Static Analysis Scientist

SonarSource SA


Static Analysis Scientist

Sonar’s industry-leading solution enables developers and development teams to write clean code and remediate existing code organically, so they can focus on the work they love and maximize the value they generate for businesses. Its open source and commercial solutions – SonarLint, SonarCloud, and SonarQube – support 30 programming languages. Trusted by more than 400,000 organizations globally, Sonar is considered integral to delivering better software.

The impact you can have

With your domain expertise and experience you will shape an innovative Security R&D team at SonarSource. You will explore state-of-the-art approaches and new ideas that help to push our code analysis technology beyond the limits. By implementing and testing visionary prototypes, you are preparing the next generation of our cutting-edge code analyzers that are used by millions of developers around the globe.

As a Security Scientist, you will

  • Have fun in a creative team that shares your passion and interest for security automation
  • Identify, measure and discuss limitations and drawbacks of our current static analysis implementations
  • Stay up-to-date with the latest academic research and industry trends related to automated detection of code vulnerabilities
  • Experiment with existing or new analysis algorithms and prototypes to evaluate their potential of solving real problems and satisfying additional customer needs
  • Innovate by inventing new, creative static analysis techniques that will advance our technology and the industry’s state-of-the-art 
  • Develop proof of concept implementations that are feasible in practice and applicable to our products

The skills you will demonstrate

  • You received a doctorate or master’s degree in computer science or a related field where you studied theoretical aspects of programming languages 
  • You have hands-on experience with formal methods used for static program analysis (e.g., data flow analysis, taint analysis, symbolic execution, abstract interpretation, etc.) 
  • You have a solid understanding of the concept behind common  vulnerabilities in applications’ code
  • You have solid programming skills for prototype implementation, preferably in Java
  • You are creative and passionate about automating the detection of security vulnerabilities
  • You can think outside the box and turn abstract, theoretical ideas into practical, feasible solutions for our product users
  • You are fluent in English, both written and spoken, and are able to understand and explain complex technical and scientific topics

Words from the team

The Security R&D team is a new team at SonarSource established after the acquisition of RIPS Technologies. RIPS was known as a technology leader in static application security testing and for its fast and accurate SAST approach. With joint forces and tech expertise at SonarSource, we continue to provide the leading security products for developers.
Join us in this fun adventure and take a unique opportunity to help build the best code analysis products in the world!

Office location

This role is to be based in our office in Bochum, Germany. It can also be done in our office in Geneva, Switzerland or Annecy, France.

Why you will love it here

  • Safe work culture - we value respect, kindness, and the right to fail.
  • Flexible hours - we schedule our days in order to be effective at work, while also being able to enjoy life’s important moments.
  • Great people - we value people skills as much as technical skills and strive to keep things friendly and laid back. Still, that does not prevent us to be passionate leaders in our domains. Our 300+ SonarSourcers from 33 different nationalities can relate!
  • Work-life balance - keeping a healthy work-life balance is important. This is why we have a hybrid work policy and some people prefer working some days from home.
  • Always keep learning - in an ever-changing industry, learning new skills is a must, and we're happy to help our team to acquire them.

What we do

Sonar was started by a team of developers that wanted to change the way code is built in an agile development process. The company was created to develop the open-source tool SonarQube, which is now the standard in code quality management with over 350,000 instances deployed today. Every day we are focused on solving developers’ next big problem.

Who we are

At Sonar we believe in people, excellence, and delivery. We’re a team of problem solvers and overachievers who seek out others who are also passionate and relentless in their respective missions. We want to work with people who are ready to fasten their seat belts and be part of an incredible ride. We work hard not because we’re told to, but because we genuinely love what we do and do what we love. If there’s one main message we want you to remember about us, it’s that we push others to be best in class at whatever they do: choose your battle, innovate, take risks, and lead change. Join us; we’ll be smarter and stronger together.
If this sounds like you, apply now!


  • SonarSource SA

No recruitment agencies please