Security Researcher

Every day, the world gets more digital thanks to tens of millions of developers building the future faster than ever. But with exponential growth comes exponential risk, as outnumbered security teams struggle to secure mountains of code. This is where Snyk (pronounced “sneak”) comes in. Snyk is a developer security platform that makes it easy for development teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and cloud infrastructure — and do it all right from the start. Snyk is on a mission to make the world a more secure place by empowering developers to develop fast and stay secure.

Joining Snyk means embracing our core values: One Team, Care Deeply, Customer Centric, and Forward Thinking. As a member of our team, you’ll have the opportunity to thrive in a dynamic environment where fostering collaboration, leading with empathy, driving business impact, and inspiring trust are at the heart of everything we do.

Our Opportunity

We’re looking for a Security Researcher to join Snyk’s Rules Intelligence team and take part in research-led work developing rules for the Snyk Code SAST engine. We regularly look at new and emerging languages, technologies and frameworks to better model threats and vulnerabilities in source code, helping developers identify potential security vulnerabilities before their code reaches production. 

You’ll Spend Your Time:

• Writing security rules to detect known and unknown vulnerabilities using a proprietary language and built-for-purpose tooling. 
• Working closely with our Program Analysis and Machine Learning teams to shape our engine capabilities.
• Learning the mechanics of a programming language or a framework, including looking at best practices and common vulnerable patterns.
• Working with customers, understanding their pain points and challenges, and helping secure the world’s largest companies.
• Helping shape our product roadmap and driving innovation and guidance to the business with regards to up-and-coming security risks.
• Taking part in research endeavors (where applicable), contributing back to the security community and publishing written papers, i.e: https://snyk.io/blog/finding-yaml-injection-with-snyk-code/, https://snyk.io/blog/the-dangers-of-setattr-avoiding-mass-assignment/

What You’ll Need:

• Demonstrated experience and knowledge of Application Security Vulnerabilities.
• Proficiency with Python and/or Javascript, as well as some familiarity with OOP languages such as Java or C#.
• Interest in learning about the mechanics and inner workings of a language or a framework, and the ability to self-study highly technical concepts.
• A passion for cybersecurity, and a desire to contribute and be an active participant in the security community.

We’d be Lucky if You:

• Are experienced working with, developing, or using AppSec tools.
• Have experience programming or researching low-level languages and vulnerabilities.
• Are an active participant in “community efforts”, such as CTFs, bug-bounty programs or similar.
• Have experience researching and (responsibly) disclosing security vulnerabilities or any CVE/paper publications.

#LI-CR1

We care deeply about the warm, inclusive environment we’ve created and we value diversity – we welcome applications from those typically underrepresented in tech. If you like the sound of this role but are not totally sure whether you’re the right person, do apply anyway!

About Snyk

Snyk is committed to creating an inclusive and engaging environment where our employees can thrive as we rally behind our common mission to make the digital world a safer place. From Snyk employee resource groups, to global benefits that help our employees prioritize their health, wellness, financial security, and a work/life blend, we aim to support our employees along their entire journeys here at Snyk.