Senior Security Researcher - Applications

Sonatype


1 month ago

02/09/2020 10:22:57

Job type: Full-time

Hiring from: Canada

lever

Category: Software Development


The Senior Security Researcher will investigate and analyze vulnerabilities in open-source software.

Sonatype is looking for a passionate, driven and talented developer to provide high quality security data from researching software vulnerabilities.  This is not a development position but relies on development experience to help navigate complex architectures and threat vectors in open source software. This high quality security data ensures that our customers are getting maximum value out of our products making them feel like they are part of the Sonatype family.  

If you are a positive-thinker and problem-solver and believe that customer success and company success go hand-in-hand, this is a great job for you. This position will provide a valuable learning opportunity with great potential to grow your newly started career in cyber-security. Enjoy your job as you work in a fast-paced, flexible, and fun environment, with talented, diverse, and forward-thinking individuals.

Key Areas of Focus
  • Review, isolate, analyze, and reverse engineer vulnerabilities in open-source software
  • Document attack capabilities
  • Provide detection and remediation guidance
  • Aid in ideas and prototypes for new tooling
  • Collaborate with other team members toward shared product goals
  • Improve Sonatype products by providing valuable security data
  • Work with technology and business team members to define and refine requirements in an agile development environment
  • Currently reside in either Canada or the United States of America and are legally authorized to work without sponsorship in the corresponding country.

Required Background
  • 5+ years of experience in application security or development experience in Java, C#, Python, JavaScript, C/C++ or Ruby
  • Excellent oral and written communication skills
  • Excellent organizational skills and detail oriented
  • Ability to work independently and as part of a team

Desired Background
  • Bachelor of Science Degree in Computer Science, Cybersecurity, Engineering, or related field
  • Knowledge of application security such as the OWASP Top 10 or Sans 25
  • Knowledge of different languages such as Python, Ruby, and scripting
  • Knowledge of different operating systems such as *NIX, Windows
  • Application vulnerability assessment or penetration testing experience
  • Knowledge of open source environments like Github is a plus

What We Offer:
  • The opportunity to be part of an incredible, high-growth company, working on a team of experienced colleagues
  • Competitive salary package
  • Medical/Dental/Vision benefits
  • Business casual dress
  • Flexible work schedules that ensure time for you to be you
  • 2019 Best Places to Work Washington Post and Washingtonian
  • 2019 Wealthfront Top Career Launch Company
  • EY Entrepreneur of the Year 2019
  • Fast Company Top 50 Companies for Innovators
  • Glassdoor ranking of 4.9
  • Come see why we've won all of these awards

We are 300 employees from diverse backgrounds, that hail from 50 countries, and speak 15 languages. But, we all share one thing in common: we’re passionate about accelerating software innovation. Our vision is to put Nexus products at the center of every open source decision made by modern engineering organizations.  We’re one of the fastest growing tech companies in America and have been named both a Deloitte Fast 500 and Inc. 5000 company three years in a row. We’re backed by world class investors including TPG, Goldman Sachs, Accel Partners, and HWVP.  Learn more at www.sonatype.com.
 
Sonatype is proud to be an equal opportunity workplace and an affirmative action employer that is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know

Please mention that you come from Remotive when applying for this job.

Help us maintain Remotive! If this link is broken, please just click to report dead link!

similar jobs

  • Thorn (US only - East Coast Preferred)
    1 week ago

    Thorn is a non-profit focused on building technology to defend children from sexual abuse. Working at Thorn gives you the opportunity to apply your skills, expertise and passions to directly impact the lives of vulnerable and abused children. Our staff solves dynamic, quickly evolving problems with our network of partners from tech companies, NGOs, and law enforcement agencies. If you are able to bring clarity to complexity and lightness to heavy problems, you could be a great fit for our team.

    Earlier this year, we took the stage at TED and shared our audacious goal of eliminating child sexual abuse material from the internet. A key aspect of our work is partnering with the National Center for Missing & Exploited Children and building technology to optimize the broader ecosystem combating online child sexual abuse.

    What You'll Do

    • Collaborate with other engineers on your team to build a data pipeline and client application from end-to-end.

    • Prototype, implement, test, deploy, and maintain stable data engineering solutions.

    • Work closely with the product manager and engineers to define product requirements.

    • Present possible technical solutions to various stakeholders, clearly explaining your decisions and how they address real user needs, incorporating feedback in subsequent iterations.

    Skills We're Seeking

    • You have a commitment to putting the children we serve at the center of everything you do.

    • You have proficient software development knowledge, with experience building, growing, maintaining a variety of products, and a love for creating elegant applications using modern technologies.

    • You’re experienced with devops (Docker, AWS, microservices) and can launch and maintain new services.

    • You are experienced with distributed data storage systems/formats such as MemSQL, Snowflake, Redshift, Druid, Cassandra, Parquet, etc.

    • You have worked with real-time systems using various open source technologies like Spark, MapReduce, NoSQL, Hive, etc.

    • You have knowledge in data modeling, data access, and data storage techniques for big data platforms.

    • You have an ability and interest in learning new technologies quickly.

    • You can work with shifting requirements and collaborate with internal and external stakeholders.

    • You have experience prototyping, implementing, testing, and deploying code to production.

    • You have a passion for product engineering and an aptitude to work in a collaborative environment, can demonstrate empathy and strong advocacy for our users, while balancing the vision and constraints of engineering.

    • You communicate clearly, efficiently, and thoughtfully. We’re a highly-distributed team, so written communication is crucial, from Slack to pull requests to code reviews.

    Technologies We Use

    You should have experience with at least a few of these, and a desire and ability to learn the rest.

    • Python

    • Elasticsearch / PostgreSQL

    • AWS / Terraform

    • Docker / Kubernetes

    • Node / Typescript

  • Close (American or European timezones)
    3 weeks ago

    About Us

    At Close, we're building the sales communication platform of the future. With our roots as the very first sales CRM to include built-in calling, we're leading the industry toward eliminating manual processes and helping companies to close more deals (faster). Since our founding in 2013, we've grown to become a profitable, 100% globally distributed team of 43 high-performing, happy people that are dedicated to building a product our customers love.

    Our backend tech stack currently consists of Python Flask/Gunicorn web apps with our TaskTiger scheduler handling many of the backend asynchronous task processing. Our data stores include MongoDB, Postgres, Elasticsearch, and Redis. The underlying infrastructure runs on AWS using a combination of managed services like RDS and ElasticCache and non-managed services running on EC2 instances. All of our compute runs through CI/CD pipelines that build Docker images, run automated tests and deploy to our Kubernetes clusters. Our backend primarily serves a well-documented public API that our front-end JavaScript app consumes.

    We ❤️open source – using dozens of open source projects with contributions to many of them, and released some of our own like ciso8601, LimitLion, SocketShark, TaskTiger, and more at https://github.com/closeio

    About You

    We're looking for an experienced full-time Software Engineer to join our engineering team. Someone who has a solid understanding of web technologies and wants to help design, implement, launch, and scale major systems and user-facing features.

    You should have senior level experience (~5 years) building modern back-end systems, with at least 3 years of that experience using Python.

    You also have around five years experience using MongoDB, PostgreSQL, Elasticsearch, or similar data stores. You have significant experience designing, scaling, debugging, and optimizing systems to make them fast and reliable. You have experience participating in code reviews and providing overall code quality suggestions to help maintain the structure and quality of the codebase.

    You’re comfortable working in a fast-paced environment with a small and talented team where you're supported in your efforts to grow professionally. You are able to manage your time well, communicate effectively and collaborate in a fully distributed team.

    You are located in an American or European time zone.

    Bonus points if you have...

    • Contributed open source code related to our tech stack

    • Led small project teams building and launching features

    • Built B2B SaaS products

    • Experience with sales or sales tools

    Come help us with projects like...

    • Conceiving, designing, building, and launching new user-facing features

    • Improving the performance and scalability our API. Help expand our GraphQL implementation.

    • Improving how we sync millions of sales emails each month

    • Working with Twilio's API, WebSockets, and WebRTC to improve our calling features

    • Building user-facing analytics features that provide actionable insights based on sales activity data

    • Improving our Elasticsearch-backed powerful search features

    • Improving our internal messaging infrastructure using streaming technologies like Kafka and Redis 

    • Building new and enhancing existing integrations with other SaaS platforms like Google’s G Suite, Zapier, and Web Conferencing providers

    Why work with us?

    • Culture video 💚

    • 100% remote (we believe in trust and autonomy)

    • 2 x annual team retreats ✈️ (Lisbon retreat video)

    • Competitive salary

    • 7 weeks PTO (includes company-wide winter holiday break)

    • 1 month paid sabbatical after 5 years

    • $200/month co-working stipend

    • Parental leave (10 wks primary caregiver / 4 wks secondary caregiver)

    • 99% premiums paid for excellent medical and dental coverage, including an HSA option (US residents)

    • 401k matching at 4% (US residents)

    • Dependent care FSA (US residents)

    • Our story and team 🚀

    • Glassdoor Reviews 

    At Close, everyone has a voice. We encourage transparency and practicing a mature approach to the work-place. In general, we don’t have strict policies, we have guidelines. Work/Life harmony is an important part of our organization - we believe you bring your best to work when you practice self care (whatever that looks like for you).

    We come from 12 countries and 16 states; a collection of talented humans rich in diverse backgrounds, lifestyles and cultures. Twice a year we meet up somewhere around the world to spend time with one another. We see these retreats as an opportunity to strengthen the social fiber of our community.

    This team is growing in more ways than one - we’ve recently launched 11 babies (and counting!). Unanimously, our favorite and most impactful value is “Build a house you want to live in.” We strive to make decisions that are authentic for our organization. At Close, we have a high care factor for one another, in making an awesome product and championing the success of our customers.  

    Interested in Close but don't think this role is the best fit for you? View our other positions.

  • 1 month ago

    Theorem is a team of experts who set sound principles and best practices into action. Our team solves complex problems and builds amazing things for some of the largest global household names. We work with team members around the world and have offices in LA and New York. While this is a remote first role, initially, the position will require at least bi-monthly travel to the UK. Candidates closer to major travel airport hubs will be given priority.  You must be authorized to work in the United States.
    As Software Solutions Architect, you are a polyglot engineer with a hunger for learning new languages and tools. You see yourself as a maker and you are interested in all steps of the process, from understanding the challenge, to designing, developing and deploying.
    As a consulting Software Solutions Architect, you are always happy to be learning, choosing the right tool for the job but also becoming the foremost domain expert about our client’s business. You should always be able to answer the question: What have I learned this week?

    Responsibilities and Duties

    In this role, you will participate in the full life cycle of application development for our clients with duties including but not limited to:

    • Assist the sales team with uncovering and understanding technical requirements and producing estimates and risk assessments for new projects.
    • Become the domain expert for our clients’ business and gain a deep knowledge of their infrastructure and internal systems.
    • Research technologies and assess their fit for the challenge at hand.
    • Educate and train clients and stakeholders about the benefits of our approach to software and solutions development.
    • Assist the engineering team on product delivery by writing code and reviewing pull requests.
    • Collaborate with the team to create a successful project hand-off plan

    Qualifications and Skills

    • 10+ years of experience in software engineering.
    • Over 5+ years of experience directly consulting with clients.
    • Eager to learn new languages and technologies.
    • Proficient and experienced with at least 3 programming languages; JavaScript, Ruby, Elixir, Go, C# and Python are all a plus.
    • Strong experience designing and delivering features on both server and client sides of the development stack.
    • Demonstrated experience researching new tools, acquiring new skills, and implementing your new knowledge on the fly with confidence and accuracy
    • Experience with AWS, GCP, or Azure is nice to have.
    • Experience working with Chef, Ansible, and other provisioning technologies is a plus.
    • BS of Computer Science or similar academic background is a plus.
    • Excellent skills in spoken and written English language.
    • Possess a strong and reliable internet connection.

Remotive can help!

Not sure how to apply properly to this job? Watch our live webinar « 3 Mistakes to Avoid When Looking For A Remote Startup Job (And What To Do Instead) ».

Interested to chat with Remote workers? Join our community!