SeniorSecurityResearcher

Point Wild helps customers monitor, manage, and protect against the risks associated with their identities and personal information in a digital world. Backed by WndrCo, Warburg Pincus and General Catalyst, Point Wild is dedicated to creating the world’s most comprehensive portfolio of industry-leading cybersecurity solutions. Our vision is to become THE go-to resource for every cyber protection need individuals may face - today and in the future. Join us for the ride! About the Role You'll own the detection pipeline end-to-end for our software supply chain security platform, catching malicious packages and compromised CI/CD pipelines before they reach production systems. This hands-on role involves designing detection systems, hunting threats, disclosing vulnerabilities, and publishing research that protects customers and establishes our voice in the security community. You'll work directly with detection systems that scan open-source packages at scale and turn findings into actionable intelligence. What You'll Do Design systems that scan open-source packages (npm, PyPI, RubyGems, Maven, crates.io, Go modules, GitHub Actions, container images) for malicious behavior at scale Hunt novel malicious packages, typosquats, dependency confusion attempts, compromised maintainers, and CI/CD abuse patterns Coordinate with maintainers, foundations, and registries to file CVEs and work with GitHub Security Advisories and OSV schema Build internal tooling using static analysis and AI models to triage findings, summarize package diffs, and cluster related campaigns Publish technically rigorous blog posts for every significant finding that establish thought leadership and drive community engagement Tune detection signals, reduce false positives, and develop countermeasures against evolving sandbox evasion techniques What We're Looking For 4+ years of security research experience with published CVEs, GHSAs, or equivalent advisories with your name on them Deep expertise in multiple