All roles listed as ‘remote’ are available as remote within the same country.
We are looking for a curious, analytical and detail-oriented analyst to join our team and help us uncover unknown vulnerabilities that exist in open source.
The use of open source software is booming: technology is integral to almost every facet of our lives, and almost all software developers rely on open source components, but security is a key concern. Our product enables developers to continuously find & fix vulnerable dependencies, without slowing down development.
We’re proud of our industry-leading vulnerability database - it is the engine that powers our products. As part of our security team you’ll focus on growing and improving our knowledge of the vulnerabilities that exist in open source software.
In modern software development, much of any project’s code relies on open source packages. These are out there in the world, visible for anyone, and within that code there are vulnerabilities. As part of our security team, you’ll join us on our mission to continually improve our ability to find these open source vulnerabilities in a programmatic way.
You’ll spend your time:
- discovering potential vulnerabilities that haven’t yet been identified or ‘published’
- using research to verify or disqualify potential vulnerabilities
- building SAST rulesets to identify vulnerability types and frameworks
- triaging vulnerabilities to identify the underlying vulnerable code and functionality
- developing and testing theories and hypotheses around new areas that Snyk tackles
- exploring and establishing the new abilities we need to develop our product to further achieve our mission
You should apply if:
- You have experience working in the security space and researching vulnerabilities
- You have 2+ years of experience working with SAST tooling and rulesets
- You have experience PoCing vulnerabilities and dealing with vulnerability disclosures
- You’re comfortable working with large datasets (we use BigQuery; ideally you’ll have used one of BigQuery, elasticsearch, kibana, hadoop etc.)
- You’re excited about working in an area where we don’t even know what the answer looks like
We’d especially love to hear from you if you:
- You have worked closely with Data Scientists in the past and have experience working with ML
- You have experience using statistical tools to help answer research questions
Please apply below! We care deeply about the warm, inclusive environment we’ve created and we value diversity - we welcome applications from those typically underrepresented in tech. If you like the sound of this role, but are not totally sure whether you’re the right person, do apply anyway :)
We are very happy to help you learn if you don't have previous experience with all of the subjects listed here - we believe curiosity, communication, and the ability to learn are most important.
Want to learn more about the role?
Read about the team’s mission and methodologies
Read about our open source vulnerability disclosure program
Read an example of how we find and disclose vulnerabilities
We’re on a mission to make the world a safer place with more secure software.
We’re living in a world of digital transformation that is turning ever more industries into a software-development industry. Cyber security is taking centre stage for many companies, and demand for Snyk’s product is sky-rocketing!
Snyk has already been adopted by over 2.2M developers, including multiple leading enterprise customers such as Google, Salesforce and Intuit, who are using Snyk to find and fix vulnerabilities in their open source libraries and container images, empowering them to develop secure software, faster.
In March of 2021, we raised $300M in Series E funding at a $4.7 billion company valuation, just after securing an additional $200M in Series D funding in September 2020, and successfully closing two strategic acquisitions. On top of that, we doubled the size of our global team, and we’re not stopping there!
We believe open source software is a force for good, and we’re building Snyk to make it easier for developers who aren’t security experts to stay secure. Join us!