: Senior Information Security Analyst
501 Boylston St.
Boston, MA 02116


Were looking for an independent minded, detail oriented Senior Security Engineer with a broad base of experience working in Cloud and DevOps oriented environments to join our Information Security & Risk team.  The challenge is twofold - We want to massively enrich the value and efficiency of our internal vulnerability management systems, whilst also hitting that same bar for our understanding of third party risk

Snyk builds industry-leading DevSecOps and open source security tools.  The Information Security & Risk team has been newly created to centralise all corporate cyber and information security and risk management responsibilities within a single strategic function.  We aim to move the risk needle for the company and create a reputation in the community for building (and open sourcing) best-in-breed, data-driven frameworks and capabilities.  We are a new team within a high-growth, security focussed business so there is exceptional room for advancement in this role.

You understand the importance of real, data driven, automated vulnerability and risk management in a modern, Cloudy, SaaS-heavy organisation. Youll use that knowledge to have a material (and visible) impact on our security posture both on internal and production systems and on our consumption of third party services, whilst also making a meaningful impact on the safety and efficiency of our product teams.  Youll execute on your responsibilities both for project delivery and for operational management that fundamentally upgrade Snyks capabilities.

Youll spend your time:

  • operating as an owner for vulnerability management across our production infrastructure, internal services and SaaS ecosystem.
  • building systems that move us away from nudge-as-a-service in support our extreme devops focus (help responsible full-stack engineering teams be responsible)
  • contributing significantly to meaningful, data driven third party risk analysis and mapping this risk into wider business risk frameworks (we have a LOT of vendors)
  • dovetailing our internal and third party vulnerability and risk management systems until we have a single, consistently high quality view across our business operations
  • acting as our North American timezone incident manager for major security incidents (training available)
  • mentoring and helping shape our teams focus, culture and working practices as we grow
  • weve lots of work on. If youve a passion and time, further project delivery based on your interests and our priorities

You should apply if you:

  • have an excellent base of technical cybersecurity and risk management experience
  • are comfortable with engineering your way out of problems and hold scalability and process effectiveness in high regard
  • are familiar with a range of SaaS services and their associated risks and best practices
  • understand and fundamentally believe in the importance of using security to increase the value of the business
  • enjoy the speed of a fast-paced, extreme devops, highly engaged startup-to-scaleout environment

Wed especially love to hear from you if you:

  • have experience as an incident manager, or are interested in adopting this as a new skill (training available)
  • have previously worked with quantitative risk management techniques (or are willing to read Hubbard and Seiersens How to Measure Anything in Cybersecurity Risk)


Please apply below! We care deeply about the warm, inclusive environment weve created and we value diversity - we welcome applications from those typically underrepresented in tech. If you like the sound of this role, but are not totally sure whether youre the right person, do apply anyway :)

About Snyk

Snyks mission is to help developers use open source code and stay secure. 

The use of open source is booming, but security is a key concern. Snyks unique product enables developers and enterprise security teams to continuously find & fix vulnerable dependencies without slowing down, offering seamless integration into Dev, DevOps and DevSecOps workflows. We care deeply about the quality and usefulness of the tools we develop, always focusing on our customers and users. 

We are distributed across four offices in London, Tel Aviv, Boston and Ottawa, with our engineering teams based mostly in London and Tel Aviv, and 10% of the company working fully-remote. Weve made an organizational commitment to building a strong, effective, distributed company: we have teams across multiple offices, and we invest in communication so that we can benefit from each others perspectives. Not to mention that we have an always-on webcam so we can see whats happening in each office, we make heavy use of video calls, Slack, and some inter-office travel.

At Snyk, we are experiencing rapid growth and we want you to join us! By the end of Q4 2019 alone, Snyk had already over 110,000 registered users, including multiple enterprise customers (such as Google, Salesforce, Mastercard, BBC, and others). We also raised an additional $150 million, announced January 21, 2020. With this investment, we have partnered with Stripe, along with Coatue, Tiger Global, BoldStart, Trend Forward, Amity and Salesforce Ventures, to build on our 2019 momentum and continue to fuel our developer-first approach to security. 

We believe open source software is a force for good, and were building Snyk to make it easier for developers who arent security experts to stay secure.