Want Remote

Open Source Vulnerability Security Researcher - 100% Remote

Sonatype
Colombia - Remote /
Sonatype is the software supply chain management company. We're on a mission to change how the world innovates by making software development easier. From running the world's largest repository of Java open source components (Maven Central) to inventing componentized software development, and then software supply chain management, to creating the only solution that stops malicious open-source malware in its tracks, we're constantly leading the industry while helping thousands of customers manage open source every day.

Already used by 15 million developers, we have lofty goals for our technology to be in the hands of every engineering team. And, we need you to do that. Join us!

Learn more at www.sonatype.com.


Sonatype’s mission is to enable organizations to better manage their software supply chain.  We offer a series of products and services including the Nexus Repository Manager and Nexus Lifecycle Manager.

The Security Researcher will investigate and analyze vulnerabilities in open-source software.

Sonatype is looking for a passionate, driven and talented Security Researcher to provide high quality security data from researching software vulnerabilities.  This high quality security data ensures that our customers are getting maximum value out of our products making them feel like they are part of the Sonatype family.  If you are a positive-thinker and problem-solver and believe that customer success and company success go hand-in-hand, this is a great job for you.  This position will provide a valuable learning opportunity with great potential to grow your newly started career in cyber-security.  Enjoy your job as you work in a fast-paced, flexible, and fun environment, with talented, diverse, and forward-thinking individuals. 

What you will do

    • Review, isolate, analyze, and reverse engineer vulnerabilities in open-source software
    • Document attack capabilities
    • Provide detection and remediation guidance
    • Aid in ideas and prototypes for new tooling
    • Collaborate with other team members toward shared product goals
    • Improve Sonatype products by providing valuable security data
    • Work with technology and business team members to define and refine requirements in an agile development environment

Required Qualifications

    • Bachelor of Science Degree in Computer Science, Cybersecurity, Engineering, or related field; or at least 4 years of related work experience in lieu of a degree
    • 2+ years experience in software development or application security
    • Knowledge of Java, C#, or JavaScript
    • Knowledge of application security such as the OWASP Top 10 or Sans 25
    • Excellent oral and written communication skills
    • Excellent organizational skills and detail oriented
    • Ability to work independently and as part of a team

Desired Qualifications

    • Knowledge of different languages such as Python, Ruby, and scripting is a plus
    • Knowledge of different operating systems such as *NIX, Windows is a plus
    • Application vulnerability assessment or penetration testing experience is a plus
    • Knowledge of open source environments like GitHub is a plus

Things that we are proud of

    • 2022 Frost & Sullivan Technology Innovation Leader Award: Sonatype earned Frost & Sullivan’s 2022 Global Technology Innovation Leadership Award in Development and Operations (DevOps) Security.
    • NVTC 2022 Cyber Company of the Year: Sonatype was named Commercial Cyber Company of the Year and a Capital Cyber Award-winner by the Northern Virginia Technology Council (NVTC)
    • 2022 Annual Peer Award: Sonatype’s Nexus Lifecycle won a PeerSpot Silver Peer Award as a leading Enterprise Technology solution in the Software Composition Analysis category. 
    • 2022 Best in Biz Award: Sonatype CEO Wayne Jackson was recognized as a Silver Winner in the Best in Biz Awards' Executive of the Year category. 
    • Tech Ascension Awards: Sonatype was named the Best DevOps Security Solution for Nexus Lifecycle and Nexus Firewall (Software Composition Analysis).
    • BuiltIn Best Places to Work: Sonatype was named to the Washington DC 100 Best Places to Work list and Washington DC Best Midsize Places to Work list. 
    • Company Wellness Week - We shut down company operations for a week to enable all employees to spend time pursuing personal growth and enjoying much-needed and deserved rest. 
    • Diversity & Inclusion Working Groups
    • Parental Leave Policy
    • Paid Volunteer Time Off (VTO)
We are Sonatype, and we have assembled a world class team of employees, investors, and partners. We are proud to be recognized as a Deloitte Technology Fast 500 company for 2016. With more than 120,000 installations and counting, Nexus products are helping modern development organizations intelligently source, manage, assemble, and maintain open source and third-party components, so they can improve the quality, security, and speed of their software supply chains.

We are curious and constantly innovating without fear of failure. We are attacking a huge and emerging market and seeking remarkably talented individuals to join us on our journey.

Sonatype is proud to be an equal opportunity workplace and an affirmative action employer that is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.

At Sonatype, we value diversity and inclusivity. We offer perks such as parental leave, diversity, and inclusion working groups, and flexible working practices to allow our employees to show up as their whole selves. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.


#LI-Remote