Application Security Researcher
Application Security Researcher
Posted on :
11-04-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Why should I Apply:
At Sonar were a group of brilliant motivated and driven professionals working hard to help organizations build responsible secure highquality code quickly and systematically. We build solutions that dont just solve symptoms of problems we fix problems at the source source code to be specific.
We have a dynamic culture with employees worldwide and hub offices in the USA Switzerland the UK Singapore and Germany. We believe team members should have the opportunity to come to work every day work on a product they are proud of love what they do and feel energized by their peers. With our roots deep in the open source community were all about the mission: provide solutions that deliver Clean Code.
The impact you can have
As an Application Security Researcher you play a central role in realizing our ambition to provide the best SAST solution on the market. Like us you believe that application security is not the responsibility of a few experts and that developers can have the most significant impact when they get the correct information at the right time.
As a member of the Code Security team you decide what security issues the product should detect and how they materialize in various language ecosystems. You work closely with static analysis developers to specify clarify communicate and validate all functional aspects of the security rules.
You will be a trusted adviser to developers able to provide meaningful code samples and specifications. This is a great way to directly impact the product andthe way millions of developers produce code.
On a daily basis you will
- Build expertise on various language ecosystems in order to identify the most common vulnerabilities that developers are facing.
- Investigate how these vulnerabilities materialize within the code.
- Define the security rules that will detect these vulnerabilities.
- Interact with our user community to clarify and turn this invaluable feedback into actions/decisions: like too noisy vulnerability detection rules or taintanalyzer reporting vulnerabilities without enough contextual information.
- Drive innovation to make our SAST engine even better.
- Study competitors and provide gap analyses.
The technical skills you will demonstrate
- Mastering application security basics including knowing the most common vulnerabilities how to locate vulnerabilities in the code and how to exploit basic vulnerabilities. To be successful you should be interested or involved in the application security ecosystem.
- Having a developer mindset: experience with coding lifecycle ability to produce secure code to do code reviews and to jump into an unknown codebase language and framework.
- Master at least one programming language along with its development environment to understand endusers context and expectations.
The soft skills you will demonstrate
- Strong communication skills i.e. both listening and expressing constructive ideas.
- High level of autonomy and still accepting help and feedback from team members.
- Ability to work and communicate with nonsecurity experts.
Nice to have
- Understanding of static analysis mechanisms.
- Ability to challenge rule implementation.
- Capability to bring a new field of expertise and convert it to additional value to the product.
Words from the team
We are a team of passionate people who enjoy learning from each other. Every day we work to provide developers with the best rules and help them own the security of their code. Our team of over 50 developers researchers and scientists defines develops maintains and tests security rules used by developers globally.
We investigate how developers introduce vulnerabilities into their applications and tailor our security rules to the most common environments. Our team also addresses false positives in opensource projects. We are passionate about learning from each other and strive to equip developers with the best rules so they can take ownership of their codes security.
Why you will love it here:
Our culture and mission set us apart. We have a dynamic work culture that values respect and kindness and embraces the right to fail (and get right back up again!. We believe that the best idea wins and everyone has a voice.
We believe that great people make a great company. We value people skills as much as technical skills and strive to keep things friendly and laidback while still being passionate leaders in our domains. Our 550 SonarSourcers from 33 different nationalities can relate!
We embrace worklife balance. It is important to maintain a healthy worklife balance. This is why we have a flexible work policy that includes remote and inoffice hybrid work (minimum three days a week in the office Monday/Tuesday/Thursday).
We have a growth mindset. We love to learn and believe that continuous education is critical to our success. In an everchanging industry new skills are a must and were happy to help our team acquire them.
We prioritize Diversity Equity and Inclusion:
At Sonar we are a global workforce and recognize the value of different backgrounds and global cultures.
We are committed to creating a diverse work environment and are proud to be an equalopportunity employer. All qualified applicants will be considered for employment without regard to race colour religion gender gender identity or expression sexual orientation national origin genetics disability age or veteran status.
All offers of employment at Sonar are contingent upon the clear results of a comprehensive background check conducted prior to the start date.
Please note that applications submitted through agencies or thirdparty recruiters will not be considered.
Employment Type
Full-Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
