Senior Security Researcher - Applications - 100% Remote - US United States - Remote
We are 350+ employees from diverse backgrounds, that hail from more than 50 countries, and speak 15 languages. But, we all share one thing in common: we’re passionate about accelerating software innovation. Our vision is to put Nexus products at the center of every open source decision made by modern engineering organizations. We’re one of the fastest growing tech companies in America and have been named both a Deloitte Fast 500 and Inc. 5000 company three years in a row. We pride ourselves on being an open and supportive company, which is why we were named to Fast Company’s list of 50 Best Workplaces for Innovators in 2019. Learn more at www.sonatype.com.
The Senior Security Researcher will investigate and analyze vulnerabilities in open-source software.
Sonatype is looking for a passionate, driven and talented developer to provide high quality security data from researching software vulnerabilities. This is not a development position but relies on development experience to help navigate complex architectures and threat vectors in open source software. This high quality security data ensures that our customers are getting maximum value out of our products making them feel like they are part of the Sonatype family.
If you are a positive-thinker and problem-solver and believe that customer success and company success go hand-in-hand, this is a great job for you. This position will provide a valuable learning opportunity with great potential to grow your newly started career in cyber-security. Enjoy your job as you work in a fast-paced, flexible, and fun environment, with talented, diverse, and forward-thinking individuals.
Key Areas of Focus
- Review, isolate, analyze, and reverse engineer vulnerabilities in open-source software
- Document attack capabilities
- Provide detection and remediation guidance
- Aid in ideas and prototypes for new tooling
- Collaborate with other team members toward shared product goals
- Improve Sonatype products by providing valuable security data
- Work with technology and business team members to define and refine requirements in an agile development environment
- Currently reside in either Canada or the United States of America and are legally authorized to work without sponsorship in the corresponding country.
- Excellent oral and written communication skills
- Excellent organizational skills and detail oriented
- Ability to work independently and as part of a team
- Bachelor of Science Degree in Computer Science, Cybersecurity, Engineering, or related field
- Knowledge of application security such as the OWASP Top 10 or Sans 25
- Knowledge of different languages such as Python, Ruby, and scripting
- Knowledge of different operating systems such as *NIX, Windows
- Application vulnerability assessment or penetration testing experience
- Knowledge of open source environments like Github is a plus
What We Offer:
- The opportunity to be part of an incredible, high-growth company, working on a team of experienced colleagues
- Competitive salary package
- Medical/Dental/Vision benefits
- Business casual dress
- Flexible work schedules that ensure time for you to be you
- 2019 Best Places to Work Washington Post and Washingtonian
- 2019 Wealthfront Top Career Launch Company
- EY Entrepreneur of the Year 2019
- Fast Company Top 50 Companies for Innovators
- Glassdoor ranking of 4.9
- Come see why we've won all of these awards
Sonatype is proud to be an equal opportunity workplace and an affirmative action employer that is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know