Senior Security Researcher

About Us Endor Labs is building the Application Security platform for the software development revolution. Modern software is complex and dependency-rich, making it increasingly difficult to pinpoint the risks that truly matter. Endor Labs solves this challenge by building a call graph of your entire software estate—enabling teams to clearly identify, prioritize, and fix critical risks faster. Trusted by companies that are one or one hundred years old, Endor Labs secures code whether it was written by humans or AI, and whether it's 40-year old C++ code or cutting edge Bazel Monorepos. Endor Labs was founded by serial entrepreneurs Varun Badhwar and Dimitri Stiliadis, and is backed by leading VC firms such as Dell Technology Capital, Lightspeed, and Sierra Ventures. About the Role We are looking for a Senior Security Researcher to lead our offensive security research efforts in the domain of software supply chain security. This is a unique opportunity to work at the forefront of secure SDLC and software supply chain security, identifying zero-day vulnerabilities in software artifacts and CI/CD systems, analyzing attack trends, and influencing the next generation of security capabilities in our products. This role requires deep technical expertise in vulnerability research, application security, reverse engineering, and offensive security techniques. The ideal candidate will also play a key role in publishing groundbreaking research through blogs, white papers, and speaking engagements at top security conferences. How You'll Make an Impact Conduct offensive security research on software supply chain threats, identifying and analyzing zero-day vulnerabilities. Develop and refine exploit techniques to understand modern attack vectors targeting software supply chain through malicious code, 3rd party libraries, and CI/CD systems. Work closely with Product Management to translate research findings into innovative security capabilities within Endor Labs' products. Publish research findings through technical blogs, white papers, and industry-leading security conferences. Collaborate with security engineers and developers to prototype and implement detection and mitigation strategies for emerging threats. Contribute to the security community by developing open-source tools, methodologies, or frameworks that enhance software supply chain security. Stay ahead of the latest threats, attacker methodologies, and evolving security trends to continuously refine our research efforts. What You Bring to the Table 5+ years of experience in security research, vulnerability discovery, and offensive security. Deep expertise in reverse engineering, exploit development, and software vulnerability analysis. Strong understanding of software supply chain security, including package management systems, CI/CD pipelines, and dependency analysis. Experience discovering and responsibly disclosing zero-day vulnerabilities. Proven track record of publishing high-quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides). Proficiency in programming languages such as Python, Rust, or Go. Strong analytical skills and the ability to conduct complex security research autonomously. Excellent communication skills, both written and verbal, to convey technical concepts to diverse audiences. Why Join Endor Labs? Work with a world-class team dedicated to pushing the boundaries of security research. Directly influence the security of modern software supply chains. A culture that values innovation, collaboration, and continuous learning. Competitive compensation, flexible work environment, and a generous benefits package. Opportunity to present groundbreaking research and contribute to the global security community. If you are excited about making a real impact in cybersecurity and shaping the future of software supply chain security, we’d love to hear from you! Apply now to join our team of world-class security experts!