Job Description

Who we are

Our mission is to help developers and AppSec teams spend more time accelerating development and less time dealing with security issues. Watch our 3 min pitch from our Founder & CEO here: https://www.youtube.com/watch-v=B0wmZBcPkFE

Endor Labs has been recognized as a Gartner Cool Vendor, a RSA Innovation Sandbox finalist, and a Black Hat Innovation Spotlight finalist, all in its first year from launch.

The company was founded by Varun Badhwar and Dimitri Stiliadis, who have created multiple category-defining cloud security companies. We have raised $70M in Series A funding and assembled a team of the world’s leading static analysis experts and enterprise software veterans to increase developer productivity and open source software adoption.

What you’ll do

• The primary tasks of this position relate to the broad field of software vulnerability research, i.e. the discovery and evaluation of security vulnerabilities in first- and third-party software components. The focus clearly lies on application security, in contrast to network security, cryptography or other security fields.
• The tasks comprise, for example, the detection of 0-day vulnerabilities in open source projects, the development of exploit code and PoCs for known vulnerabilities, the evaluation and comparison of security tools, the detection of malicious open source components, or the development, configuration and use of SAST or DAST tools.
• One specifically important task includes the oversight (and possible extension) of Endor Labs’ vulnerability database and ingestion process, to ensure the timely production of accurate advisories by our third-party suppliers, and their ingestion by our cloud platform.
• All those tasks include the opportunity to present novel research at security conferences or other events, and – more generally – participate in dissemination and communication efforts, e.g. through the writing of blog posts or technical reports/whitepapers.

What we're looking for

• Bachelor's degree in engineering with at least 5 years of experience in application security
• Programming experience (Go, Java, JS, Python)
• Understanding of software weaknesses and vulnerabilities
• Experience in configuring and operating security tooling (SCA, SAST, etc.)
• Understanding of industry standards in the field (CVE, EPSS, etc.)

Nice to have

• Experience in developing own security tools or SAST rules
• Understanding of software supply chains and their attack surface
• Publicly reported 0-day vulnerabilities
• Experience in malware detection and analysis
• Security certification like OffSec Certified Professional (OSCP) or Certified Ethical Hacker (CEH)

At Endor Labs, we:

• Strive for excellence in everything we do, prioritizing quality, speed, and impactful outcomes.
• Engage in first principles thinking to debate ideas, test assumptions, and make decisions.
• Put data above opinions, seeking truth and clarity in all our endeavors.
• Embrace a culture of feedback and continuous improvement, assuming good intent in all interactions.
• Celebrate wins as a team, understanding that our collective success is intertwined with the success of our customers.