Build incident intelligence workflows, package-risk evaluation pipelines, and the research surfaces that translate security events into actionable controls.
You will build the pipelines and interfaces that transform raw registry, advisory, and package metadata into high-trust risk signals.
The work spans threat-intelligence ingestion, scoring logic, policy explainability, and the presentation layer that makes those findings legible for platform and security teams.
About Package Ninja
This role sits between product thinking and applied research, helping turn real package incidents into trustworthy, operator-useful security decisions.
What you'll do
Package intelligence
Design the systems that evaluate package trust, affected versions, and supply-chain quality signals at scale.
Research tooling
Build internal workflows for reviewing incidents, curating risk catalogs, and publishing defensible policy recommendations.
What you bring
- Experience shipping backend or data-heavy product systems.
- Strong judgment around security signal quality, explainability, and operational noise.
- Comfort moving between research prototypes and production implementations.