Static Code Analyzer - Security Researcher

Geneva, Switzerland - Product development

Apply now

We solve problems that virtually every company developing software is facing. SonarSource is the leader in code quality & security with more than 100,000 companies using our solution, including eBay, Thales, Cisco, BMW, Deutsche Bank. Join a company with amazing people passionate about what they do!


As a Security Researcher, you play a central role to realise our ambition to provide the best SAST solution of the market. None of the existing solutions have already managed to get some adoption by developers. And so none of them have managed to really help development teams to deliver more secure applications. That’s the challenge to face. To fulfill this mission, you’ll be able to especially rely on a state-of-the-art taint-analyzer and on a brand new concept of Security Hotspots. Those Security Hotspots are particularly useful to highlight all the security-sensitive pieces of code while providing some educational material to developers.As a member of our development team, you work closely with the developers to specify, clarify, communicate, and validate all functional aspects.


  • Clean, update and feed a backlog of Security Vulnerabilities and Hotspots on more than 20 programming languages
  • Interact with our user community by email, clarify and turn into actions/decisions this invaluable feedback: like too noisy vulnerability detection rules or taint-analyzer reporting vulnerabilities without enough contextual information
  • Validate the behavior of new rules
  • Promote the new Security features with product news, blog entries and other communication channels


  • Master at least one programming language along with its development environment to understand end-users context and expectations. Having a developer background is a prerequisite
  • Good background in Application Security based for instance on a past experience in code review or penetration testing
  • Good understanding of the Application Security market: OWASP TOP 10, MITRE CWE/CVE, SANS TOP 25, SAST, DAST, SCA, …
  • Strong influencing skills and natural leadership
  • Ability to support context-switching
  • Self-confident enough to challenge the status quo as well as be challenged
  • Open-minded and very positive can-do attitude

What we do

SonarSource was started by a team of developers that wanted to change the way code is built in an agile development process. The company was created to develop the open source tool SonarQube, which is now the standard in code quality management with over 85,000 instances deployed today. Every day we are focused on solving developers’ next big problem.

Who we are

At SonarSource we believe in people, excellence, and delivery. We’re a team of problem solvers and overachievers who seek out others who are also passionate and relentless in their respective missions. We want to work with people who are ready to fasten their seat belts and be part of an incredible ride. We work hard not because we’re told to, but because we genuinely love what we do and do what we love. If there’s one main message we want you to remember about us, it’s that we push others to be best in class at whatever they do: choose your battle, innovate, take risks, and lead change. Join us; we’ll be smarter and stronger together.

Why you will love it here

  • You will be given ownership and challenges, team support and encouragement to help you hit your personal goals
  • You will have the opportunity to be a leader in your domain
  • You will have a concrete impact on a fast-growing company
  • You will enjoy working as part of a casual, fun and passionate team
  • You will meet and work with a talented and diverse team of 85+ professionals from 18 different nationalities
  • You will enjoy the passion and drive of a start-up with big-company events and benefits

Apply Now

Form submission failed Your application could not be submitted. Please check your input or try again later.


Thank you for sending us your application!

We will come back to you with feedback

In the meantime, we want to give you a heads-up on our hiring process:

  • For technical roles only, qualified candidates will first be asked via email to take a technical assessment named Codility
  • For all roles, selected candidates will be invited to 30 min video session(s) with one or two members of the hiring team
  • Then, candidates will be invited to come to our offices for half a day or so, to complete a technical interview with the hiring team, followed by a meeting with the people & culture team
  • Finally, candidates will potentially be asked to schedule a 1h final interview with our CEO

Kindly note that you can be declined at any stage and we will always do our best to deliver direct constructive feedback. To know more about who you may meet, visit our team page.

Have fun. We are looking forward to meeting you!