Details of the offer for Static Code Analyzer - Security Researcher about r-d at SonarSource in Genève

The impact you can have

As a Security Researcher, you play a central role to realise our ambition to provide the best SAST solution of the market. None of the existing solutions have already managed to get some adoption by developers. And so none of them have managed to really help development teams to deliver more secure applications. That’s the challenge to face. To fulfill this mission, you’ll be able to especially rely on a state-of-the-art taint-analyzer and on a brand new concept of Security Hotspots. Those Security Hotspots are particularly useful to highlight all the security-sensitive pieces of code while providing some educational material to developers.As a member of our development team, you work closely with the developers to specify, clarify, communicate, and validate all functional aspects.

On a daily basis, you will

  • Clean, update and feed a backlog of Security Vulnerabilities and Hotspots on more than 20 programming languages
  • Interact with our user community by email, clarify and turn into actions/decisions this invaluable feedback: like too noisy vulnerability detection rules or taint-analyzer reporting vulnerabilities without enough contextual information
  • Validate the behavior of new rules
  • Promote the new Security features with product news, blog entries and other communication channels

The skills you will demonstrate

  • Master at least one programming language along with its development environment to understand end-users context and expectations. Having a developer background is a prerequisite
  • Good background in Application Security based for instance on a past experience in code review or penetration testing
  • Good understanding of the Application Security market: OWASP TOP 10, MITRE CWE/CVE, SANS TOP 25, SAST, DAST, SCA, …
  • Strong influencing skills and natural leadership
  • Ability to support context-switching
  • Self-confident enough to challenge the status quo as well as be challenged
  • Open-minded and very positive can-do attitude

What we do

SonarSource was started by a team of developers that wanted to change the way code is built in an agile development process. The company was created to develop the open source tool SonarQube, which is now the standard in code quality management with over 85,000 instances deployed today. Every day we are focused on solving developers’ next big problem.

Who we are

At SonarSource we believe in people, excellence, and delivery. We’re a team of problem solvers and overachievers who seek out others who are also passionate and relentless in their respective missions. We want to work with people who are ready to fasten their seat belts and be part of an incredible ride. We work hard not because we’re told to, but because we genuinely love what we do and do what we love. If there’s one main message we want you to remember about us, it’s that we push others to be best in class at whatever they do: choose your battle, innovate, take risks, and lead change. Join us; we’ll be smarter and stronger together.

Why you will love it here

  • You will be given ownership and challenges, team support and encouragement to help you hit your personal goals
  • You will have the opportunity to be a leader in your domain
  • You will have a concrete impact on a fast-growing company
  • You will enjoy working as part of a casual, fun and passionate team
  • You will meet and work with a talented and diverse team of 85+ professionals from 18 different nationalities
  • You will enjoy the passion and drive of a start-up with big-company events and benefits