SonarSource is looking for a passionate Vulnerability Researcher who loves finding and exploiting 0-day vulnerabilities in popular open source web applications. You will be part of a new Research & Development team that promotes our thought leadership in security.
The impact you can have
With your domain expertise and experience you will shape an innovative Security R&D team at SonarSource. You will explore vulnerabilities and exploitation techniques that help to push our code analysis technology to the next level. By sharing your security research and findings with a world-wide community, you establish a reference of trust for code security and help developers to write secure code.
As a Vulnerability Researcher, you will
- Have fun and learn with world-class security enthusiasts that share your passion and interest for web security
- Uncover, discuss, exploit and report critical and complex vulnerabilities in popular open source web applications
- Research new and existing vulnerability types as well as exploitation techniques
- Automate the detection of vulnerabilities in well-known applications by using our best-in-class code analysis technology
- Share your research and findings with the world-wide community by writing blog posts or presenting at international conferences
The skills you will demonstrate
- You have 3+ years of experience in reviewing source code for critical security vulnerabilities (CTFs do count ;)
- You have a deep understanding of major security vulnerability types, how to spot these in source code, and how to exploit them with different techniques
- You are passionate, creative and persistent when auditing new source code and you can think outside the box
- You care about professional and responsible disclosure of security vulnerabilities to the affected vendor
- You are fluent in English, both written and spoken, and are able to explain complex security concepts in a structured and understandable way
Words from the team
The Security R&D team is a new team at SonarSource established after the acquisition of RIPS Technologies. RIPS was known as a technology leader in static application security testing and for its in-depth web security research (blog.ripstech.com). At SonarSource, we are continuing these efforts to provide best-in-class technology and research with joint forces and knowledge. Join us in this fun adventure and take a unique opportunity to learn and grow together!
This role is to be based in our office in Bochum, Germany. It can also be done in our office in Geneva, Switzerland or Annecy, France; or even remotely, on a case-by-case basis and in an European timezone.