Staff Security Advocate
SemgrepSalary not specified
Full Time
Entry Level & New Grad
Not SpecifiedCompensation
Entry Level & New Grad, Junior (1 to 2 years)Experience Level
Full TimeJob Type
UnknownVisa
Software, CybersecurityIndustries
Requirements
Candidates must have a Bachelor of Science Degree in Computer Science, Cybersecurity, Engineering, or a related field. A minimum of 2 years of experience in software development or application security is required, along with knowledge of Java, C#, or JavaScript and application security concepts like the OWASP Top 10 or Sans 25. Excellent oral and written communication, organizational skills, and the ability to work independently and in a team are essential. Knowledge of Python, Ruby, scripting, *NIX, Windows, application vulnerability assessment, penetration testing, and open-source environments like GitHub are considered a plus.
Responsibilities
The Security Researcher will investigate and analyze vulnerabilities in open-source software, documenting attack capabilities and providing detection and remediation guidance. Responsibilities include aiding in the development of new tooling ideas and prototypes, collaborating with team members on product goals, and improving Sonatype products by contributing valuable security data. The role also involves working with technology and business teams to define and refine requirements within an agile development environment.
Skills
Vulnerability Research
Open-Source Software Analysis
Security Data Analysis
Problem-Solving
Sonatype
Manages and secures open-source software usage
About Sonatype
Sonatype helps organizations manage and secure their use of open-source software, which is software that anyone can inspect and modify. Their main product, the Nexus Platform, automates DevOps processes and governs the usage of open-source software. This platform supports practices that combine software development and IT operations to speed up the development lifecycle and ensure high-quality software delivery. Sonatype serves a variety of clients, including IT leaders and developers across different industries, such as healthcare. Unlike many competitors, Sonatype offers both free and paid versions of their products, allowing users to manage software components effectively. Their goal is to provide tools that enhance software security and efficiency in development, generating revenue through subscriptions to their advanced features.
Fulton, MissouriHeadquarters
2008Year Founded
$150.5MTotal Funding
GROWTH_EQUITY_VCCompany Stage
Enterprise Software, CybersecurityIndustries
501-1,000Employees
Benefits
Distributed Workforce - Walls don’t make a company great, people do — and we have the best. While we have offices in the US in Maryland and Virginia, and also in London and Sydney, our growing and talented team lives and works anywhere and everywhere.
Mission Driven - We’re helping software developers harness the power of open source, while making software safer. What does that mean for you? An opportunity to join a smart, mission-oriented team that is changing how software is made.
Competitive Salary & Benefits - We believe in taking care of our team. That means more than just interesting work — it's great benefits, competitive compensation packages, flexible schedules, and an endless opportunity to learn and grow.
Open, Transparent, Diverse - Our varied experiences, locations, ethnicities, genders, and sexual orientations, make us a better company. That's why we're committed to bringing different backgrounds and perspectives into our organization.
Risks
Complex software supply chains pose challenges, with only 7% reviewing their risks.
Fixing critical vulnerabilities can take over 500 days, exposing clients to risks.
Partnership with Equifax may risk reputation if security improvements are not achieved.
Differentiation
Sonatype offers a full-spectrum software supply chain management platform.
The Nexus Platform automates DevOps processes and governs open-source software usage.
Sonatype's solutions are trusted by 15 million developers globally.
Upsides
Partnership with OpenText enhances vulnerability management for open-source and custom code.
Availability in AWS Marketplace expands customer base and streamlines platform management.
Recognition as a leader in Software Composition Analysis boosts credibility and client attraction.
Related Jobs
RemoteRemoteSr. Vulnerability Detection Engineer (Content) Exposure Management (Re…
CrowdstrikeSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteOpen Source Infrastructure Engineer
Arize AISalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteResearch Scientist II
DataminrSalary not specified
- Full Time
- Junior (1 to 2 years)
RemoteSenior Application Security Engineer
M&T BankSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemotePenetration Tester
UltraViolet CyberSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteVulnerability Detection Engineer (Content) - Exposure Management (Remo…
CrowdstrikeSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteStaff Security Analyst
RoSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemotePrincipal Security Researcher, Google
Huntress$210,000 - $240,000/year
- Full Time
- Expert & Leadership (9+ years)
RemotePrincipal DevSecOps Engineer
Second Front SystemsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Software Security Engineer
Muon SpaceSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteJunior SQL Developer
bswiftSalary not specified
- Full Time
- Junior (1 to 2 years)
RemoteSenior Defensive Security Consultant
SpecterOps$90,000 - $160,000/year
- Full Time
- Senior (5 to 8 years)
RemoteCybersecurity Threat Analyst
Maxar TechnologiesSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)