Security Scientist

Job content

SonarSource is looking for an ingenious Security Scientist who loves to explore ways to automate the detection and verification of security vulnerabilities in source code. You will be part of a new Research & Development team that drives the innovation of our security analysis products.

The impact you can have

With your domain expertise and experience you will shape an innovative Security R&D team at SonarSource. You will explore state-of-the-art approaches and new ideas that help to push our code analysis technology beyond the limits. By implementing and testing visionary prototypes, you are preparing the next generation of our cutting-edge code analyzers that are used by millions of developers around the globe.

As a Security Scientist, you will

Have fun in a creative team that shares your passion and interest for security automation Identify, measure and discuss limitations and drawbacks of our current implementations Stay up-to-date with the latest academic research and industry trends related to automated detection of code vulnerabilities Experiment with existing or new algorithms and prototypes to evaluate their potential of solving real problems and satisfying additional customer needs Innovate by inventing new, creative analysis techniques that will advance our technology and the industry’s state-of-the-art Develop proof of concept implementations that are feasible in practice and applicable to our products

The skills you will demonstrate

You received a doctorate or master’s degree in computer science or a related field where you studied theoretical aspects of programming languages You have hands-on experience with formal methods used for static or data-driven static program analysis (e.g., data flow analysis, taint analysis, symbolic execution, machine learning, etc.) You have a solid understanding of the concept behind taint-style vulnerabilities in applications’ code You have solid programming skills for prototype implementation, preferably in Java You are creative and passionate about automating the detection of security vulnerabilities You can think outside the box and turn abstract, theoretical ideas into practical, feasible solutions for our product users You are fluent in English, both written and spoken, and are able to understand and explain complex technical and scientific topics

Words from the team

The Security R&D team is a new team at SonarSource established after the acquisition of RIPS Technologies. RIPS was known as a technology leader in static application security testing and for its fast and accurate SAST approach. With joint forces and tech expertise at SonarSource, we continue to provide the leading security products for developers. Join us in this fun adventure and take a unique opportunity to help build the best SAST engines in the world!

Office location

This role is to be based in our office in Bochum, Germany. It can also be done in our office in Geneva, Switzerland or Annecy, France; or even remotely, on a case-by-case basis and in an European timezone.