Security Researcher

Sonatype is the software supply chain security company. We provide the world’s best end-to-end software supply chain security solution, combining the only proactive protection against malicious open source, the only enterprise grade SBOM management and the leading open source dependency management platform. This empowers enterprises to create and maintain secure, quality, and innovative software at scale.

As founders of Nexus Repository and stewards of Maven Central, the world’s largest repository of Java open-source software, we are software pioneers and our open source expertise is unmatched. We empower innovation with an unparalleled commitment to build faster, safer software and harness AI and data intelligence to mitigate risk, maximize efficiencies, and drive powerful software development.

More than 2,000 organizations, including 70% of the Fortune
100 and 15 million software developers, rely on Sonatype to optimize their software supply chains.

Sonatype’s mission is to enable organizations to better manage their software supply chain. We offer a series of products and services including the Sonatype Nexus Repository and Sonatype Lifecycle.

This position is 100% remote and candidates must currently live in Colombia

The Security Researcher will investigate and analyze vulnerabilities in open-source software.

Sonatype is looking for a passionate, driven and talented Security Researcher to provide high quality security data from researching software vulnerabilities. This high-quality security data ensures that our customers are getting maximum value out of our products making them feel like they are part of the Sonatype family. If you are a positive-thinker and problem-solver and believe that customer success and company success go hand-in-hand, this is a great job for you.

This position will provide a valuable learning opportunity with great potential to grow your newly started career in cyber-security. Enjoy your job as you work in a fast-paced, flexible, and fun environment, with talented, diverse, and forward-thinking individuals.

• Review, isolate, analyze, and reverse engineer vulnerabilities in open-source software
• Document attack capabilities
• Provide detection and remediation guidance
• Aid in ideas and prototypes for new tooling
• Collaborate with other team members toward shared product goals
• Improve Sonatype products by providing valuable security data
• Work with technology and business team members to define and refine requirements in an agile development environment

• Bachelor of Science Degree in Computer Science, Cybersecurity, Engineering, or related field.
• 2+ years of experience in software development or application security
• Knowledge of Java, C#, or Java Script
• Knowledge of application security such as the OWASP Top 10 or Sans 25
• Excellent oral and written communication skills
• Excellent organizational skills and detail oriented
• Ability to work independently and as part of a team

• Knowledge of different languages such as Python, Ruby, and scripting is a plus
• Knowledge of different operating systems such as NIX, Windows is a plus
• Application vulnerability assessment or penetration testing experience is a plus