Senior Security Engineer


Who We Are

npm is the world’s largest software repository, with over 10 million users and over 26 billion software package downloads every month. 

What You'll Do

The npm registry supplies the world with its JavaScript. Its availability and security is critical to the daily work of millions of JavaScript programmers. We need your help to build and audit systems, improve tooling, and collaborate with our other teams to help keep npm services secure.

* Support the security team with engineering efforts

- Improve existing tools and build new ones from scratch to help security efforts

- Build tooling in JavasScript to help security research and development

*Support the engineering team with security advice and fixes

- Perform code and architecture reviews from a security perspective

- Help support a Secure software development life cycle for our engineering team

* Identify problems and investigate incidents as needed understanding their security impact and root cause as well as providing guidance for remediation.

* Help keep the registry as secure as it can be with the support of your colleagues

* Write internal documentation. This includes RFCs for new features as well as descriptions of APIs.

* Collaborate with teams across the company - from Engineering and Support to Sales and Marketing.

What you’ll need

Ability to program in JavaScript; other languages or frontend experience are a bonus

Ability to read code / design documents and identify security flaws and weaknesses

Your work at npm will help JavaScript developers around the world to build amazing things, safer.

Our Code of Conduct

npm exists to facilitate sharing code, by making it easy for JavaScript module developers to publish and distribute packages.

npm is a piece of technology, but more importantly, it is a community.

We believe that our mission is best served in an environment that is friendly, safe, and accepting; free from intimidation or harassment. We do not tolerate abusive behavior. See our unabridged code of conduct here.

Why You Should Join

In joining the npm team, you'll become an important part of a small but dedicated security team. We strive to provide a sensible working environment that doesn't ask for or encourage habitual overtime and we offer flexibility in schedule. We have a progressive parental leave policy and vacation time is not just encouraged, but celebrated. We also understand that healthy schedules lead to better outcomes. To help ensure this balance we have contracted support night coverage so we don't interrupt anyone's sleep. 

We believe that high-performing teams include people from different backgrounds and experiences who can challenge each other's assumptions with fresh perspectives. To that end, we actively seek a diverse pool of applicants, including those from historically marginalized groups — women, people with disabilities, people of color, formerly incarcerated people, people who are lesbian, gay, bisexual, transgender, and/or gender nonconforming, first and second generation immigrants, and people from low-income families.