We’re looking for a passionate hacker to join our application security team to help Snyk be a secure product.
You will be relied upon to provide engineering and product teams with the security expertise necessary to make confident product decisions. Initially you will be part of Snyk’s infrastructure team, however app-sec will grow to its own team over the course of next year.
You will report to the Snyk’s Chief Architect and work closely with Snyk’s Chief Security Officer and architecture team.
You’ll spend your time:
- revealing potential weaknesses in our product and then crafting creative solutions to eliminate those weaknesses.
- managing our bug bounty program, and researching any reported or suspected application vulnerabilities
- developing secure programming & secure design principles, and training developers, architects, code reviewers, and others on secure coding practices
- serving as the subject matter expert for Application Security, providing guidance to Engineering and Product teams
- designing and implementing SDLC practices including code reviews, static/dynamic code analysis and vulnerability assessments
- assisting in developing security related libraries used in our environment
- Providing security guidance on a constant stream of new products and technologies
- leading internal engineering security and privacy initiatives
We are distributed across four offices in London, Tel Aviv, Boston and Ottawa, with 10% of the company working fully-remote. We’ve made an organizational commitment to building a strong, effective, distributed company: we form teams across multiple offices wherever possible, and we invest in communication so that we can benefit from each others’ perspectives. As well as an always-on webcam so we can see what’s happening in each office, we make heavy use of video calls, Slack, and some inter-office travel.
You should apply if you:
- have a B.S. or M.S. Computer Science or a related field, or equivalent experience
- are experienced ensuring security and privacy on the internet
- have experience with an interpreted programming language
- are knowledgeable in internet security issues
- are a clear and proactive communicator
We’d especially love to hear from you if you:
- have 5+ years of AppSec experience
- have an expert level understanding of modern web technologies, and web application security
- have thorough understanding of OWASP Top 10 vulnerabilities and corresponding best practices for mitigation
- have prior experience securing large-scale web applications, including performing security code reviews, vulnerability assessments, and manual testing for logic flaws
- participate in Bug Bounty Programs / Security Research
- are experienced with threat modeling of web applications
- have experience with BurpSuite Pro and dynamic application scanning tools
Please apply below! We care deeply about the warm, inclusive environment we’ve created and we value diversity - we welcome applications from those typically underrepresented in tech. If you like the sound of this role, but are not totally sure whether you’re the right person, do apply anyway :)
Snyk’s mission is to help developers use open source code and stay secure.
The use of open source is booming, but security is a key concern (https://snyk.io/stateofossecurity/). Snyk’s unique product enables developers and enterprise security teams to continuously find & fix vulnerable dependencies without slowing down, offering seamless integration into Dev, DevOps and DevSecOps workflows. We care deeply about the quality and usefulness of the tools we develop, always focusing on our customers and users.
We are experiencing rapid growth - and we want you to join us! By the end of Q3 2019 alone, Snyk was already adopted by over 450,000 developers, and including multiple enterprise customers (such as Google, New Relic, ASOS and others). We also raised an additional 70m, announced September 10, 2019, from investors such as Accel, GV and Boldstart, demonstrating that they are as excited as we are by Snyk’s progress and potential.