Sonar

Application Security Researcher

Bochum, North Rhine-Westphalia, Germany

Not SpecifiedCompensation
Junior (1 to 2 years)Experience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, Enterprise SoftwareIndustries

Requirements

Candidates should possess a Bachelor's degree in Computer Science, Cybersecurity, or a related field, and have at least three years of experience in application security research, with a strong understanding of application security vulnerabilities and attack techniques. Familiarity with common programming languages and development environments is essential, as is the ability to analyze code and identify potential security flaws.

Responsibilities

As an Application Security Researcher at Sonar, you will build expertise on various language ecosystems to identify common vulnerabilities, investigate how these vulnerabilities materialize within code, define security rules to detect them, and interact with the user community to refine these rules. You will also study competitors, conduct gap analyses, drive innovation to improve the SAST engine, and act as a trusted advisor to developers by providing code samples and specifications.

Skills

Application Security
Vulnerability Analysis
Secure Code Production
Code Reviews
Programming Languages
SAST
Static Application Security Testing
Communication Skills

Sonar

Tools for code quality and security

About Sonar

SonarSource provides tools aimed at improving code quality and security for software developers. Its main products include SonarLint, an IDE plugin that gives real-time feedback on code quality; SonarQube, a self-managed solution for comprehensive code analysis and reporting; and SonarCloud, a cloud-based service that offers similar features with the convenience of cloud management. SonarSource operates on a subscription-based model, allowing clients to access its tools through annual subscriptions or usage-based pricing for cloud services. The company serves over 400,000 organizations worldwide, emphasizing the importance of writing clean, maintainable, and secure code. SonarSource's goal is to promote the philosophy of "Clean Code," which enhances the efficiency of development teams and improves the security and reliability of software applications.

Key Metrics

Vernier, SwitzerlandHeadquarters
2008Year Founded
$444.6MTotal Funding
LATE_VCCompany Stage
Enterprise Software, CybersecurityIndustries
501-1,000Employees

Benefits

Flexible Work Hours
Hybrid Work Options
Professional Development Budget

Risks

Tidelift acquisition may cause integration challenges, disrupting Sonar's operations.
Cultural challenges may affect the partnership with Adactin in Australia.
New distribution agreement with QBS Software may lead to channel conflicts.

Differentiation

SonarSource supports over 30 programming languages, offering broad compatibility for developers.
SonarLint provides real-time feedback in IDEs, enhancing code quality during development.
SonarQube and SonarCloud offer comprehensive code analysis, ensuring high standards for codebases.

Upsides

Sonar's acquisition of Tidelift enhances its open source software security capabilities.
Partnership with Adactin expands Sonar's reach in the Australian market.
Integration with AI-driven tools boosts Sonar's code quality assessment efficiency.

Land your dream remote job 3x faster with AI