Instead of creating applications from scratch, today's developers start with open-source components and then copy, extend, and glue them together. It’s faster, it’s cheaper, and it means that open-source libraries and frameworks now make up the vast majority of the source code used by companies today. This change is not lost on hackers. For them, reusable code equals reusable vulnerabilities.
We at SourceClear help you secure your open-source code from hackers by creating a real-time inventory of your open-source components. We show you where they came from, who created them, and exactly what they are doing in their applications. We detail vulnerabilities that could be used by hackers to compromise applications and customer data and provide clear guidance on fixes.
Our data-science and machine learning platform digs into the depths of open-source vulnerabilities at scale and at speed, uncovering issues not yet disclosed to the public. We take care of security for open-source code so that you can focus on your business: shipping features and delighting users.
The security researcher role is a part of the R&D team at SourceClear. We have the most complete and most accurate database of disclosed and undisclosed vulnerabilities in open-source and third-party code. Security researchers curate the vulnerabilities added to the database and develop tools to identify new and undisclosed vulnerabilities.
- Triaging of the newest vulnerabilities released
- Creating product signatures and identifying root cause of vulnerabilities
- Tracking library release notes and security bulletins
- Develop tools to identify new vulnerabilities
- Other activities that involve security research about software vulnerabilities
- BS/MS/PhD degree in Computer Science, Computer Engineering, or a related field; or, relevant work experience
- Attention to detail and highly organized style of working
- High energy individual with a can-do attitude
- Experience programming in either Java, Ruby or Javascript
- Preferable if the candidate has knowledge of build and package management systems such as Maven, RubyGems and NPM
- Preferable if the candidate has knowledge of software security vulnerability types and common attack methods
Related Job Searches:
- Company:
Sourceclear Pte. Ltd. - Designation:
Security Researcher - Profession:
IT / Information Technology - Industry:
Computer and IT