Vulnerability Data Manager

Our Opportunity: 

We are looking for an experienced, analytical, and collaborative Open Source Vulnerability Data Manager to join our team and help us build the best DB of open source and container vulnerabilities out there.

In modern software development, much of any project's code relies on open source packages. These packages - often distributed in Linux containers - are visible for anyone and have vulnerabilities lurking in their code. As part of our Open Source group, you'll join us on our mission to continually improve our ability to find these open source and container vulnerabilities in a programmatic way. Every day new vulnerabilities and updates are published that require processing and triage in order to be added to the Snyk Vulnerability DB.

Your role will be to take charge of a team of security analysts who carry out this work. You’ll lead the effort of populating our DB, monitoring our workflows, and shaping our processes, to make sure we continue to have the most accurate, timely, innovative, and informative open source and container vulnerability DB in the market.

You’ll spend your time:

• Leading a dedicated team of security analysts that are responsible for the content and maintenance of our vulnerability DB.
• Establishing metrics and improvement targets for data quality, depth, and timeliness of delivery, then tracking and driving toward those targets.
• Setting high quality standards, ensuring the accuracy and consistency of our DB.
• Exploring new sources of security intelligence from open source repositories, Linux distributions, and AI-based services, for integration into our data.
• Supervising our industry-supporting participation as a verifier and facilitator of responsible vulnerability disclosures from 3rd parties and in-house researchers.
• Establishing the new abilities we need to develop to further our mission.
• Triaging and analyzing potential vulnerabilities discovered in open source dependencies.
• Using research to verify or disqualify potential vulnerabilities.
• Using data analysis techniques to answer research questions about vulnerabilities, and general threat intelligence trends.
• Directing machine learning models to find where vulnerabilities are most likely to exist using our unique database of verified vulnerabilities, information about how the open source community operates, and the static code itself.
• Collaborating closely with product managers to develop security intelligence data products to serve the needs of the Snyk platform.
• Working with users and Support staff to diagnose, prioritize, and address the needs of existing or prospective users.
• Guiding team members in developing specialized skills such as vulnerability analysis, exploit reproduction, data analysis, and responsible disclosure.

You should apply if:

• You have proven experience leading security operations or security R&D.
• You’ve led projects that depend on coordination between multiple teams.
• You're comfortable working with large datasets (we mainly use PostgreSQL, Snowflake, and Kafka).
• You have a passion for security and a solid background solving the problems that arise in the space.
• You have experience using statistical tools to help answer research questions.
• You love to automate your work by writing your own scripts (we use Python, JavaScript, and Go).
• You love learning new techniques and getting experience in new fields.

We’d especially love to hear from you if:

• You have worked with researchers before, ideally in the security space, or have conducted security research yourself.
• You have experience PoCing vulnerabilities and dealing with vulnerability disclosures.
• You have worked closely with data scientists in the past and have experience working with ML.

#LI-TF1