×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Cybersecurity Researcher

Job in Laval, Province de Québec, Canada
Listing for: Safety
Full Time position
Listed on 2026-05-31
Job specializations:
  • IT/Tech
    Cybersecurity
Job Description & How to Apply Below

This range is provided by Safety. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

CA$/yr - CA$/yr

Our Mission

Safety secures the software supply chain for the world's data and development teams. We protect every package that is actually used, from local developer machines to production environments, from traditional IDEs to AI coding assistants without disrupting existing workflows. Our mission is to make open source packaging secure by default, providing complete visibility, governance, and protection across Python, Java, and JavaScript ecosystems.

We're building the infrastructure that will secure companies and shape how enterprises adopt AI‑driven development safely. If you're passionate about defending critical infrastructure at scale and want your work to directly protect millions of installations, we want you to join us.

The Role

As a Cybersecurity Researcher, you'll be the engine behind what makes Safety's security offering better than alternatives. Your research will directly contribute to protecting thousands of developers worldwide and millions of package installations across Python, Java, and JavaScript ecosystems.

You’ll hunt malicious packages in real‑time, enrich vulnerability data that powers our industry‑leading database, and validate reachability analysis that tells customers exactly which vulnerabilities matter in their code. Your research becomes the intelligence layer behind Safety's Firewall. When you catch a malicious release, you're auto‑blocking attacks before they reach production environments.

This isn't research in isolation. You'll work at the intersection of security analysis and product development, seeing your findings ship to customers within days. You'll develop detection rules that run against 70,000+ daily package releases, reduce false positives that improve customer trust, and contribute original research that positions Safety as a thought leader in supply chain security.

Requirements What You’ll Do
  • Hunt Malicious Packages
    :
    Analyze suspicious packages across PyPI, npm, and Maven in real‑time, developing detection rules that protect customers before threats reach production.
  • Enrich Vulnerability Data
    :
    Review and validate vulnerabilities, adding reachability analysis and context that makes Safety's database more accurate than baseline sources like OSV.
  • Reduce False Positives
    :
    Refine our own tooling and the detection logic by analyzing flagged packages, documenting patterns, and optimizing rules to improve customer trust.
  • Build AI‑Driven Detection Systems
    :
    Collaborate with data engineers to develop LLM‑assisted analysis tools and automated detection processes that scale to 70,000+ daily package releases.
  • Drive Research Innovation
    :
    Experiment with AI‑powered techniques for vulnerability detection, changelog analysis, and threat identification to stay ahead of emerging attacks.
  • Ship with Velocity
    :
    Embrace fast‑paced iteration, deliver detection improvements quickly, refine based on customer feedback, and see your work protect thousands of developers and environments within days.
  • Establish Thought Leadership
    :
    Contribute original research through blog posts and conference presentations that position Safety as an industry leader in supply chain security.
About You
  • Security Research Experience
    :
    Multi‑year experience in cybersecurity research with hands‑on experience investigating both accidental vulnerabilities and intentionally malicious components in software supply chains.
  • Ecosystem Expertise
    :
    Deep understanding of package ecosystems (PyPI, npm, Maven) including how they work, common attack vectors, and vulnerability patterns, with programming ability in Python, Java, or JavaScript.
  • AI‑Powered Analysis
    :
    Experience using LLMs (GPT, Claude, Copilot) for security research, code analysis, or threat detection. Comfortable experimenting with prompts and integrating AI into research workflows.
  • Detection Development
    :
    Track record of building or improving automated security detection systems, including writing rules, reducing false positives, and scaling analysis to large datasets.
  • Velocity & Collaboration
    :
    Comfortable…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search