Senior Security Researcher

Point Wild helps customers monitor, manage, and protect against the risks associated with their identities and personal information in a digital world. Backed by WndrCo, Warburg Pincus and General Catalyst, Point Wild is dedicated to creating the world’s most comprehensive portfolio of industry-leading cybersecurity solutions. Our vision is to become THE go-to resource for every cyber protection need individuals may face - today and in the future. 

Join us for the ride!

About the Role

You'll own the detection pipeline end-to-end for our software supply chain security platform, catching malicious packages and compromised CI/CD pipelines before they reach production systems. This hands-on role involves designing detection systems, hunting threats, disclosing vulnerabilities, and publishing research that protects customers and establishes our voice in the security community. You'll work directly with detection systems that scan open-source packages at scale and turn findings into actionable intelligence.

What You'll Do

• Design systems that scan open-source packages (npm, PyPI, RubyGems, Maven, crates.io, Go modules, GitHub Actions, container images) for malicious behavior at scale
• Hunt novel malicious packages, typosquats, dependency confusion attempts, compromised maintainers, and CI/CD abuse patterns
• Coordinate with maintainers, foundations, and registries to file CVEs and work with GitHub Security Advisories and OSV schema
• Build internal tooling using static analysis and AI models to triage findings, summarize package diffs, and cluster related campaigns
• Publish technically rigorous blog posts for every significant finding that establish thought leadership and drive community engagement
• Tune detection signals, reduce false positives, and develop countermeasures against evolving sandbox evasion techniques

What We're Looking For

• 4+ years of security research experience with published CVEs, GHSAs, or equivalent advisories with your name on them
• Deep expertise in multiple vulnerability classes including malicious packages, RCE, prototype pollution, deserialization, SSRF, auth bypasses, and CI/CD attack paths
• Experience designing and operating detection, scanning, or analysis pipelines at scale that run continuously and produce actionable signal
• Strong programming skills in TypeScript, Python, Go, or Rust with ability to read code across multiple languages (JavaScript, Ruby, Java, PHP)
• Proven track record of writing high-quality technical blog posts quickly and hands-on experience using LLMs as research tools

Bonus Points

• Contributions to OpenSSF, OSV, Sigstore, SLSA, or adjacent open source security projects
• Reverse engineering experience with obfuscated JavaScript droppers, packed binaries, or malicious post-install scripts
• Conference speaking experience at DEF CON, Black Hat, BSides, OffensiveCon, or Kaspersky SAS

As part of Point Wild, you will:

Solve real customer problems. Point Wild’s point solutions allow consumers to address their immediate cyber protection needs. Our mandate is to continuously anticipate our customers’ evolving digital security needs to create best-in-class solutions aimed at keeping them safe.

See your impact. We are a scrappy, nimble organization where individual contributions are needed and valued. You will see your impact every day.

Accelerate your career.  As we expand, you will have the opportunity to learn new technologies, products, and markets in a fast-paced, growth-oriented environment.

Most importantly, you’ll get to work with other talented people at a company where people matter. If you want to put your fingerprint on an organization and leapfrog your growth, this is the place for you.

In keeping with our beliefs and goals, no employee or applicant will face discrimination or harassment based on race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability status, or veteran status. Above and beyond discrimination or harassment based on “protected categories,” Point Wild is committed to being an inclusive community where all feel welcome. Whether blatant or hidden, barriers to success have no place at Point Wild.

Important privacy information for United States based job applicants can be found here.