Staff Security Researcher
Every day, the world gets more digital thanks to tens of millions of developers building the future faster than ever. But with exponential growth comes exponential risk, as outnumbered security teams struggle to secure mountains of code. This is where Snyk (pronounced “sneak”) comes in. Snyk is a developer security platform that makes it easy for development teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and cloud infrastructure — and do it all right from the start. Snyk is on a mission to make the world a more secure place by empowering developers to develop fast and stay secure.
We’re looking for an experienced Staff Security Researcher to join Snyk’s Research Group and take part in leading research projects in Open Source libraries, SAST, Containers, Infrastructure as Code and Cloud domains and products.
We’re proud of our industry-leading vulnerability database – it is the engine that powers our products. So far we’ve focussed on combining a growing automated pipeline tool with the hard work of our smart, diligent security analysts, and our own research, which you’ll help us grow.
We pride ourselves on fostering a collaborative and friendly team. We encourage all engineers to write company blog posts about their work and accomplishments, and to deliver presentations to the technical community. We’ll support you to present your research at security working groups, conferences, and in publications.
As the company and team grow, you'll have the opportunity to build and grow the security labs team, scaling up as our company hits its next stage of growth.
You’ll Spend Your Time:
- Researching and discovering vulnerabilities (0-days), conducting PoCs and participating in blog post write ups. See Gitpod, SourMint, Zip Slip and VS Code as examples
- Discovering novel threats & techniques which impact modern applications (cloud, modern stacks, serverless, etc)
- Building innovative, hi-scale infrastructure for automatic vulnerabilities hunting
- Working directly with leading open source maintainers and vendors to disclose new security issues and help secure their products
- Maintaining your knowledge in a specialized area of research, through engaging with the broader security community, attend meetups and conferences, and reading widely
What You’ll Need:
- An appetite for hunting for security vulnerabilities through the wilds of open source software security
- Experience leading complex Research projects
- A deep experience in the application security field, including a strong understanding of major vulnerabilities like XSS, CSRF, SQL Injection, Deserialization, RCE and so on
- A passion for security and a desire to contribute to the community
We’d be Lucky if You:
- Have hands-on software development experience and a passion to build things from scratch
- Have knowledge of static and dynamic application security testing (SAST and DAST)
- Previously have been responsible for Penetration testing
- Are passionate about security and want to contribute to the community
We care deeply about the warm, inclusive environment we’ve created and we value diversity – we welcome applications from those typically underrepresented in tech. If you like the sound of this role but are not totally sure whether you’re the right person, do apply anyway!
Snyk is committed to creating an inclusive and engaging environment where our employees can thrive as we rally behind our common mission to make the digital world a safer place. From Snyk employee resource groups, to global benefits that help our employees prioritize their health, wellness, financial security, and a work/life blend, we aim to support our employees along their entire journeys here at Snyk.
Benefits & Programs
Prioritize health, wellness, financial security, and life balance with programs tailored to your location and role.
- Flexible working hours, work-from home allowances, in-office perks, and time off for learning and self development
- Generous vacation and wellness time off, country-specific holidays, and 100% paid parental leave for all caregivers
- Health benefits, employee assistance plans, and annual wellness allowance
- Country-specific life insurance, disability benefits, and retirement/pension programs, plus mobile phone and education allowances
Something looks off?