Job Description

Who are we?

Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it's not just about finding risk but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders. We are honored to serve more than 1,800 customers, which includes 40 percent of all Fortune 100 companies, including Siemens, Airbus, Salesforce, Stellantis, Adidas, Walmart, and Sanofi.

What You’ll Do

• Lead in-depth analysis of open-source packages to identify malicious behavior and emerging supply chain attack patterns
• Drive investigation of obfuscation techniques, suspicious execution flows, hidden payloads, and advanced evasion methods
• Define and improve detection methodologies for malicious code across ecosystems
• Architect and develop internal research tooling and automation frameworks (primarily in Python)
• Evaluate, validate, and challenge detections from internal and external security tools
• Provide technical direction and mentorship to analysts on complex investigations
• Collaborate closely with the SCS research team and cross-functional security teams to translate research into scalable detection capabilities
• Contribute to research strategy and influence roadmap decisions in the supply chain security domain

Requirements

What We’re Looking For

• 5+ years of professional experience in malicious code analysis, or security research
• Strong expertise in supply chain attack techniques and malicious code patterns
• Proven experience designing detection logic and analytical methodologies
• Strong Python skills for automation, tooling, and large-scale analysis
• Familiarity with both interpreted and compiled languages
• Ability to independently research and deeply understand new technologies and ecosystems
• Strong technical leadership and decision-making capabilities
• High attention to detail with a research-driven mindset
• Fluent English

Advantage

• Reverse engineering experience

What we have to offer

None