Open Source Vulnerability Researcher - Remote UK - 2018644

Sonatype, UK - Remote

We created Nexus to accelerate software innovation

Duration: Full-Time

Sonatype is the software supply chain management company. We're on a mission to change how the world innovates by making software development easier. From running the world's largest repository of Java open source components (Maven Central) to inventing componentized software development, and then software supply chain management, to creating the only solution that stops malicious open-source malware in its tracks, we're constantly leading the industry, while helping thousands of customers manage open source every day.

Already used by 15 million developers, we have lofty goals for our technology to be in the hands of every engineering team. And, we need you to do that. Join us!

Learn more at www.sonatype.com.

The Open Source Vulnerability Researcher will investigate and analyze vulnerabilities in open-source software.

Sonatype is looking for a passionate, driven, and talented developer to provide high-quality security data from researching software vulnerabilities. This is not a development position but relies on development experience to help navigate complex architectures and threat vectors in open-source software. This high-quality security data ensures that our customers get maximum value from our products, making them feel like part of the Sonatype family.

If you are a positive-thinker and problem-solver and believe that customer success and company success go hand-in-hand, this is a great job for you. This position will provide a valuable learning opportunity with great potential to grow your newly started career in cyber-security. Enjoy your job as you work in a fast-paced, flexible, and fun environment with talented, diverse, and forward-thinking individuals.

Key Areas of Focus

Review, isolate, analyze, and reverse engineer vulnerabilities in open-source software
Document attack capabilities
Provide detection and remediation guidance
Aid in ideas and prototypes for new tooling
Collaborate with other team members toward shared product goals
Improve Sonatype products by providing valuable security data

Required Background

5+ years of experience in application security or development experience in Java, C#, Python, JavaScript, C/C++, or Ruby
Excellent oral and written communication skills
Excellent organizational skills and detail-oriented
Ability to work independently and as part of a team
Currently reside in the UK - we are eager to find applicants based in any UK location, in particular Northern Ireland and who are legally entitled to work in this location without sponsorship.

Desired Background - nice to have

Bachelor of Science Degree in Computer Science, Cybersecurity, Engineering, or related field
Knowledge of application security such as the OWASP Top 10 or Sans 25
Knowledge of different languages such as Python, Ruby, and scripting
Knowledge of different operating systems such as *NIX, Windows
Application vulnerability assessment or penetration testing experience
Knowledge of open-source environments like Github is a plus

Things that we are proud of

The opportunity to be part of an incredible, high-growth company, working on a team of experienced colleagues
Fast Company Top 50 Companies for Innovators 2018, 2019, and 2020
2019 Best Places to Work Washington Post and Washingtonian
2019 Wealthfront Top Career Launch Company
EY Entrepreneur of the Year 2019
Diversity & Inclusion Working Groups
Parental Leave Policy
Paid Volunteer Time Off (VTO)
Long term type of contract (contrato término indefinido)
Flexible working hours 100% remote
Fast learning
Career plan
Bonus for personal results
Corporate results bonus.
Additional vacation days (depending on time worked)
Colombian holidays
Opportunity to travel to the United States once a year for our Annual corporate meeting

#LI-KB1

At Sonatype, we value diversity and inclusivity. We offer perks such as parental leave, diversity, and inclusion working groups, and flexible working practices to allow our employees to show up as their whole selves. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.

#LI-Remote

About Sonatype

The Sonatype journey started 10 years ago, just as the concept of “open source” software development was gaining steam. From our humble beginning as core contributors to Apache Maven, to supporting the world’s largest repository of open source components (Central), to distributing the world's most popular repository manager (Nexus), we’ve played a meaningful role in helping the world embrace the power of open innovation.

Over time, we witnessed the staggering volume and variety of open source libraries that began flowing into every development environment in the world.