Sonar

Application Security Researcher

Bochum, North Rhine-Westphalia, Germany

Auto‑apply with AI Apply

Not SpecifiedCompensation

Junior (1 to 2 years)Experience Level

Full TimeJob Type

UnknownVisa

Cybersecurity, Enterprise SoftwareIndustries

Requirements

Candidates should possess a Bachelor's degree in Computer Science, Cybersecurity, or a related field, and have at least three years of experience in application security research, with a strong understanding of application security vulnerabilities and attack techniques. Familiarity with common programming languages and development environments is essential, as is the ability to analyze code and identify potential security flaws.

Responsibilities

As an Application Security Researcher at Sonar, you will build expertise on various language ecosystems to identify common vulnerabilities, investigate how these vulnerabilities materialize within code, define security rules to detect them, and interact with the user community to refine these rules. You will also study competitors, conduct gap analyses, drive innovation to improve the SAST engine, and act as a trusted advisor to developers by providing code samples and specifications.

Skills

Application Security

Vulnerability Analysis

Secure Code Production

Code Reviews

Programming Languages

SAST

Static Application Security Testing

Communication Skills

Sonar

Tools for code quality and security

About Sonar

SonarSource provides tools aimed at improving code quality and security for software developers. Its main products include SonarLint, an IDE plugin that gives real-time feedback on code quality; SonarQube, a self-managed solution for comprehensive code analysis and reporting; and SonarCloud, a cloud-based service that offers similar features with the convenience of cloud management. SonarSource operates on a subscription-based model, allowing clients to access its tools through annual subscriptions or usage-based pricing for cloud services. The company serves over 400,000 organizations worldwide, emphasizing the importance of writing clean, maintainable, and secure code. SonarSource's goal is to promote the philosophy of "Clean Code," which enhances the efficiency of development teams and improves the security and reliability of software applications.

Key Metrics

Vernier, SwitzerlandHeadquarters

2008Year Founded

$444.6MTotal Funding

LATE_VCCompany Stage

Enterprise Software, CybersecurityIndustries

501-1,000Employees

Benefits

Flexible Work Hours

Hybrid Work Options

Professional Development Budget

Risks

Tidelift acquisition may cause integration challenges, disrupting Sonar's operations.

Cultural challenges may affect the partnership with Adactin in Australia.

New distribution agreement with QBS Software may lead to channel conflicts.

Differentiation

SonarSource supports over 30 programming languages, offering broad compatibility for developers.

SonarLint provides real-time feedback in IDEs, enhancing code quality during development.

SonarQube and SonarCloud offer comprehensive code analysis, ensuring high standards for codebases.

Upsides

Sonar's acquisition of Tidelift enhances its open source software security capabilities.

Partnership with Adactin expands Sonar's reach in the Australian market.

Integration with AI-driven tools boosts Sonar's code quality assessment efficiency.

Land your dream remote job 3x faster with AI

Try Jobo Free