Snyk is hiring a

Security Researcher, SAST Group

Tel Aviv-Yafo, Israel

All roles listed as ‘remote’ are available as remote within the same country.

We are looking for a curious, analytical and detail-oriented analyst to join our team and help us uncover unknown vulnerabilities that exist in open source. 

The use of open source software is booming: technology is integral to almost every facet of our lives, and almost all software developers rely on open source components, but security is a key concern. Our product enables developers to continuously find & fix vulnerable dependencies, without slowing down development.

We’re proud of our industry-leading vulnerability database - it is the engine that powers our products. As part of our security team you’ll focus on growing and improving our knowledge of the vulnerabilities that exist in open source software.

Your Role

In modern software development, much of any project’s code relies on open source packages. These are out there in the world, visible for anyone, and within that code there are vulnerabilities. As part of our security team, you’ll join us on our mission to continually improve our ability to find these open source vulnerabilities in a programmatic way.

You’ll spend your time:

  • discovering potential vulnerabilities that haven’t yet been identified or ‘published’
  • using research to verify or disqualify potential vulnerabilities
  • building SAST rulesets to identify vulnerability types and frameworks
  • triaging vulnerabilities to identify the underlying vulnerable code and functionality
  • developing and testing theories and hypotheses around new areas that Snyk tackles
  • exploring and establishing the new abilities we need to develop our product to further achieve our mission

You should apply if:

  • You have experience working in the security space and researching vulnerabilities
  • You have 2+ years of experience working with SAST tooling and rulesets
  • You have experience PoCing vulnerabilities and dealing with vulnerability disclosures
  • You’re comfortable working with large datasets (we use BigQuery; ideally you’ll have used one of BigQuery, elasticsearch, kibana, hadoop etc.)
  • You love to automate your work, through writing your own scripts (we mainly use Python and JavaScript)
  • You’re excited about working in an area where we don’t even know what the answer looks like

We’d especially love to hear from you if you:

  • You have worked closely with Data Scientists in the past and have experience working with ML
  • You have experience using statistical tools to help answer research questions

Interested?

Please apply below! We care deeply about the warm, inclusive environment we’ve created and we value diversity - we welcome applications from those typically underrepresented in tech. If you like the sound of this role, but are not totally sure whether you’re the right person, do apply anyway :)

We are very happy to help you learn if you don't have previous experience with all of the subjects listed here - we believe curiosity, communication, and the ability to learn are most important.

Want to learn more about the role?

Read about the team’s mission and methodologies

Read about our open source vulnerability disclosure program

Read an example of how we find and disclose vulnerabilities

Read some of our research on HTTP Request Smuggling or breaking out of message brokers

About Snyk

Snyk’s mission is to help developers use open source code and stay secure.

The use of open source is booming, but security is a key concern (https://snyk.io/stateofossecurity/). Snyk’s unique product enables developers and enterprise security teams to continuously find & fix vulnerable dependencies without slowing down, offering seamless integration into Dev, DevOps and DevSecOps workflows. We care deeply about the quality and usefulness of the tools we develop, always focusing on our customers and users.

We are experiencing rapid growth - and we want you to join us! By September 2020, Snyk was already adopted by over 1.5M developers, including multiple enterprise customers (such as Google, New Relic, ASOS and others). Our September 2020 Series D funding round of $200M has put us at over $2.5Billion company valuation.

We believe open source software is a force for good, and we’re building Snyk to make it easier for developers who aren’t security experts to stay secure.

#LI-TO1

Apply for this job
Apply for this job

Looking for a job?

Security Researcher, SAST Group at Snyk looks great, right? We have dozens of similar job posts on our site, interested? Leave your email and we'll send the best matches.