Security Data Analyst
London, Tel Aviv
We are looking for a curious, analytical and detail-oriented Security Data Analyst to join our team and help us uncover unknown vulnerabilities that exist in open source.
In modern software development, much of any project's code relies on open source packages. These are out there in the world, visible for anyone, and within that code there are vulnerabilities. As part of our security team, you'll join us on our mission to continually improve our ability to find these open source vulnerabilities in a programmatic way.
You'll join our interdisciplinary security team, alongside fully dedicated engineers focussed on building tools that make your work more effective and have lots of opportunities to learn and grow. This role is particularly well-suited to help you develop a deep understanding of how code works, and over time you'll have the opportunity to work with just about every programming language.
You’ll spend your time:
- Triaging and analysing potential vulnerabilities discovered within open-source dependencies
- Further researching known vulnerabilities to determine characteristics such as severity and exploitability
- Using research to verify or disqualify potential vulnerabilities
- Building data models and structures
- Using data analyst techniques to answer research questions about vulnerabilities, and general threat intelligence trends
- Training machine learning models to find where vulnerabilities are mostly likely to lie, using a combination of our unique database of verified known vulns; information about how the open source community operates; and the static code itself
- Developing and testing theories and hypotheses around new areas that Snyk tackles
- Exploring and establishing the new abilities we need to develop our product to further achieve our mission
You should apply if you:
- You're comfortable working with large datasets (we use BigQuery; ideally you'll have used one of BigQuery, elasticsearch, kibana, hadoop etc.)
- You have a passion for security and an interest in the problem space
- You’ve triaged and analysed data before using techniques and tools such as pandas and jupyter
- You have experience using statistical tools to help answer research questions
- You love learning new techniques and getting experience in new fields
- You have previous experience working with open source codebases
We’d especially love to hear from you if you:
- You have worked with researchers before, ideally in the security space or have conducted security research yourself
- You have experience PoCing vulnerabilities and dealing with vulnerability disclosures
- You have worked closely with Data Scientists in the past and have experience working with ML
*Wants to learn more why do organisations trust Snyk - read the following blog .
Please apply below! We care deeply about the warm, inclusive environment we’ve created and we value diversity - we welcome applications from those typically underrepresented in tech. If you like the sound of this role, but are not totally sure whether you’re the right person, do apply anyway :)
Snyk’s mission is to help developers use open source code and stay secure.
The use of open source is booming, but security is a key concern. Snyk’s unique product enables developers and enterprise security teams to continuously find & fix vulnerable dependencies without slowing down, offering seamless integration into Dev, DevOps and DevSecOps workflows. We care deeply about the quality and usefulness of the tools we develop, always focusing on our customers and users.
We are distributed across four offices in London, Tel Aviv, Boston and Ottawa, with our engineering teams based mostly in London and Tel Aviv, and 10% of the company working fully-remote. We’ve made an organizational commitment to building a strong, effective, distributed company: we form teams across multiple offices wherever possible, and we invest in communication so that we can benefit from each others’ perspectives. Not to mention that we have an always-on webcam so we can see what’s happening in each office, we make heavy use of video calls, Slack, and some inter-office travel.
At Snyk, we are experiencing rapid growth and we want you to join us! By the end of Q4 2019 alone, Snyk had already over 110,00 registered users, including multiple enterprise customers (such as Google, Salesforce, Mastercard, BBC, and others). We also raised an additional $150 million, announced January 21, 2020. With this investment, we have partnered with Stripes, along with Coatue, Tiger Global, BoldStart, Trend Forward, Amity and Salesforce Ventures, to build on our 2019 momentum and continue to fuel our developer-first approach to security.
We believe open source software is a force for good, and we’re building Snyk to make it easier for developers who aren’t security experts to stay secure.