Static Code Analysis Scientist

Geneva / Annecy / Bochum /
Engineering – R&D /
/ On-site
Sonar’s industry leading solution solves the trillion-dollar challenge of bad code, equipping developers and organizations to reach a problem-free state in their codebase with Clean Code. Through its unique Clean as You Code methodology, the organization has empowered 7 million developers and 400,000 organizations across the globe to systematically deliver better software. 

The impact you can have

With your domain expertise and experience you will shape an innovative Security R&D team at SonarSource. You will explore state-of-the-art approaches and new ideas that help to push our code analysis technology beyond the limits. By implementing and testing visionary prototypes, you are preparing the next generation of our cutting-edge code analyzers that are used by millions of developers around the globe.

As a Security Scientist, you will

    • Have fun in a creative team that shares your passion and interest for security automation
    • Identify, measure and discuss limitations and drawbacks of our current static analysis implementations
    • Stay up-to-date with the latest academic research and industry trends related to automated detection of code vulnerabilities
    • Experiment with existing or new analysis algorithms and prototypes to evaluate their potential of solving real problems and satisfying additional customer needs
    • Innovate by inventing new, creative static analysis techniques that will advance our technology and the industry’s state-of-the-art 
    • Develop proof of concept implementations that are feasible in practice and applicable to our products

The skills you will demonstrate

    • You received a doctorate or master’s degree in computer science or a related field where you studied theoretical aspects of programming languages 
    • You have hands-on experience with formal methods used for static program analysis (e.g., data flow analysis, taint analysis, symbolic execution, abstract interpretation, etc.) 
    • You have a solid understanding of the concept behind common  vulnerabilities in applications’ code
    • You have solid programming skills for prototype implementation, preferably in Java
    • You are creative and passionate about automating the detection of security vulnerabilities
    • You can think outside the box and turn abstract, theoretical ideas into practical, feasible solutions for our product users
    • You are fluent in English, both written and spoken, and are able to understand and explain complex technical and scientific topics
Words from the team

The Security R&D team is a new team at SonarSource established after the acquisition of RIPS Technologies. RIPS was known as a technology leader in static application security testing and for its fast and accurate SAST approach. With joint forces and tech expertise at SonarSource, we continue to provide the leading security products for developers.

Join us in this fun adventure and take a unique opportunity to help build the best code analysis products in the world!

Why you will love it here

• We value a safe work culture - founded in respect, kindness, and the right to fail.
• We hire great people - we value communication skills as much as technical prowes and we strive to create a work enviornment that allows for everyone to succeed and feel empowered to do their best work. Our 500+ SonarSourcers from 35 different nationalities can relate!
• Work-life balance - a healthy work-life balance is very important at Sonar. This is reflected in our hybrid work policy (2-3 days/week in the office).
• Flexible hours - we schedule our days in order to be effective at work, while also being able to enjoy life’s important moments.
• We promote continuous learning - in an ever-changing industry, learning new skills is the key to growth and success! We're happy to support all employees in this journey if desired. 

What we do

As Home of Clean Code, Sonar is the ultimate solution to achieving Clean Code for developers and organizations alike. 

The company was formed to develop the open-source tool SonarQube, which has since become the go-to standard in code quality management. We strive every day to pave the way for developers, tackling the toughest issues head-on and pushing the limits of what’s possible. 

Who we are

At Sonar we believe in people, dedication, and innovation. We’re a team of problem solvers who are passionate and relentless in their respective missions. We want to work with people who are ready and willing to fasten their seat belts and be part of an incredible ride! 

Our Core Values are: Smarter Together, Excellence, Innovation, and Delivery. They reflect our unique culture and we expect them to help shape and positively strengthen our organization. 

If you want to learn more about our culture, check out our blog post.

Join us; we’ll be smarter and stronger together!

Sonar is an equal opportunity employer and is committed to treating every employee with equal respect and fairness. We maintain a zero-tolerance policy toward any form of discrimination. All candidates will receive equal consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship, age, veteran status, disability, or any other legally protected status.