Offer summary

Qualifications:

Strong interest in security vulnerabilities and open source software., Basic understanding of infrastructure components like Docker and AWS., Familiarity with high-level vulnerability classes such as OWASP Top 10., Ability to work independently and collaboratively on research projects..

Key responsibilities:

Conduct security research on various domains including open source libraries and AI.

Identify and responsibly disclose vulnerabilities to vendors and affected parties.

Publish research findings through blogs, whitepapers, or reports.

Share expertise internally and externally through presentations and community engagement.

Job description

Snyk is the leader in secure AI software development, helping millions of developers develop fast and stay secure as AI transforms how software is built. Our AI-native Developer Security Platform integrates seamlessly into development and security workflows, making it easy to find, fix, and prevent vulnerabilities — from code and dependencies to containers and cloud.

Our mission is to empower every developer to innovate securely in the AI era — boosting productivity while reducing business risk. We’re not your average security company - we build Snyk on One Team, Care Deeply, Customer Centric, and Forward Thinking.

It’s how we stay driven, supportive, and always one step ahead as AI reshapes our world.

Our Opportunity:

We’re looking for a Security Researcher to join Snyk’s Security Labs team and take part in research projects in Open Source libraries, SAST, Containers, Infrastructure as Code, Cloud domains and products, and of course, AI. You’ll work closely with and be mentored by our very experienced and talented research team, who will work with you on both team-wide and individual projects, ready to be shared with the industry at large.

Check out our blog, where you can learn more about the kinds of work we’ve done in the past.

If you love digging deep into software, learning how it ticks, and finding vulnerabilities that could impact developers and users all over the world, and then sharing what you’ve seen with the community, this could be the role for you.

You’ll Spend Your Time:

Leading and Contributing to Security Research: You'll drive both individual and collaborative team-based security research projects. This includes identifying and investigating interesting targets, continually seeking out new and impactful vulnerabilities.
Responsible Vulnerability Disclosure: You'll practice responsible disclosure, working directly with vendors and affected parties to ensure vulnerabilities are addressed promptly and securely before public dissemination.
Publishing Impactful Research: Your findings will contribute to the broader security community through the creation and publication of high-quality content, such as blog posts, whitepapers, or technical reports.
Sharing Expertise and Insights: You'll actively share your research and expertise, both internally with your team and colleagues, and externally through presentations at conferences, industry events, or other public forums.

What You’ll Need:

An appetite for hunting for security vulnerabilities through the wilds of open source software security.
A passion for security and a desire to contribute to the community.
Basic understanding of popular infrastructure components, such as Docker, AWS, and a web technology stack (e.g Node.js, Python, Java, Go).
Familiarity with high-level vulnerability classes, such as those enumerated in the OWASP Top 10.
The ability to work both independently on solo research projects, as well as with the wider team on larger projects.
A strong desire to keep up to date with new research and technologies from across the industry, and the ability to bring new ideas into the team.
Basic usage and knowledge of AI systems, such as chatbots and code editor extensions.

We’d be Lucky if You:

Have ideas for novel and impactful security research targets and areas.
Would like to speak at local and larger security conferences about your work.
Are comfortable with at least one common programming language (Python, Javascript, Bash) with the ability to both create larger software solutions as well as whip up small scripts for testing theories and exploits.
Have a track record of published security research, for example, your own blog, or an established bug bounty platform account.

#LI-TF1

We care deeply about the warm, inclusive environment we’ve created and we value diversity – we welcome applications from those typically underrepresented in tech. If you like the sound of this role but are not totally sure whether you’re the right person, do apply anyway!

About Snyk

Snyk is committed to creating an inclusive and engaging environment where our employees can thrive as we rally behind our common mission to make the digital world a safer place. From Snyk employee resource groups, to global benefits that help our employees prioritize their health, wellness, financial security, and a work/life blend, we aim to support our employees along their entire journeys here at Snyk.

Benefits & Programs

Prioritize health, wellness, financial security, and life balance with programs tailored to your location and role.

Flexible working hours, work-from home allowances, in-office perks, and time off for learning and self development
Generous vacation and wellness time off, country-specific holidays, and 100% paid parental leave for all caregivers
Health benefits, employee assistance plans, and annual wellness allowance
Country-specific life insurance, disability benefits, and retirement/pension programs, plus mobile phone and education allowances

Required profile