Senior Security Researcher - Hunter team (SAST)
London, UK (Remote), Tel Aviv, Israel (Remote), Cluj, Romania (Remote)
Snyk
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.Every day, the world gets more digital thanks to tens of millions of developers building the future faster than ever. But with exponential growth comes exponential risk, as outnumbered security teams struggle to secure mountains of code. This is where Snyk (pronounced “sneak”) comes in. Snyk is a developer security platform that makes it easy for development teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and cloud infrastructure — and do it all right from the start. Snyk is on a mission to make the world a more secure place by empowering developers to develop fast and stay secure.
Overview
We’re looking for an experienced Security Researcher to join Snyk’s Hunter team and take part in research-led work developing the rules for the Snyk Code SAST engine. We regularly look at new and emerging languages, technologies and frameworks to better model the source code we analyse for our customers, helping them identify potential security vulnerabilities before their code reaches production.
You’ll Spend Your Time:
- Writing security rules to detect known and unknown vulnerabilities using a proprietary language and built-for-purpose tooling.
- Taking an active part in shaping existing and future language and framework support for Snyk Code.
- Diving deeper into the mechanics of a programming language or a framework, including looking at best practices, common vulnerable patterns, and novel security issues.
- Dealing with complex customer issues i.e. resolving false positive or false negative issues; to help cement our position as the most accurate tool in the market.
- Leading projects with other teams involved in Snyk Code related to Program Analysis and Machine Learning. You will often collaborate with other teams by providing domain guidance and expertise to enhance the security offering provided by the various Snyk products.
- Taking part in independent research projects on research days and on a rotational basis.
- Writing blogs about the research projects, i.e: https://snyk.io/blog/finding-yaml-injection-with-snyk-code/, https://snyk.io/blog/the-dangers-of-setattr-avoiding-mass-assignment/.
- Performing exploratory research in order to better understand potential gaps in the system, or guide our way towards implementation of features.
- Working directly with leading open source maintainers to disclose new security issues and help secure their products.
- Presenting your research at security working groups, conferences, and in publications.
What You’ll Need:
- Application security experience as a developer, pentester or consultant
- Good understanding of major vulnerability types such as XSS, CSRF, SQL Injection, Deserialization, RCE, Buffer Overflow, Use After Free etc.
- Experience with C/C++ or a similar low-level programming language, and with a variety of other high-level languages (Java, C#, Python or similar).
- Interest in learning about the mechanics and inner workings of a language or a framework.
- Strong communication skills in English, spoken and written
We’d be Lucky if You:
- Have experience with SAST concepts and tools
- Have taken part in CTF’s, bug-bounty programs or identified vulnerabilities leading to CVE’s.
- Enjoy hunting for security vulnerabilities through the wilds of open source software security.
#LI-HW1
We care deeply about the warm, inclusive environment we’ve created and we value diversity – we welcome applications from those typically underrepresented in tech. If you like the sound of this role but are not totally sure whether you’re the right person, do apply anyway!
About Snyk
Snyk is committed to creating an inclusive and engaging environment where our employees can thrive as we rally behind our common mission to make the digital world a safer place. From Snyk employee resource groups, to global benefits that help our employees prioritize their health, wellness, financial security, and a work/life blend, we aim to support our employees along their entire journeys here at Snyk.
Benefits & Programs
Prioritize health, wellness, financial security, and life balance with programs tailored to your location and role.
- Flexible working hours, work-from home allowances, in-office perks, and time off for learning and self development
- Generous vacation and wellness time off, country-specific holidays, and 100% paid parental leave for all caregivers
- Health benefits, employee assistance plans, and annual wellness allowance
- Country-specific life insurance, disability benefits, and retirement/pension programs, plus mobile phone and education allowances
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security C Cloud CSRF CTF Java Machine Learning Open Source Python SAST SQL SQL injection Vulnerabilities XSS
Perks/benefits: Career development Conferences Flex hours Flex vacation Health care Insurance Parental leave Startup environment Wellness
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs