Senior Security Engineer, Application Security
Trail of Bits- Full Time
- Senior (5 to 8 years)
Candidates should possess a Bachelor's degree in Computer Science, Cybersecurity, or a related field, and have at least three years of experience in application security research, with a strong understanding of application security vulnerabilities and attack techniques. Familiarity with common programming languages and development environments is essential, as is the ability to analyze code and identify potential security flaws.
As an Application Security Researcher at Sonar, you will build expertise on various language ecosystems to identify common vulnerabilities, investigate how these vulnerabilities materialize within code, define security rules to detect them, and interact with the user community to refine these rules. You will also study competitors, conduct gap analyses, drive innovation to improve the SAST engine, and act as a trusted advisor to developers by providing code samples and specifications.
Tools for code quality and security
SonarSource provides tools aimed at improving code quality and security for software developers. Its main products include SonarLint, an IDE plugin that gives real-time feedback on code quality; SonarQube, a self-managed solution for comprehensive code analysis and reporting; and SonarCloud, a cloud-based service that offers similar features with the convenience of cloud management. SonarSource operates on a subscription-based model, allowing clients to access its tools through annual subscriptions or usage-based pricing for cloud services. The company serves over 400,000 organizations worldwide, emphasizing the importance of writing clean, maintainable, and secure code. SonarSource's goal is to promote the philosophy of "Clean Code," which enhances the efficiency of development teams and improves the security and reliability of software applications.