Engineer, Certified Packages

SOCKET

full-time

Posted on: 9/13/2025

Origin: • 🇺🇸 United States

✨ AI Apply

Mid-LevelSenior

GoJavaScriptNode.jsOpen SourcePythonRustSwiftTypeScriptYarn

About the role

Master Socket's Certified Packages workflows, tools, and patching processes
Lead patching efforts for high-impact vulnerabilities across npm packages
Scale patch production to dozens or hundreds of patches per week
Help select and prioritize high-value patches for free community release
Provide technical input on patch prioritization based on ecosystem and customer impact
Build and improve automated patching infrastructure and tooling
Design and implement scalable patch generation and delivery systems
Develop automated vulnerability detection and patch creation workflows
Build APIs and integrations to deliver certified packages
Create tooling for patch quality assurance and testing
Work with security researchers to understand and patch critical vulnerabilities
Help shape the technical roadmap for Certified Packages expansion beyond JavaScript

3+ years of software engineering experience with production systems
Strong proficiency in Node.js, JavaScript, and TypeScript
Experience with package managers (npm, yarn, pnpm) and the JavaScript ecosystem
Understanding of software security concepts and vulnerability management
Experience building and scaling APIs and data processing pipelines
Familiarity with automated testing, CI/CD, and deployment systems
Preferred: Experience with security tooling, vulnerability scanning, or patch management
Preferred: Knowledge of software supply chain security challenges
Preferred: Experience with other package ecosystems (Python, Go, Rust, etc.)
Preferred: Open source contributions or package maintenance experience
Preferred: Background in DevSecOps or security engineering
Preferred: Experience with high-throughput data processing systems