Security Researcher
Sonatype
Sonatype is the software supply chain security company. We provide the world’s best end-to-end software supply chain security solution, combining the only proactive protection against malicious open source, the only enterprise grade SBOM management and the leading open source dependency management platform. This empowers enterprises to create and maintain secure, quality, and innovative software at scale.
As founders of Nexus Repository and stewards of Maven Central, the world’s largest repository of Java open-source software, we are software pioneers and our open source expertise is unmatched. We empower innovation with an unparalleled commitment to build faster, safer software and harness AI and data intelligence to mitigate risk, maximize efficiencies, and drive powerful software development.
More than 2,000 organizations, including 70% of the Fortune 100 and 15 million software developers, rely on Sonatype to optimize their software supply chains.
Sonatype’s mission is to enable organizations to better manage their . We offer a series of products and services including the Sonatype Nexus Repository and Sonatype Lifecycle.
**This position is 100% remote and candidates must currently live in Colombia**
The Security Researcher will investigate and analyze vulnerabilities in open-source software.
Sonatype is looking for a passionate, driven and talented Security Researcher to provide high quality security data from researching software vulnerabilities. This high-quality security data ensures that our customers are getting maximum value out of our products making them feel like they are part of the Sonatype family. If you are a positive-thinker and problem-solver and believe that customer success and company success go hand-in-hand, this is a great job for you. This position will provide a valuable learning opportunity with great potential to grow your newly started career in cyber-security. Enjoy your job as you work in a fast-paced, flexible, and fun environment, with talented, diverse, and forward-thinking individuals. What you'll do:Review, isolate, analyze, and reverse engineer vulnerabilities in open-source softwareDocument attack capabilitiesProvide detection and remediation guidanceAid in ideas and prototypes for new toolingCollaborate with other team members toward shared product goalsImprove Sonatype products by providing valuable security dataWork with technology and business team members to define and refine requirements in an agile development environmentWhat you bring:Bachelor of Science Degree in Computer Science, Cybersecurity, Engineering, or related field.2+ years of experience in software development or application security Knowledge of Java, C#, or JavaScriptKnowledge of application security such as the OWASP Top 10 or Sans 25Excellent oral and written communication skillsExcellent organizational skills and detail orientedAbility to work independently and as part of a teamIt'd be great if you also had:Knowledge of different languages such as Python, Ruby, and scripting is a plusKnowledge of different operating systems such as *NIX, Windows is a plusApplication vulnerability assessment or penetration testing experience is a plusKnowledge of open source environments like GitHub is a plusThings that we are proud of2025 AI Compliance Solution of the Year - AI Breakthrough Awards2025 DEVIES Award to our SBOM Manager new product for its innovation and impact in developer technology2024 Industry Leader in Forrester-Wave for Software Composition Analysis (2024 Q4 report)2023 Fast Company Best Places for Innovators2023 Gartner's Magic Quadrant2023 Software Report's Top 100 Software Companies2023 BuiltIn Best Places to Work2022 Frost & Sullivan Technology Innovation Leader Award2022 PeerSpot Silver Peer Award in Software Composition Analysis2022 Tech Ascension Best DevOps Security Solution Award2022 NVCT Cyber Company of the YearCompany Wellness Week - We shut down company operations for a week to enable all employees to pursue personal growth and enjoy a much-needed and deserved rest. Paid Volunteer Time Off (VTO)We are Sonatype, and we have assembled a world class team of employees, investors, and partners. We are proud to be recognized as a Deloitte Technology Fast 500 company for 2016. With more than 120,000 installations and counting, Nexus products are helping modern development organizations intelligently source, manage, assemble, and maintain open source and third-party components, so they can improve the quality, security, and speed of their software supply chains.
We are curious and constantly innovating without fear of failure. We are attacking a huge and emerging market and seeking remarkably talented individuals to join us on our journey.
Sonatype is proud to be an equal opportunity workplace and an affirmative action employer that is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.
At Sonatype, we value diversity and inclusivity. We offer perks such as parental leave, diversity and inclusion working groups, and flexible working practices to allow our employees to show up as their whole selves. We are an equal-opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.
As founders of Nexus Repository and stewards of Maven Central, the world’s largest repository of Java open-source software, we are software pioneers and our open source expertise is unmatched. We empower innovation with an unparalleled commitment to build faster, safer software and harness AI and data intelligence to mitigate risk, maximize efficiencies, and drive powerful software development.
More than 2,000 organizations, including 70% of the Fortune 100 and 15 million software developers, rely on Sonatype to optimize their software supply chains.
Sonatype’s mission is to enable organizations to better manage their . We offer a series of products and services including the Sonatype Nexus Repository and Sonatype Lifecycle.
**This position is 100% remote and candidates must currently live in Colombia**
The Security Researcher will investigate and analyze vulnerabilities in open-source software.
Sonatype is looking for a passionate, driven and talented Security Researcher to provide high quality security data from researching software vulnerabilities. This high-quality security data ensures that our customers are getting maximum value out of our products making them feel like they are part of the Sonatype family. If you are a positive-thinker and problem-solver and believe that customer success and company success go hand-in-hand, this is a great job for you. This position will provide a valuable learning opportunity with great potential to grow your newly started career in cyber-security. Enjoy your job as you work in a fast-paced, flexible, and fun environment, with talented, diverse, and forward-thinking individuals. What you'll do:Review, isolate, analyze, and reverse engineer vulnerabilities in open-source softwareDocument attack capabilitiesProvide detection and remediation guidanceAid in ideas and prototypes for new toolingCollaborate with other team members toward shared product goalsImprove Sonatype products by providing valuable security dataWork with technology and business team members to define and refine requirements in an agile development environmentWhat you bring:Bachelor of Science Degree in Computer Science, Cybersecurity, Engineering, or related field.2+ years of experience in software development or application security Knowledge of Java, C#, or JavaScriptKnowledge of application security such as the OWASP Top 10 or Sans 25Excellent oral and written communication skillsExcellent organizational skills and detail orientedAbility to work independently and as part of a teamIt'd be great if you also had:Knowledge of different languages such as Python, Ruby, and scripting is a plusKnowledge of different operating systems such as *NIX, Windows is a plusApplication vulnerability assessment or penetration testing experience is a plusKnowledge of open source environments like GitHub is a plusThings that we are proud of2025 AI Compliance Solution of the Year - AI Breakthrough Awards2025 DEVIES Award to our SBOM Manager new product for its innovation and impact in developer technology2024 Industry Leader in Forrester-Wave for Software Composition Analysis (2024 Q4 report)2023 Fast Company Best Places for Innovators2023 Gartner's Magic Quadrant2023 Software Report's Top 100 Software Companies2023 BuiltIn Best Places to Work2022 Frost & Sullivan Technology Innovation Leader Award2022 PeerSpot Silver Peer Award in Software Composition Analysis2022 Tech Ascension Best DevOps Security Solution Award2022 NVCT Cyber Company of the YearCompany Wellness Week - We shut down company operations for a week to enable all employees to pursue personal growth and enjoy a much-needed and deserved rest. Paid Volunteer Time Off (VTO)We are Sonatype, and we have assembled a world class team of employees, investors, and partners. We are proud to be recognized as a Deloitte Technology Fast 500 company for 2016. With more than 120,000 installations and counting, Nexus products are helping modern development organizations intelligently source, manage, assemble, and maintain open source and third-party components, so they can improve the quality, security, and speed of their software supply chains.
We are curious and constantly innovating without fear of failure. We are attacking a huge and emerging market and seeking remarkably talented individuals to join us on our journey.
Sonatype is proud to be an equal opportunity workplace and an affirmative action employer that is committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.
At Sonatype, we value diversity and inclusivity. We offer perks such as parental leave, diversity and inclusion working groups, and flexible working practices to allow our employees to show up as their whole selves. We are an equal-opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.
Confirmar seu email: Enviar Email
Todos os Empregos de Sonatype