Vulnerability Researcher

SonarSource SA
Bochum DE, Geneva CH or Annecy FR
4T
Online bewerben
  • 05.06.2023
  • 100%
  • Fachverantwortung
  • Festanstellung

Vulnerability Researcher

Sonar’s industry-leading solution enables developers and development teams to write clean code and remediate existing code organically, so they can focus on the work they love and maximize the value they generate for businesses. Its open source and commercial solutions – SonarLint, SonarCloud, and SonarQube – support 30 programming languages. Trusted by more than 400,000 organizations globally, Sonar is considered integral to delivering better software.
The impact you can have
With your domain expertise and experience, you will shape an innovative Security R&D team at SonarSource. You will explore vulnerabilities and exploitation techniques that help to push our code analysis technology to the next level. By sharing your security research and findings with a worldwide community, you establish a reference of trust for code security and help developers to write clean code.
As a Vulnerability Researcher, you will
  • Have fun and learn with world-class security enthusiasts that share your passion and interest in web security
  • Uncover, discuss, exploit and report critical and complex vulnerabilities in popular open source web applications (see https://blog.sonarsource.com/tag/security/)
  • Research new and existing vulnerability types as well as exploitation techniques
  • Automate the detection of vulnerabilities in well-known applications by using our best-in-class code analysis technology 
  • Share your research and findings with the worldwide community by writing blog posts or presenting at international conferences
The skills you will demonstrate
  • You have a proven track record of code review to find critical security vulnerabilities in web applications
  • You have a deep understanding of major security vulnerability types, how to spot these in source code, and how to exploit them with different techniques
  • You have solid programming skills in at least one of the following languages: Java, JavaScript, C#, Python or PHP
  • You are passionate, creative, and methodical when auditing new source code autonomously and you can think outside the box
  • You care about professional and responsible disclosure of security vulnerabilities to the affected vendor
  • You are fluent in English, both written and spoken, and are able to explain complex security concepts in a structured and understandable way
  • Ideally, you already published your work in form of a blog post or conference presentation
Words from the team
The Security R&D team got established at SonarSource with the acquisition of RIPS Technologies. RIPS was known as a technology leader in static application security testing and for its in-depth web security research. At SonarSource, we are continuing these efforts to provide best-in-class technology and research with joint forces and knowledge.
Join us in this fun adventure and take a unique opportunity to learn and grow together!
Office location
This role is to be based in our office in Bochum, Germany. It can also be done in our office in Geneva, Switzerland or Annecy, France.
Why you will love it here
  • Safe work culture - we value respect, kindness, and the right to fail.
  • Flexible hours - we schedule our days in order to be effective at work, while also being able to enjoy life’s important moments.
  • Great people - we value people skills as much as technical skills and strive to keep things friendly and laid back. Still, that does not prevent us to be passionate leaders in our domains. Our 300+ SonarSourcers from 33 different nationalities can relate!
  • Work-life balance - keeping a healthy work-life balance is important. This is why we have a hybrid work policy and some people prefer working some days from home.
  • Always keep learning - in an ever-changing industry, learning new skills is a must, and we're happy to help our team to acquire them.
What we do
Sonar was started by a team of developers that wanted to change the way code is built in an agile development process. The company was created to develop the open-source tool SonarQube, which is now the standard in code quality management with over 350,000 instances deployed today. Every day we are focused on solving developers’ next big problem.
Who we are
At Sonar we believe in people, excellence, and delivery. We’re a team of problem solvers and overachievers who seek out others who are also passionate and relentless in their respective missions. We want to work with people who are ready to fasten their seat belts and be part of an incredible ride. We work hard not because we’re told to, but because we genuinely love what we do and do what we love. If there’s one main message we want you to remember about us, it’s that we push others to be best in class at whatever they do: choose your battle, innovate, take risks, and lead change. Join us; we’ll be smarter and stronger together.
If this sounds like you, apply now!