Full-Time
Software Development Engineer in Test
Sdet
Confirmed live in the last 24 hours
Synack
201-500 employees
Continuous penetration testing for cybersecurity
Compensation Overview
$85k - $110kAnnually
Mid
No H1B Sponsorship
Remote in USA
Candidates must be U.S. citizens.
US Citizenship Required
You match the following Synack's candidate preferences
Employers are more likely to interview you if you match these preferences:
- BS degree in Computer Science, or equivalent experience
- 3+ years in Software Engineering, at least 2 of which as SDET and 1 year in development in javascript/typescript
- Proficient in javascript and typescript
- Experience developing internal tools to improve developer experience and productivity
- Excellent debugging skills in diagnosing issues in a multi-tier web architecture
- Ability to adapt and work in a fast-paced agile environment
- Comfort with writing and reading code, and a basic understanding of data structures
- Hands on experience with automation framework design and development from scratch
- Experience with writing backend integration tests for RESTful APIs
- FE Test Automation expertise in TestCafe, Cypress, Playwright or similar tools (we use playwright)
- Experience with BDD tools like cucumber with the automation framework
- CI tooling experience with Github Actions or similar
- Understanding of source control and release management in the context of when/where/why/how to test (we use git)
- Understanding of virtualization and containerization technologies (we use Docker)
- Understanding of Lean and Agile methodologies
- Understanding of Cloud technologies, like AWS, GCP, Azure
- Experience analyzing Logs using splunk, GCP
- Candidates must be US citizens
- Debugs software products through the use of systematic tests to develop, apply and maintain quality standards for firm products.
- Develops, modifies and executes software test plans, automated scripts and programs for testing.
- Contribute to the existing automation tools to add enhancements and improve maintainability
- Maintains documentation of test results to assist in debugging and modification of software.
- Analyzes test results to ensure existing functionality and recommends corrective action.
- Consults with development engineers in resolution of problems.
- Provides feedback in preparation of technical appraisals of programming languages, systems and computation software.
- Ensures quality computer integration into the overall functions of scientific computation, data acquisition and processing.
- Experience with testing cloud based products/applications
- Knowledge and understanding of different kinds of VPNs
- Experience with load and performance testing
Synack offers a security testing platform that specializes in continuous penetration testing, which simulates cyber attacks to identify vulnerabilities in computer systems. Their service is carried out by the Synack Red Team, a global group of expert security researchers who assess various areas such as cloud services, APIs, web applications, host infrastructure, and mobile platforms. Unlike traditional penetration tests that are conducted once, Synack's approach allows for rapid deployment of testing services, enabling clients to launch assessments in days rather than weeks, thus providing ongoing risk reduction. Clients receive real-time, customizable reports that enhance visibility and control over the testing process, allowing security teams to respond effectively to vulnerabilities. Synack's goal is to help companies protect their digital assets by offering scalable and continuous security solutions that adapt to the evolving landscape of cyber threats.
Company Size
201-500
Company Stage
Series D
Total Funding
$104.3M
Headquarters
Redwood City, California
Founded
2013
Simplify's Take
What believers are saying
- Synack's integration with Google Cloud expands its customer base.
- Growing demand for AI/LLM pentesting aligns with Synack's service expansion.
- Partnership with Splunk enhances Synack's comprehensive security solutions.
What critics are saying
- Increased critical vulnerabilities in 2023 pose ongoing security challenges.
- Persistent injection flaws suggest continued threats for Synack's clients.
- Exploitable API vulnerabilities are a fast-growing risk for Synack.
What makes Synack unique
- Synack offers continuous pentesting, unlike traditional one-off tests.
- The Synack Red Team consists of elite global security researchers.
- Synack provides real-time, customizable reporting for complete visibility and control.
Help us improve and share your feedback! Did you find this helpful?
Benefits
Flexible vacation policy
Company bonding & team events
Covered health plan benefits
Growth & Insights and Company News
6 month growth
↑ 0%1 year growth
↑ 2%2 year growth
↓ -2%List for 2025 expands on evolving challenges as new sponsorship program enables OWASP Top 10 for LLMs and Generative AI Project to continue its vital work. WILMINGTON, Del., Nov. 19, 2024 /PRNewswire/ -- The OWASP Foundation today announced an update to the OWASP Top 10 for LLM Applications and Generative AI Project. Additionally, the OWASP Top 10 for LLM Apps and GenAI Project announced its sponsorship program that will allow organizations to support the project directly, enabling access to additional funding and resources so the organization can continue to invest in research, guidance and education, thus helping keep the industry adopt AI and generative AI applications more securely. The updated Top 10 List for LLMs provides a refreshed resource addressing the top 10 risks, vulnerabilities and mitigations for developing and securing generative AI and large language model (LLM) applications across the development, deployment, and management lifecycle. These applications can include static prompt augmented applications, agentic applications, LLM extensions, and complex applications
Runway's recognition highlights its unwavering support for entrepreneurs through minimally dilutive capital solutions. MENLO PARK, Calif., Oct. 29, 2024 /PRNewswire/ -- Runway Growth Capital LLC ("Runway"), a leading provider of growth loans to venture and non-venture-backed companies seeking an alternative to raising equity, is proud to announce its inclusion in Inc. Magazine's 2024 Founder-Friendly Investors list. This marks another significant achievement for the firm, reinforcing its reputation as a trusted financial partner dedicated to empowering entrepreneurs by offering capital solutions that allow founders to maintain ownership of their businesses. "It has been a complicated few years for growth companies and the companies that fund them," said Mike Hofman, editor-in-chief of Inc
Synack has unveiled additional capabilities of its Penetration Testing as a Service (PTaaS) platform that deliver a comprehensive security testing experience.
Der Bericht für 2024 enthält Aufschlüsselung nach Branchen sowie eine Analyse der SchwachstellenREDWOOD CITY, Kalifornien, 20. Juni 2024 /PRNewswire/ -- Synack, die führende Plattform für Sicherheitstests, hat heute ihren zweiten Jahresbericht „State of Vulnerabilities" veröffentlicht, der Hunderttausende Stunden von Penetrationstests und eine Analyse von über 14.000 ausnutzbaren Schwachstellen zusammenfasst, um einen klaren Überblick über Schweregrad, Umfang und Behebungstrends von Softwarefehlern in verschiedenen Branchen zu liefern.„Um intelligente Sicherheits- und Geschäftsentscheidungen treffen zu können, ist es wichtig, die Angriffsfläche zu verstehen und zu wissen, wie sich eine erfolgreiche Ausnutzung von Schwachstellen auf Ihr Unternehmen auswirken könnte", so Jay Kaplan, CEO und Mitbegründer von Synack. „Wir sind stolz darauf, die zweite Jahresausgabe des State of Vulnerabilities Report von Synack zu veröffentlichen, um Unternehmen in den Bereichen Gesundheitswesen, Finanzdienstleistungen, Bundesbehörden, Technologie und Fertigung dabei zu helfen, besser zu verstehen, mit welchen Schwachstellen sie konfrontiert sind und wie sie den Angreifern einen Schritt voraus sein können. Wir sehen viele Gründe, optimistisch zu sein, aber das bedeutet nicht, dass die Bedrohung abnimmt."Schwachstellen mit kritischem Schweregrad nehmen zu – Verbesserungen bei den BehebungszeitenDas Synack Red Team (SRT), eine Community der weltweit vertrauenswürdigsten und erfahrensten ethischen Hacker, hat herausgefunden, dass in allen Branchen der Anteil von Schwachstellen mit kritischem Schweregrad im Jahr 2023 höher liegt als im Jahr 2022, während der Anteil der Schwachstellen von hohem Schweregrad leicht zurückgeht. Trotz des zunehmenden Drucks auf die Sicherheitsteams konnten die Unternehmen die durchschnittliche Zeit bis zur Behebung von Schwachstellen mit kritischem Schweregrad um 24 Tage und von Schwachstellen mit hohem Schweregrad um 18 Tage auf 56 bzw. 74 Tage verkürzen.Der Bericht stellt jedoch fest, dass dieselben Kategorien von Schwachstellen Jahr für Jahr fortbestehen
Le rapport 2024 comprend une analyse détaillée des vulnérabilités par secteur d'activité.REDWOOD CITY, Californie, le 20 juin 2024 /PRNewswire/ -- Synack, la principale plateforme de tests de sécurité, a publié aujourd'hui son deuxième rapport annuel sur l'état des vulnérabilités. Ce rapport combine des centaines de milliers d'heures de tests de pénétration et une analyse de plus de 14 000 vulnérabilités exploitables, offrant un aperçu direct de la gravité, du volume et des tendances de remédiation des failles logicielles dans différents secteurs.« Comprendre votre surface d'attaque et l'impact potentiel de l'exploitation des vulnérabilités sur votre organisation est crucial pour prendre des décisions éclairées en matière de sécurité et de gestion d'entreprise », a déclaré Jay Kaplan, PDG et co-fondateur de Synack. « Nous sommes fiers de publier le deuxième rapport annuel de Synack sur l'état des vulnérabilités pour aider les organisations des secteurs de la santé, des services financiers, du gouvernement fédéral, de la technologie et de la fabrication à comprendre les vulnérabilités auxquelles elles sont confrontées et comment elles peuvent rester une longueur d'avance sur les attaquants. Nous voyons de nombreuses raisons d'être optimistes, mais cela ne signifie pas que la menace diminue. »Augmentation des vulnérabilités de gravité critique, mais amélioration des délais de remédiationL'équipe Red Team (SRT) de Synack, une communauté des hackers éthiques les plus dignes de confiance et les plus qualifiés au monde, a découvert que, tous secteurs confondus, les clients ont connu une part plus élevée de vulnérabilités de gravité critique en 2023 par rapport à 2022, et une légère réduction des vulnérabilités de haute gravité. Malgré les pressions croissantes sur les équipes de sécurité, les organisations ont réduit leur temps moyen de remédiation pour les vulnérabilités de gravité critique de 24 jours et pour les vulnérabilités de haute gravité de 18 jours, atteignant respectivement 56 et 74 jours.Cependant, le rapport a identifié les mêmes catégories de vulnérabilités persistantes d'année en année, indiquant des menaces accrues liées aux failles d'injection, mises en évidence dans une récente alerte « Secure by Design » de la Cybersecurity and Infrastructure Security Agency