About Triam Security:

Triam Security is revolutionizing software supply chain security through our advanced
vulnerability database platform and CleanStart product line. We provide hardened,
vulnerability-free container images with built-in security, compliance, and performance
benefits. Our mission is to transform container security by eliminating pre-existing
vulnerabilities and providing full visibility and control over the software supply chain.

Role Overview:

As a Senior Systems Engineer on our Package Research team, you will lead vulnerability
research efforts focused on software packages and dependencies within container
ecosystems. You will identify, analyze, and document vulnerabilities in open-source
components, with a deep focus on C/Linux packages and libraries. Your expertise will be
crucial in developing strategies to mitigate security risks and maintain our zero-vulnerability
standard across all container packages.

Key Responsibilities:

• Lead vulnerability research for Linux packages and dependencies in container
  ecosystems
• Analyze common software supply chain attacks and develop mitigation strategies
• Research pre-existing vulnerabilities in package repositories like Alpine, Debian,
  etc.
• Create comprehensive dependency trees to track vulnerability propagation
• Develop methodologies for analyzing C/Linux package vulnerabilities
• Design validation processes for package security verification
• Create and maintain vulnerability databases and tracking systems
• Collaborate with Package Build and QA teams to implement security measures
• Mentor junior researchers on advanced vulnerability analysis techniques
• Stay current with emerging threats and vulnerability trends in Linux ecosystems

Required Qualifications:

• 5+ years of experience in security research, Linux systems, or related fields
• Deep understanding of C/Linux package vulnerabilities and security issues
• Experience with tools for scanning and identifying vulnerabilities in packages
• Strong knowledge of Linux package management systems (APK, RPM, DEB)
• Proficiency with Linux environments, particularly Alpine, Ubuntu, and similar
  distributions
• Experience with C code analysis and vulnerability identification
• Strong analytical and problem-solving skills
• Experience generating and analyzing SBOMs (Software Bill of Materials)

Preferred Qualifications:

• Experience with automated vulnerability detection in C/Linux packages
• Knowledge of exploit development and vulnerability validation
• Familiarity with binary analysis tools and techniques
• Experience with FIPS compliance requirements
• Background in Linux systems programming or package development
• Contributions to security research or vulnerability databases
• Understanding of container image security and hardening techniques
• Experience with security attestation and verification systems