AppSec Researcher
- Entreprise
- SonarSource SA
- Lieu
- Vernier
- Date de publication
- 12.01.2023
- Référence
- 4250017
Description
CDI - 100% - Immediate Entry
The skills you will demonstrate
Technical skills
-Mastering AppSec basics, including knowing most common vulnerabiliti es, how to locatevulnerabiliti es in the code, how to exploit basic vulnerabiliti es. To be successful, you shouldbe interested or involved in the application security ecosystem.
-Having a developer mindset: experience with coding lifecycle, ability to produce securecode, to do code reviews and to jump in an unknown codebase, language, framework.
-Master at least one programming language along with its development environment tounderstand end-users context and expectati ons.
Soft skills
-Strong communicati on skills, i.e. both listening and expressing constructi ve ideas.
-High level of autonomy and sti ll accepti ng help and feedback from team members.
-Ability to work and communicate with non-security experts.
Nice to have
-Understanding of stati c analysis mechanisms.
-Ability to challenge rule implementati on.
-Capability to bring a new fi eld of experti se and convert it to additi onal value to the product.
On a daily basis, you will
-Build expertise on various language ecosystems in order to identi fy the most commonvulnerabiliti es that developers are facing.
-Investigate how these vulnerabiliti es materialize within the code.
-Define the security rule that will detect these vulnerabiliti es.
-Analyze open-source projects and evaluate the results of the security rules.
-Interact with our user community to clarify and turn this invaluable feedback intoacti ons/decisions: like too noisy vulnerability detecti on rules or taint-analyzer reporti ngvulnerabiliti es without enough contextual information.
-Drive innovation to make our SAST engine even better.
-Study competitors and provide gap analysis.
The impact you can have
As an AppSec Researcher, you play a central role in realizing our ambiti on to provide the bestSAST soluti on on the market. Like us, you believe that applicati on security is not theresponsibility of a few experts and that developers can have the biggest impact when they getthe right informati on at the right ti me.
As a member of the AppSec team you decide what security issues the product should detectand how they materialize in various language ecosystems. You work closely with stati c analysisdevelopers to specify, clarify, communicate, and validate all functi onal aspects of the securityrules.
You will be a trusted adviser of developers, able to provide meaningful code samples andspecifi cati ons. This is a great way to have a direct impact on the product and so on the waymillions of developers produce code.
What we do
Sonar was started by a team of developers that wanted to change the way code is built in anagile development process. The company was created to develop the open-source toolSonarQube, which is now the standard in code quality management with over 350,000instances deployed today. Every day we are focused on solving developers’ next big problem.
If this sounds like you, apply now!
Candidature
Please use only this link to apply:
https://jobs.lever.co/sonarsource/4f9dbd7e-a5ee-4858-b526-56b2c671f9c4
When applying mention that you are registered as unemployed at the OCE.
Si vous postulez, n'oubliez pas de mentionner le fait, que vous êtes actuellement inscrit-e au chômage.
The skills you will demonstrate
Technical skills
-Mastering AppSec basics, including knowing most common vulnerabiliti es, how to locatevulnerabiliti es in the code, how to exploit basic vulnerabiliti es. To be successful, you shouldbe interested or involved in the application security ecosystem.
-Having a developer mindset: experience with coding lifecycle, ability to produce securecode, to do code reviews and to jump in an unknown codebase, language, framework.
-Master at least one programming language along with its development environment tounderstand end-users context and expectati ons.
Soft skills
-Strong communicati on skills, i.e. both listening and expressing constructi ve ideas.
-High level of autonomy and sti ll accepti ng help and feedback from team members.
-Ability to work and communicate with non-security experts.
Nice to have
-Understanding of stati c analysis mechanisms.
-Ability to challenge rule implementati on.
-Capability to bring a new fi eld of experti se and convert it to additi onal value to the product.
On a daily basis, you will
-Build expertise on various language ecosystems in order to identi fy the most commonvulnerabiliti es that developers are facing.
-Investigate how these vulnerabiliti es materialize within the code.
-Define the security rule that will detect these vulnerabiliti es.
-Analyze open-source projects and evaluate the results of the security rules.
-Interact with our user community to clarify and turn this invaluable feedback intoacti ons/decisions: like too noisy vulnerability detecti on rules or taint-analyzer reporti ngvulnerabiliti es without enough contextual information.
-Drive innovation to make our SAST engine even better.
-Study competitors and provide gap analysis.
The impact you can have
As an AppSec Researcher, you play a central role in realizing our ambiti on to provide the bestSAST soluti on on the market. Like us, you believe that applicati on security is not theresponsibility of a few experts and that developers can have the biggest impact when they getthe right informati on at the right ti me.
As a member of the AppSec team you decide what security issues the product should detectand how they materialize in various language ecosystems. You work closely with stati c analysisdevelopers to specify, clarify, communicate, and validate all functi onal aspects of the securityrules.
You will be a trusted adviser of developers, able to provide meaningful code samples andspecifi cati ons. This is a great way to have a direct impact on the product and so on the waymillions of developers produce code.
What we do
Sonar was started by a team of developers that wanted to change the way code is built in anagile development process. The company was created to develop the open-source toolSonarQube, which is now the standard in code quality management with over 350,000instances deployed today. Every day we are focused on solving developers’ next big problem.
If this sounds like you, apply now!
Candidature
Please use only this link to apply:
https://jobs.lever.co/sonarsource/4f9dbd7e-a5ee-4858-b526-56b2c671f9c4
When applying mention that you are registered as unemployed at the OCE.
Si vous postulez, n'oubliez pas de mentionner le fait, que vous êtes actuellement inscrit-e au chômage.
