Open Source Vulnerability Security Researcher - 100% Remote
Colombia - Remote
Sonatype
Accelerate innovation by building security directly into your software development lifecycle. Trusted by +2000 organizations and +15 million developers.Already used by 15 million developers, we have lofty goals for our technology to be in the hands of every engineering team. And, we need you to do that. Join us!
Learn more at www.sonatype.com.
Sonatype’s mission is to enable organizations to better manage their software supply chain. We offer a series of products and services including the Nexus Repository Manager and Nexus Lifecycle Manager.
The Security Researcher will investigate and analyze vulnerabilities in open-source software.
Sonatype is looking for a passionate, driven and talented Security Researcher to provide high quality security data from researching software vulnerabilities. This high quality security data ensures that our customers are getting maximum value out of our products making them feel like they are part of the Sonatype family. If you are a positive-thinker and problem-solver and believe that customer success and company success go hand-in-hand, this is a great job for you. This position will provide a valuable learning opportunity with great potential to grow your newly started career in cyber-security. Enjoy your job as you work in a fast-paced, flexible, and fun environment, with talented, diverse, and forward-thinking individuals.
What you will do
- Review, isolate, analyze, and reverse engineer vulnerabilities in open-source software
- Document attack capabilities
- Provide detection and remediation guidance
- Aid in ideas and prototypes for new tooling
- Collaborate with other team members toward shared product goals
- Improve Sonatype products by providing valuable security data
- Work with technology and business team members to define and refine requirements in an agile development environment
Required Qualifications
- Bachelor of Science Degree in Computer Science, Cybersecurity, Engineering, or related field; or at least 4 years of related work experience in lieu of a degree
- 1 - 3+ years experience in software development or application security
- Knowledge of Java, C#, or JavaScript
- Knowledge of application security such as the OWASP Top 10 or Sans 25
- Excellent oral and written communication skills
- Excellent organizational skills and detail oriented
- Ability to work independently and as part of a team
Desired Qualifications
- Knowledge of different languages such as Python, Ruby, and scripting is a plus
- Knowledge of different operating systems such as *NIX, Windows is a plus
- Application vulnerability assessment or penetration testing experience is a plus
- Knowledge of open source environments like GitHub is a plus
We are curious and constantly innovating without fear of failure. We are attacking a huge and emerging market and seeking remarkably talented individuals to join us on our journey.
Sonatype is proud to be an equal opportunity workplace and an affirmative action employer that is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.
At Sonatype, we value diversity and inclusivity. We offer perks such as parental leave, diversity, and inclusion working groups, and flexible working practices to allow our employees to show up as their whole selves. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.
#LI-Remote
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security C Computer Science GitHub Java JavaScript Malware Open Source OWASP Pentesting Python Ruby SANS Scripting Vulnerabilities Windows
Perks/benefits: Career development Flex hours Parental leave
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs