Systems Engineer - Research (Junior Level 1)

About CleanStart:

CleanStart is revolutionizing software supply chain security through our advancedvulnerability database platform and CleanStart product line. We provide hardened,vulnerability-free container images with built-in security, compliance, and performancebenefits. Our mission is to transform container security by eliminating pre-existingvulnerabilities and providing full visibility and control over the software supply chain.

Role Overview:

As a Systems Engineer (Junior Level 1) on our Package Research team, you will supportvulnerability research initiatives focused on Linux packages and container security. With 1-3 years of experience, you will assist in identifying security issues in open-sourcecomponents, help analyze package dependencies and contribute to our vulnerabilitydatabase. Your role is critical in maintaining our comprehensive understanding of securityrisks across the Linux package ecosystem.

Key Responsibilities:

• Assist in identifying vulnerabilities in open-source C/Linux packages
• Help analyze package dependencies and security implications
• Support the creation of dependency trees for various packages
• Document findings and contribute to vulnerability databases
• Learn and apply supply chain security principles to package analysis
• Assist with tracking and triaging new CVEs affecting Linux packages
• Support the validation of security fixes and patches
• Help maintain research tools and environments
• Contribute to security documentation and reporting
• Collaborate with senior team members on research projects

Required Qualifications:

• 1-3 years of experience in IT, software development, or security
• Basic understanding of Linux systems and package management
• Knowledge of common vulnerabilities and security concepts
• Familiarity with C programming and common C vulnerabilities
• Willingness to learn and grow in the field of package security
• Attention to detail and strong documentation skills
• Bachelor's degree in computer science or related field, or equivalent experience

Preferred Qualifications:

• Experience with vulnerability scanning tools for Linux packages
• Familiarity with CVE databases and security advisories
• Knowledge of SBOM generation and analysis
• Basic understanding of software dependencies and package ecosystems
• Interest in container security and Linux hardening
• Experience with scripting languages for automation
• Familiarity with version control systems and Linux development