The role, in a nutshell:

You will serve within Chainguard Labs, an applied R&D lab at Chainguard, as the research lead on open source software vulnerabilities. Chainguard Images and Wolfi, the distro behind Chainguard Images, offer the promise of containers and packages with few or no known vulnerabilities. To ensure that Chainguard delivers upon this promise and also to build upon it, Chainguard Labs seeks an experienced researcher with expertise related to software vulnerabilities, especially in open source software. While expertise in discovering vulnerabilities in open source software is welcome, other forms of expertise, such as techniques for enriching vulnerability data, performing automated false positive detection or quantitatively analyzing vulnerability trends, are also welcome. This list of vulnerability sub-topics is not meant to be comprehensive. Supervising junior researchers, contractors and interns would also be part of the role. As a member of Chainguard Labs, you are also expected to write and speak about your vulnerability research efforts in order to promote the expertise and reputation of Chainguard. More broadly, you will be expected to play a mentorship role, helping researchers and engineers with less experience related to vulnerabilities, especially research related to vulnerabilities, make informed decisions.

What you’ll do:

• Design and conduct in-depth research related to open source software vulnerabilities.
• Collaborate with team members in product and engineering and marketing, serving as a source of expertise related to research on vulnerabilities while designing, conducting, and reporting on these experiments, ensuring that the analysis and findings benefits Chainguard.
• Communicate research findings through clear and concise written reports, published articles, and blog posts.
• Engage in public speaking engagements, workshops, and industry conferences to represent Chainguard’s research initiatives.
• Provide technical guidance and mentorship to junior researchers, contractors, and interns, fostering a collaborative environment.

What we’re looking for:

• PhD or masters degree in a relevant field with a strong publication record.
• Proven track record of conceiving and leading complex research and development projects related to open source software software vulnerabilities from conception to completion.
• Knowledge of software security, especially open source software security.
• Solid understanding of open source software ecosystems, linux distributions, package management, and software vulnerabilities.
• Excellent communication skills, both written and verbal, with the ability to present research findings to technical and non-technical audiences.
• Comfortable with public speaking engagements and interacting with industry experts.
• Strong collaborative and team-oriented mindset, with the ability to mentor and guide junior researchers.
• Demonstrated interest in exploring the practical applications of research in real-world products and technologies.