Harness The Power Of Open Source

It’s an exciting time to be at WhiteSource. We are building the next generation of open source security, making it safer for developers across the globe.

At WhiteSource we are building a strong, diverse team of curious,
creative people who support each other and produce innovative software products.

Application Security Engineer – SAST Group

Kraków, Małopolskie, Poland

WhiteSource is a successful, rapidly growing start-up offering a unique cloud-based solution of open-source management and security. We are getting millions of customer source code programs from all over the world and analyzing them automatically on a daily basis.

We are seeking a brilliant and independent Application Security Engineer to join our team.

This position is a one-of-a-kind opportunity to join a unique team responsible to create the next generation of security detection and remediation platform. You will make a remarkable impact on WhiteSource and on the entire security application industry.

We are looking for security application enthusiasts. If you are up for the challenge, come and join us!

We are expanding our portfolio of products, by starting the development of a new, State-Of-The-Art, cloud-based solution in the field of application security via static application security testing (SAST).

Responsibilities:  

  • Performing security source code analysis.
  • Analyze application vulnerabilities and provide mitigation strategies.
  • Researching and designing scanning rules while working closely with a development team for SAST
  • Analyzing different programming frameworks in different programming languages for potential sources and sinks for SAST.
  • Handle complex cases escalated from other teams.
  • Cooperate with vendors in the community to uncover and fix flaws in software projects.
  • Developing and improving WhiteSource SAST for various programming languages.

Requirements:

  • At least 3 years of experience in application security or security research, including the understanding of application security attacks, vulnerabilities, and mitigations- Must!
  • Understanding at least 2-3 of the following programming languages -Java, C#, Go, JS, Python, PHP, Ruby, etc- Must!
  • Language agnostic approach to vulnerability identification in the source code (ability to read multiple programming languages source code and identify vulnerable parts).
  • Knowledge of common Web Application security vulnerabilities (OWASP TOP10, SANS 25, etc.)
  • Experience with static code analysis (fuzzing tools are a plus, but not necessary ).
  • Excellent English – written and verbal.
  • Independence and can-do attitude, ambitious with a high work ethic.
  • Excellent interpersonal and communication skills.

Advantages: 

  • BSc or BA in Computer Science or a similar degree.
  • Experience working with development teams.
  • Experience with bug bounty research or published advisories or exploits for discovered 0day vulnerabilities in applications. 
  • Knowledge of PERL scripting languages or the desire to acquire this experience.
  • Regular Expressions knowledge, or the desire to acquire experience with RegEx.