Associate Security Analyst, Security Group

Cluj, UK, or Remote

Applications have closed
Snyk logo

Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

All roles listed as ‘remote’ are available as remote within the same country.

Overview

We are looking for a curious, analytical and detail-oriented Security Analyst to join our team and help us uncover unknown vulnerabilities that exist in open source.

Your Role:

In modern software development, much of any project's code relies on open source packages. These are out there in the world, visible for anyone, and within that code there are vulnerabilities. As part of our security team, you'll join us on our mission to continually improve our ability to find these open source vulnerabilities in a programmatic way.

You'll join our interdisciplinary security team, alongside fully dedicated engineers focussed on building tools that make your work more effective and have lots of opportunities to learn and grow. This role is particularly well-suited to help you develop a deep understanding of how code works, and over time you'll have the opportunity to work with just about every programming language. You can read here in-depth about the way the team works and builds out the leading open source security database.

You’ll spend your time:

  • Triaging and analysing potential vulnerabilities discovered within open-source dependencies
  • Further researching known vulnerabilities to determine characteristics such as severity and exploitability
  • Using research to verify or disqualify potential vulnerabilities
  • Using data analyst techniques to answer research questions about vulnerabilities, and general threat intelligence trends
  • Developing and testing theories and hypotheses around new areas that Snyk tackles
  • Exploring and establishing the new abilities we need to develop our product to further achieve our mission

You should apply if you:

  • You're comfortable working with large datasets (we use BigQuery; ideally you'll have used one of BigQuery, elasticsearch, kibana, hadoop etc.)
  • Have a passion for security and an interest in the problem space
  • You’ve triaged and analysed data before using techniques and tools such as pandas and jupyter
  • Have experience using statistical tools to help answer research questions
  • Love to automate your work, through writing your own scripts (we use Python and JavaScript)
  • Enjoy learning new techniques and getting experience in new fields
  • You have previous experience working with open source codebases

We’d especially love to hear from you if you:

  • You have worked with researchers before, ideally in the security space or have conducted security research yourself
  • You have experience PoCing vulnerabilities and dealing with vulnerability disclosures
  • You have worked closely with Data Scientists in the past and have experience working with ML

Interested?

Please apply below! We care deeply about the warm, inclusive environment we’ve created and we value diversity - we welcome applications from those typically underrepresented in tech. If you like the sound of this role, but are not totally sure whether you’re the right person, do apply anyway :)

About Snyk

Snyk’s mission is to help developers use open source code and stay secure. 

The use of open source is booming, but security is a key concern (https://snyk.io/stateofossecurity/). Snyk’s unique product enables developers and enterprise security teams to continuously find & fix vulnerable dependencies without slowing down, offering seamless integration into Dev, DevOps and DevSecOps workflows. We care deeply about the quality and usefulness of the tools we develop, always focusing on our customers and users. 

We are experiencing rapid growth - and we want you to join us! By the end of Q3 2019 alone, Snyk was already adopted by over 450,000 developers, and including multiple enterprise customers (such as Google, New Relic, ASOS and others). We also raised an additional $200 Million, announced on September 9, 2020, from investors such as Stripes and Salesforce Ventures, demonstrating that they are as excited as we are by Snyk’s progress and potential.

We believe open source software is a force for good, and we’re building Snyk to make it easier for developers who aren’t security experts to stay secure

#LI-TF1

#LI-Remote

About Snyk

Snyk is the leader in developer security. We empower the world's developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. 

At Snyk, we envision an inclusive technology industry powering a more sustainable and secure world. Since our founding, Snykers have cared deeply for one another and the developer and security communities as well as the larger world around us. Learn more about our Snyk Impact social and environmental mission and take action with us here.

Snyk's Developer Security Platform automatically integrates with a developer's workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 1,200 customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce.

Snyk is recognized on the Forbes Cloud 100 2021, the 2021 CNBC Disruptor 50 and was named a Visionary in the 2021 Gartner Magic Quadrant for AST.

* Salary range is an estimate based on our salary survey 💰

Tags: Cloud DevOps DevSecOps Elasticsearch JavaScript MongoDB Open Source Python Threat intelligence Vulnerabilities

Perks/benefits: Career development

Regions: Remote/Anywhere Europe
Country: United Kingdom
Job stats:  60  6  0
Category: Analyst Jobs

Explore more Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.