Job Description:
Why Should You Apply?
We're a group of brilliant, motivated, and driven professionals working hard to help organizations build responsible, secure, high-quality code quickly and systematically. We build solutions that don't just solve symptoms of problems – we fix problems at the source – source code, to be specific.
We have a dynamic culture with employees worldwide and hub offices in the USA, Switzerland, the UK, Singapore, and Germany. We believe team members should have the opportunity to come to work every day, work on a product they are proud of, love what they do, and feel energized by their peers. With our roots deep in the open source community, we're all about the mission: provide solutions that deliver Clean Code.
The Impact You Can Have
As an Application Security Researcher, you play a central role in realizing our ambition to provide the best SAST solution on the market. Like us, you believe that application security is not the responsibility of a few experts and that developers can have the most significant impact when they get the correct information at the right time.
You decide what security issues the product should detect and how they materialize in various language ecosystems. You work closely with static analysis developers to specify, clarify, communicate, and validate all functional aspects of the security rules.
You will be a trusted adviser to developers, able to provide meaningful code samples and specifications. This is a great way to directly impact the product and the way millions of developers produce code.
On a Daily Basis, You Will:
* Build expertise on various language ecosystems in order to identify the most common vulnerabilities that developers are facing.
* Investigate how these vulnerabilities materialize within the code.
* Define the security rules that will detect these vulnerabilities.
* Interact with our user community to clarify and turn this invaluable feedback into actions/decisions: like too noisy vulnerability detection rules or taint-analyzer reporting vulnerabilities without enough contextual information.
* Drive innovation to make our SAST engine even better.
* Study competitors and provide gap analyses.
The Technical Skills You Will Demonstrate
* Mastering application security basics, including knowing the most common vulnerabilities, how to locate vulnerabilities in the code, and how to exploit basic vulnerabilities. To be successful, you should be interested or involved in the application security ecosystem.
* Having a developer mindset: experience with coding lifecycle, ability to produce secure code, to do code reviews, and to jump into an unknown codebase, language, and framework.
* Master at least one programming language along with its development environment to understand end-users' context and expectations.
The Soft Skills You Will Demonstrate
* Strong communication skills, i.e. both listening and expressing constructive ideas.
* High level of autonomy and still accepting help and feedback from team members.
* Ability to work and communicate with non-security experts.
Nice to Have
* Understanding of static analysis mechanisms.
* Ability to challenge rule implementation.
* Capability to bring a new field of expertise and convert it to additional value to the product.
Words from the Team
We are a team of passionate people who enjoy learning from each other. Every day, we work to provide developers with the best rules and help them own the security of their code. Our team of over 50 developers, researchers, and scientists defines, develops, maintains, and tests security rules used by developers globally.
We investigate how developers introduce vulnerabilities into their applications and tailor our security rules to the most common environments. Our team also addresses false positives in open-source projects. We are passionate about learning from each other and strive to equip developers with the best rules so they can take ownership of their code's security.
Why You Will Love It Here:
We prioritize Diversity, Equity, and Inclusion. We're a global workforce and recognize the value of different backgrounds and global cultures. We're committed to creating a diverse work environment and are proud to be an equal-opportunity employer. All qualified applicants will be considered for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.