Position: Associate

Job type: Full-time

Loading ...

Job content

SonarSource is looking for a passionate Vulnerability Researcher who loves finding and exploiting 0-day vulnerabilities in popular open source web applications. You will be part of a new Research & Development team that promotes our thought leadership in security.

The impact you can have

With your domain expertise and experience you will shape an innovative Security R&D team at SonarSource. You will explore vulnerabilities and exploitation techniques that help to push our code analysis technology to the next level. By sharing your security research and findings with a world-wide community, you establish a reference of trust for code security and help developers to write secure code.

As a Vulnerability Researcher, you will

Have fun and learn with world-class security enthusiasts that share your passion and interest for web security Uncover, discuss, exploit and report critical and complex vulnerabilities in popular open source web applications Research new and existing vulnerability types as well as exploitation techniques Automate the detection of vulnerabilities in well-known applications by using our best-in-class code analysis technology Share your research and findings with the world-wide community by writing blog posts or presenting at international conferences

The skills you will demonstrate

You have 3+ years of experience in reviewing source code for critical security vulnerabilities (CTFs do count ;) You have a deep understanding of major security vulnerability types, how to spot these in source code, and how to exploit them with different techniques You have solid programming skills in at least one of the following languages: Java, JavaScript, C#, Python or PHP You are passionate, creative and persistent when auditing new source code and you can think outside the box You care about professional and responsible disclosure of security vulnerabilities to the affected vendor You are fluent in English, both written and spoken, and are able to explain complex security concepts in a structured and understandable way

Words from the team

The Security R&D team is a new team at SonarSource established after the acquisition of RIPS Technologies. RIPS was known as a technology leader in static application security testing and for its in-depth web security research (blog.ripstech.com). At SonarSource, we are continuing these efforts to provide best-in-class technology and research with joint forces and knowledge. Join us in this fun adventure and take a unique opportunity to learn and grow together!

Office location

This role is to be based in our office in Bochum, Germany. It can also be done in our office in Geneva, Switzerland or Annecy, France; or even remotely, on a case-by-case basis and in an European timezone.
Loading ...
Loading ...

Deadline: 10-05-2024

Click to apply for free candidate

Apply

Loading ...
Loading ...

SIMILAR JOBS

Loading ...
Loading ...