Senior Security Engineer, Application Security
Trail of BitsSalary not specified
- Full Time
- Senior (5 to 8 years)
Not SpecifiedCompensation
Entry Level & New Grad, Junior (1 to 2 years)Experience Level
Full TimeJob Type
UnknownVisa
Software, CybersecurityIndustries
Security Researcher
Employment Type: Full-Time Location Type: 100% Remote Location: Candidates must currently live in Colombia
Position Overview
Sonatype is the software supply chain security company, providing the world's best end-to-end solution. We empower enterprises to create and maintain secure, quality, and innovative software at scale by combining proactive protection against malicious open source, enterprise-grade SBOM management, and the leading open-source dependency management platform. As founders of Nexus Repository and stewards of Maven Central, we are software pioneers with unmatched open-source expertise. We empower innovation with an unparalleled commitment to build faster, safer software and harness AI and data intelligence to mitigate risk, maximize efficiencies, and drive powerful software development. Over 2,000 organizations, including 70% of the Fortune 100 and 15 million software developers, rely on Sonatype to optimize their software supply chains.
Sonatype's mission is to enable organizations to better manage their software supply chain. We offer products and services including the Sonatype Nexus Repository and Sonatype Lifecycle.
This position offers a valuable learning opportunity with great potential to grow a career in cyber-security. Enjoy your job in a fast-paced, flexible, and fun environment with talented, diverse, and forward-thinking individuals.
Responsibilities
- Review, isolate, analyze, and reverse engineer vulnerabilities in open-source software.
- Document attack capabilities.
- Provide detection and remediation guidance.
- Aid in ideas and prototypes for new tooling.
- Collaborate with other team members toward shared product goals.
- Improve Sonatype products by providing valuable security data.
- Work with technology and business team members to define and refine requirements in an agile development environment.
Requirements
- Bachelor of Science Degree in Computer Science, Cybersecurity, Engineering, or related field.
- 2+ years of experience in software development or application security.
- Knowledge of Java, C#, or JavaScript.
- Knowledge of application security such as the OWASP Top 10 or Sans 25.
- Excellent oral and written communication skills.
- Excellent organizational skills and detail-oriented.
- Ability to work independently and as part of a team.
Preferred Qualifications
- Knowledge of different languages such as Python, Ruby, and scripting is a plus.
- Knowledge of different operating systems such as *NIX, Windows is a plus.
- Application vulnerability assessment or penetration testing experience is a plus.
- Knowledge of open-source environments like GitHub is a plus.
About Sonatype
Sonatype is the software supply chain security company. We provide the world’s best end-to-end software supply chain security solution, combining the only proactive protection against malicious open source, the only enterprise grade SBOM management and the leading open source dependency management platform. This empowers enterprises to create and maintain secure, quality, and innovative software at scale. As founders of Nexus Repository and stewards of Maven Central, the world’s largest repository of Java open-source software, we are software pioneers and our open source expertise is unmatched. We empower innovation with an unparalleled commitment to build faster, safer software and harness AI and data intelligence to mitigate risk, maximize efficiencies, and drive powerful software development. More than 2,000 organizations, including 70% of the Fortune 100 and 15 million software developers, rely on Sonatype to optimize their software supply chains.
Awards and Recognition
- 2025 AI Compliance Solution of the Year - AI Breakthrough Awards
- 2025 DEVIES Award to our SBOM Manager new product for its innovation and impact in developer technology
- 2024 Industry Leader in Forrester-Wave for Software Composition Analysis (2024 Q4 report)
- 2023 Fast Company Best Places for Innovators
- 2023 Gartner's Magic Quadrant
- 2023 Software Report's Top 100 Software Companies
- 2023 BuiltIn Best Places to Work
- 2022 Frost & Sullivan Technology Innovation Leader Award
- 2022 PeerSpot Silver Peer Award in Software Composition Analysis
- 2022 Tech Ascension Best DevOps Security Solution Award
- 2022 NVCT Cyber
Skills
Vulnerability Research
Open-Source Software Analysis
Security Data Analysis
Problem-Solving
Sonatype
Manages and secures open-source software usage
About Sonatype
Sonatype helps organizations manage and secure their use of open-source software, which is software that anyone can inspect and modify. Their main product, the Nexus Platform, automates DevOps processes and governs the usage of open-source software. This platform supports practices that combine software development and IT operations to speed up the development lifecycle and ensure high-quality software delivery. Sonatype serves a variety of clients, including IT leaders and developers across different industries, such as healthcare. Unlike many competitors, Sonatype offers both free and paid versions of their products, allowing users to manage software components effectively. Their goal is to provide tools that enhance software security and efficiency in development, generating revenue through subscriptions to their advanced features.
Fulton, MissouriHeadquarters
2008Year Founded
$150.5MTotal Funding
GROWTH_EQUITY_VCCompany Stage
Enterprise Software, CybersecurityIndustries
501-1,000Employees