Snyk is hiring a
Associate Security Researcher

Summary

The job is for an Associate Security Researcher at Snyk to work on research-led projects developing rules for the Snyk Code SAST engine. The role involves writing security rules, working with other teams, learning programming languages or frameworks, dealing with customer issues, independent research, blogging about research projects, and presenting research at conferences.

Requirements

• Proficiency with at least one high level programming language (such as Python, Javascript, Java, C#, Go) and an excitement for learning and diving into unfamiliar programming languages
• Experience taking part in CTF’s, bug-bounty programs or similar
• Enjoyment in hunting for security vulnerabilities through the wilds of open source software security
• Interest in learning about the mechanics and inner workings of a language or a framework
• Strong communication skills in English, spoken and written

Responsibilities

• Writing security rules to detect known and unknown vulnerabilities using a proprietary language and built-for-purpose tooling
• Working closely with other teams involved in Snyk Code related to Program Analysis and Machine Learning
• Learning the mechanics of a programming language or a framework, including looking at best practices and common vulnerable patterns
• Dealing with customer issues i.e. resolving false positive or false negative issues, to help cement our position as the most accurate tool in the market
• Taking part in independent research projects on research days and on a rotational basis
• Writing blog posts about the research projects, i.e: https://snyk.io/blog/finding-yaml-injection-with-snyk-code /, https://snyk.io/blog/the-dangers-of-setattr-avoiding-mass-assignment
• Performing exploratory research in order to better understand potential gaps in the system, or guide our way towards implementation of features
• Writing company blog posts about your work and accomplishments, and to deliver presentations to the technical community both inside of Snyk and externally
• Presenting your research at security working groups, conferences, and in publications

Preferred Qualifications

Have experience as a security analyst or researcher