Security Researcher

Every day, the world gets more digital thanks to tens of millions of developers building the future faster than ever. But with exponential growth comes exponential risk, as outnumbered security teams struggle to secure mountains of code. This is where Snyk (pronounced "sneak") comes in. Snyk is a developer security platform that makes it easy for development teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and cloud infrastructure — and do it all right from the start. Snyk is on a mission to make the world a more secure place by empowering developers to develop fast and stay secure. Joining Snyk means embracing our core values: One Team, Care Deeply, Customer Centric, and Forward Thinking. As a member of our team, you'll have the opportunity to thrive in a dynamic environment where fostering collaboration, leading with empathy, driving business impact, and inspiring trust are at the heart of everything we do. **Our Opportunity** We're looking for a Security Researcher to join Snyk's Rules Intelligence team and take part in research-led work developing rules for the Snyk Code SAST engine. We regularly look at new and emerging languages, technologies and frameworks to better model threats and vulnerabilities in source code, helping developers identify potential security vulnerabilities before their code reaches production. **You'll Spend Your Time**: - Writing security rules to detect known and unknown vulnerabilities using a proprietary language and built-for-purpose tooling. - Working closely with our Program Analysis and Machine Learning teams to shape our engine capabilities. - Learning the mechanics of a programming language or a framework, including looking at best practices and common vulnerable patterns. - Working with customers, understanding their pain points and challenges, and helping secure the world's largest companies. - Helping shape our product roadmap and driving innovation and guidance to the business with regards to up-and-coming security risks. **What You'll Need**: - Demonstrated experience and knowledge of Application Security Vulnerabilities. - Proficiency with Python and/or Javascript, as well as some familiarity with OOP languages such as Java or C#. - Interest in learning about the mechanics and inner workings of a language or a framework, and the ability to self-study highly technical concepts. - A passion for cybersecurity, and a desire to contribute and be an active participant in the security community. **We'd be Lucky if You**: - Are experienced working with, developing, or using AppSec tools. - Have experience programming or researching low-level languages and vulnerabilities. - Are an active participant in "community efforts", such as CTFs, bug-bounty programs or similar. - Have experience researching and (responsibly) disclosing security vulnerabilities or any CVE/paper publications. **About Snyk** Snyk is committed to creating an inclusive and engaging environment where our employees can thrive as we rally behind our common mission to make the digital world a safer place. From Snyk employee resource groups, to global benefits that help our employees prioritize their health, wellness, financial security, and a work/life blend, we aim to support our employees along their entire journeys here at Snyk. **Benefits & Programs**: Prioritize health, wellness, financial security, and life balance with programs tailored to your location and role. - Flexible working hours, work-from home allowances, in-office perks, and time off for learning and self development - Generous vacation and wellness time off, country-specific holidays, and 100% paid parental leave for all caregivers - Health benefits, employee assistance plans, and annual wellness allowance - Country-specific life insurance, disability benefits, and retirement/pension programs, plus mobile phone and education allowances