Vulnerability Data Manager

Every day, the world gets more digital thanks to tens of millions of developers building the future faster than ever. But with exponential growth comes exponential risk, as outnumbered security teams struggle to secure mountains of code. This is where Snyk (pronounced “sneak”) comes in. Snyk is a developer security platform that makes it easy for development teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and cloud infrastructure — and do it all right from the start. Snyk is on a mission to make the world a more secure place by empowering developers to develop fast and stay secure.

Joining Snyk means embracing our core values: One Team, Care Deeply, Customer Centric, and Forward Thinking. As a member of our team, you’ll have the opportunity to thrive in a dynamic environment where fostering collaboration, leading with empathy, driving business impact, and inspiring trust are at the heart of everything we do.

Our Opportunity: 

We are looking for an experienced, analytical, and collaborative Open Source Vulnerability Data Manager to join our team and help us build the best DB of open source and container vulnerabilities out there.

In modern software development, much of any project's code relies on open source packages. These packages - often distributed in Linux containers - are visible for anyone and have vulnerabilities lurking in their code. As part of our Open Source group, you'll join us on our mission to continually improve our ability to find these open source and container vulnerabilities in a programmatic way. Every day new vulnerabilities and updates are published that require processing and triage in order to be added to the Snyk Vulnerability DB.

Your role will be to take charge of a team of security analysts who carry out this work. You’ll lead the effort of populating our DB, monitoring our workflows, and shaping our processes, to make sure we continue to have the most accurate, timely, innovative, and informative open source and container vulnerability DB in the market.

You’ll spend your time:

• Leading a dedicated team of security analysts that are responsible for the content and maintenance of our vulnerability DB.
• Establishing metrics and improvement targets for data quality, depth, and timeliness of delivery, then tracking and driving toward those targets.
• Setting high quality standards, ensuring the accuracy and consistency of our DB.
• Exploring new sources of security intelligence from open source repositories, Linux distributions, and AI-based services, for integration into our data.
• Supervising our industry-supporting participation as a verifier and facilitator of responsible vulnerability disclosures from 3rd parties and in-house researchers.
• Establishing the new abilities we need to develop to further our mission.
• Triaging and analyzing potential vulnerabilities discovered in open source dependencies.
• Using research to verify or disqualify potential vulnerabilities.
• Using data analysis techniques to answer research questions about vulnerabilities, and general threat intelligence trends.
• Directing machine learning models to find where vulnerabilities are most likely to exist using our unique database of verified vulnerabilities, information about how the open source community operates, and the static code itself.
• Collaborating closely with product managers to develop security intelligence data products to serve the needs of the Snyk platform.
• Working with users and Support staff to diagnose, prioritize, and address the needs of existing or prospective users.
• Guiding team members in developing specialized skills such as vulnerability analysis, exploit reproduction, data analysis, and responsible disclosure.

You should apply if:

• You have proven experience leading security operations or security R&D.
• You’ve led projects that depend on coordination between multiple teams.
• You're comfortable working with large datasets (we mainly use PostgreSQL, Snowflake, and Kafka).
• You have a passion for security and a solid background solving the problems that arise in the space.
• You have experience using statistical tools to help answer research questions.
• You love to automate your work by writing your own scripts (we use Python, JavaScript, and Go).
• You love learning new techniques and getting experience in new fields.

We’d especially love to hear from you if:

• You have worked with researchers before, ideally in the security space, or have conducted security research yourself.
• You have experience PoCing vulnerabilities and dealing with vulnerability disclosures.
• You have worked closely with data scientists in the past and have experience working with ML.

#LI-TF1

We care deeply about the warm, inclusive environment we’ve created and we value diversity – we welcome applications from those typically underrepresented in tech. If you like the sound of this role but are not totally sure whether you’re the right person, do apply anyway!

About Snyk

Snyk is committed to creating an inclusive and engaging environment where our employees can thrive as we rally behind our common mission to make the digital world a safer place. From Snyk employee resource groups, to global benefits that help our employees prioritize their health, wellness, financial security, and a work/life blend, we aim to support our employees along their entire journeys here at Snyk.