Listing Description

We are looking for a Vulnerability Researcher to join our Security Intelligence team to analyze known vulnerabilities and discover unknown vulnerabilities. Our scope is open source packages, including those distributed by the largest Linux distributions.

Your Role

In modern software development, much of any project's code relies on open source packages. These are out there in the world, visible for anyone; and within that code there are vulnerabilities. As part of our security intelligence team, you'll join us on our mission to continuously provide actionable analysis of these vulnerabilities that can be used by developers and security professionals.

You'll join our interdisciplinary security intelligence team, alongside fully dedicated engineers focused on building tools that make your work more effective, and have lots of opportunities to learn and grow. This role is particularly well-suited to candidates with a deep understanding of how code works, and over time you'll have the opportunity to work with a wide variety of  programming languages. You can read in depth about the way the team’s data are used as the basis for the leading software security platform on Snyk’s blog.

You’ll spend your time:

• Triaging and analyzing potential vulnerabilities discovered in open source dependencies


• Further researching known vulnerabilities to determine characteristics such as severity and exploitability


• Verifying or disqualifying potential vulnerabilities via hands-on research


• Assessing and building in new vulnerability sources


• Cross-pollinating security knowledge and techniques with group members to keep the learning flowing  


• Exploring the new abilities we need to develop our data products to further our mission


• Developing and testing new ways to improve the team’s workflows

You should apply if:

• You have a passion for security and the exploitation problem space


• You have experience navigating open source codebases and package managers


• You love learning new techniques and getting experience in new fields


• You're comfortable working with quantitative data tools - including SQL, NoSQL, Python notebooks, pandas


• You have good mastery of written and spoken English expression

We’d especially love to hear from you if:

• You have worked with researchers before, ideally in the security space or have conducted security research yourself


• You have experience reproducing vulnerabilities and processing responsible vulnerability disclosures


• You’ve analyzed data before using quantitative/statistical techniques, employing purpose-built tools to come to valid data-based conclusions


• You love to automate your work by writing scripts or adopting new technologies

Interested?

Please apply below! We care deeply about the warm, inclusive environment we’ve created and we value diversity - we welcome applications from those typically underrepresented in tech. If you like the sound of this role, but are not totally sure whether you’re the right person, do apply anyway :)

About Snyk

Snyk’s mission is to help developers and enterprises develop fast and stay secure. 

The use of open source is booming, but security is a key concern. Snyk’s unique platform enables developers and enterprise security teams to continuously find & fix vulnerable dependencies without slowing down, offering seamless integration into Dev, DevOps, and DevSecOps workflows. We care deeply about the quality and usefulness of the tools we develop, always focusing on our customers and users. 

We believe open-source software is a force for good, and we’re building Snyk to make it easier for developers who aren’t security experts to stay secure.