Job Description

Who are we?

Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it’s not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders.

We are honored to serve more than 1,800 customers, which includes 40 percent of all Fortune 100 companies including Siemens, Airbus, SalesForce, Stellantis, Adidas, Wal-Mart and Sanofi.

What you’ll do

• Perform in-depth analysis of open-source packages to identify malicious behavior
• Analyze source code across multiple programming languages
• Investigate obfuscation, suspicious execution flows, and hidden payloads
• Evaluate and validate detections from security tools
• Develop scripts and internal tools (primarily in Python) to support analysis
• Collaborate with the SCS research team and other security teams in the group

Requirements

What we’re looking for

• 2–3 years of professional experience in malicious code analysis or security research
• Strong understanding of malicious code patterns and supply-chain attack techniques
• Experience using Python for analysis or automation
• Familiarity with both interpreted and compiled languages
• Ability to independently learn new technologies
• High attention to detail
• Fluent English

Advantage:

• Reverse engineering

What we have to offer

None