Application Security Researcher

Why should I Apply:

At Sonar, we’re a group of brilliant, motivated, and driven professionals working hard to help organizations build responsible, secure, high-quality code quickly and systematically. We build solutions that don’t just solve symptoms of problems – we fix problems at the source – source code, to be specific.

We have a dynamic culture with employees worldwide and hub offices in the USA, Switzerland, the UK, Singapore, and Germany. We believe team members should have the opportunity to come to work every day, work on a product they are proud of, love what they do, and feel energized by their peers. With our roots deep in the open source community, we’re all about the mission: provide solutions that deliver Clean Code.

The impact you can have

As an Application Security Researcher, you play a central role in realizing our ambition to provide the best SAST solution on the market. Like us, you believe that application security is not the responsibility of a few experts and that developers can have the most significant impact when they get the correct information at the right time. 

As a member of the Code Security team, you decide what security issues the product should detect and how they materialize in various language ecosystems. You work closely with static analysis developers to specify, clarify, communicate, and validate all functional aspects of the security rules. 

You will be a trusted adviser to developers, able to provide meaningful code samples and specifications. This is a great way to directly impact the product and the way millions of developers produce code.

On a daily basis, you will

• Build expertise on various language ecosystems in order to identify the most common vulnerabilities that developers are facing.
• Investigate how these vulnerabilities materialize within the code.
• Define the security rules that will detect these vulnerabilities.
• Interact with our user community to clarify and turn this invaluable feedback into actions/decisions: like too noisy vulnerability detection rules or taint-analyzer reporting vulnerabilities without enough contextual information.
• Drive innovation to make our SAST engine even better.
• Study competitors and provide gap analyses.

The technical skills you will demonstrate

• Mastering application security basics, including knowing the most common vulnerabilities, how to locate vulnerabilities in the code, and how to exploit basic vulnerabilities. To be successful, you should be interested or involved in the application security ecosystem.
• Having a developer mindset: experience with coding lifecycle, ability to produce secure code, to do code reviews, and to jump into an unknown codebase, language, and framework.
• Master at least one programming language along with its development environment to understand end-users' context and expectations.

The soft skills you will demonstrate

• Strong communication skills, i.e. both listening and expressing constructive ideas.
• High level of autonomy and still accepting help and feedback from team members.
• Ability to work and communicate with non-security experts.

Nice to have

• Understanding of static analysis mechanisms.
• Ability to challenge rule implementation.
• Capability to bring a new field of expertise and convert it to additional value to the product.

Words from the team

We are a team of passionate people who enjoy learning from each other. Every day, we work to provide developers with the best rules and help them own the security of their code. Our team of over 50 developers, researchers, and scientists defines, develops, maintains, and tests security rules used by developers globally. 

We investigate how developers introduce vulnerabilities into their applications and tailor our security rules to the most common environments. Our team also addresses false positives in open-source projects. We are passionate about learning from each other and strive to equip developers with the best rules so they can take ownership of their code's security.

Why you will love it here:

• Our culture and mission set us apart. We have a dynamic work culture that values respect and kindness – and embraces the right to fail (and get right back up again!). We believe that the best idea wins and everyone has a voice.

• We believe that great people make a great company. We value people skills as much as technical skills and strive to keep things friendly and laid-back while still being passionate leaders in our domains. Our 550+ SonarSourcers from 33 different nationalities can relate!

• We embrace work-life balance. It is important to maintain a healthy work-life balance. This is why we have a flexible work policy that includes remote and in-office hybrid work (minimum three days a week in the office - Monday/Tuesday/Thursday).

• We have a growth mindset. We love to learn and believe that continuous education is critical to our success. In an ever-changing industry, new skills are a must, and we're happy to help our team acquire them.

We prioritize Diversity, Equity, and Inclusion:

At Sonar, we are a global workforce and recognize the value of different backgrounds, and global cultures.

We are committed to creating a diverse work environment and are proud to be an equal-opportunity employer. All qualified applicants will be considered for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

All offers of employment at Sonar are contingent upon the clear results of a comprehensive background check conducted prior to the start date.

Please note that applications submitted through agencies or third-party recruiters will not be considered.