AppSec Jobs
← Back to all jobs

Snyk

Security Engineer

Romania - Bucharest OfficeWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Snyk

Snyk Limited is a developer-first cybersecurity company founded in 2015, with its headquarters in Boston and additional offices in Tel Aviv, London, Ottawa, and Zurich. The company focuses on integrating security into developer workflows through its Cloud Native Application Security Platform. Snyk employs around 1,400 people and achieved unicorn status in 2020, with significant revenue growth projected to exceed $300 million in 2025. Snyk offers a range of products designed to identify and fix vulnerabilities throughout the software development lifecycle. Key offerings include Snyk Open Source for managing open-source dependencies, Snyk Container for securing container images, Snyk Infrastructure as Code (IaC) for cloud infrastructure configurations, and Snyk Code for static application security testing. The company emphasizes developer-friendly tools and has formed partnerships with various developer tool providers to enhance security integration in workflows. Snyk serves over 700 paying customers, including notable users like Smartsheet.

Industry

computer & network security

Employees

1,400

433 engineers

Revenue

$278M

Website

Visit →

Security at Snyk

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

Stated AppSec Mission: "Snyk enables developers to build securely from the start while giving security teams complete visibility and comprehensive controls."– Snyk Solutions: Application Security (https://snyk.io/solutions/application-security/), Vendor Self-Published Developer Enablement vs. Gatekeeping: "developer-first security mission"– Snyk joins CISA's Secure by Design pledge (https://snyk.io/blog/snyk-joins-cisas-secure-by-design-pledge/), Blog "automatic fix PRs help devs find and fix vulnerabilities"– Snyk Solutions: Application Security (https://snyk.io/solutions/application-security/), Vendor Self-Published "avoid blocking development early on"– Snyk Team Implementation Guide (https://docs.snyk.io/implementation-and-setup/team-implementation-guide), Docs Risk Philosophy: "Risk-based prioritization"(phrase on product solution page) – Snyk Solutions: Application Security (https://snyk.io/solutions/application-security/), Vendor Self-Published Stated Pain Points or Goals (Verbatim): "Achieve prevention and drive developer adoption"– Snyk Team Implementation Guide (https://docs.snyk.io/implementation-and-setup/team-implementation-guide), Docs "Turn developers into security experts"– Snyk Solutions: Application Security (https://snyk.io/solutions/application-security/), Vendor Self-Published Gaps & Contradictions: - Information not publicly available: explicit, published internal AppSec charter document or an org-level AppSec mission statement beyond product/marketing language.

Security Team

Org Structure & Reporting Line: - Public sources describe recommended deployment models (embedded champions, team-driven adoption) but do not publish a formal internal org chart or explicit CISO/CTO reporting line for AppSec. Therefore: Information not publicly available. Key Public-Facing Leaders: Myke Lyons, CISO – "Myke Lyons joins as Snyk's CISO"– Snyk News (https://snyk.io/es/news/snyk-strengthens-leadership-team-with-deep-enterprise-expertise/) ⚠️ Key Quote for leader (representative): "My primary role is to ensure the security and integrity of our products"– Snyk Blog (Brian Campbell, on joining Secure by Design pledge) Team Size Estimate (as_of:): Information not publicly available: no explicit public headcount for Snyk AppSec team found. LinkedIn Search Query Used: Information not publicly available: exact LinkedIn query string and filtered results for AppSec headcount were not retrieved in public documents consulted. Active AppSec Job Postings (as_of:): Information not publicly available: no consolidated public count of current AppSec-specific job postings was found in the sources reviewed. Common Skill/Tool Patterns (from Snyk product/docs wording): "PR checks"/ "IDE plugins"/ "Snyk Learn"– (phrases from Snyk docs recommending IDE, PR checks, and training) – Team Implementation Guide (https://docs.snyk.io/implementation-and-setup/team-implementation-guide) (Evidence ID: E-002, E-003) Gaps & Contradictions: - No public disclosure of AppSec team headcount, nor a published internal org chart mapping AppSec reporting line.

Key Initiatives

Security Champions Program: Status: Evidence Found "A security champion is a developer that formally represents an engineering team."– Snyk Article: Security Champions Overview (https://snyk.io/articles/security-champions/) ⚠️ "the goals, pain points, and needs of the developer should be put first"– Snyk Article: Security Champions Overview (https://snyk.io/articles/security-champions/) ⚠️ "Shift Left"in Practice: "gradual rollout of your "shift left" security strategy"– Snyk Team Implementation Guide (https://docs.snyk.io/implementation-and-setup/team-implementation-guide) "developers may use IDE plugins"– Snyk Team Implementation Guide (https://docs.snyk.io/implementation-and-setup/team-implementation-guide) "Test Usage in CI/CD Pipeline report"(Snyk Analytics feature) – Snyk Blog: Snyk Analytics (https://snyk.io/blog/transform-your-appsec-program-with-the-power-of-snyk-analytics/) Vulnerability Management Process: Intake: "Snyk's robust security intelligence provides you with timely, accurate information on new vulnerabilities."– Snyk Blog: Secure by Design pledge (https://snyk.io/blog/snyk-joins-cisas-secure-by-design-pledge/) Triage / Remediation: "Snyk Agent Fix enables developers to remediate issues directly in pull requests"– Snyk Analytics Blog (https://snyk.io/blog/transform-your-appsec-program-with-the-power-of-snyk-analytics/) Secure SDLC Artifacts: "Achieve prevention and drive developer adoption"– Implementation guide (https://docs.snyk.io/implementation-and-setup/team-implementation-guide) "Providing an SBOM allows customers to manage their own software supply chain risk."– Snyk Blog on Secure by Design (https://snyk.io/blog/snyk-joins-cisas-secure-by-design-pledge/) Recent Initiatives (Last 6 Months): Evidence Found (within last 6 months from): - AI Trust platform & Snyk Analytics features (reports, dashboards, Fix PR Visibility) described – "Snyk Analytics offers a whole new set of features"– Snyk Blog (https://snyk.io/blog/transform-your-appsec-program-with-the-power-of-snyk-analytics/) - Participation in CISA Secure by Design pledge – "Snyk has enthusiastically joined CISA's Secure by Design pledge."– Snyk Blog (https://snyk.io/blog/snyk-joins-cisas-secure-by-design-pledge/) Gaps & Contradictions: - No public, detailed step-by-step internal triage SLAs (e.g., MTTR numbers or explicit SLA days) for AppSec findings were found in Snyk public documentation. - No explicit public statement of AppSec team reporting line or centralized vs. embedded model for Snyk's internal engineering org (beyond recommendations for customers).

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.