and cloud‑native environments.

Required profile

• Minimum 5 years of experience in cybersecurity research, threat research, malware analysis or vulnerability research.
• Strong software development background with a track record of delivering production‑quality tools.
• Deep understanding of the Software Development Lifecycle, DevSecOps and modern CI/CD pipelines.
• Knowledge of software supply‑chain security and open‑source package ecosystems (npm, PyPI, Maven, etc.).
• Experience leveraging AI‑powered tools to enhance research and automation.

Required skills

• Malware analysis
• Reverse engineering
• Software development
• CI/CD
• DevSecOps
• SDLC
• npm
• PyPI
• Maven
• AI‑powered research tools