Why This Job is Featured on The SaaS Jobs
Application security research sits at the center of modern SaaS delivery, where continuous releases and cloud-native architectures make vulnerability discovery and prevention an ongoing product concern rather than a one-off audit. This role is featured because it connects hands-on security investigation with direct influence on application security testing capabilities used across a broad customer base, spanning SAST, SCA, and DAST. The remit also touches AI security and emerging technologies, reflecting where SaaS security programs are increasingly investing.
For a long-term SaaS career, the standout value is the chance to translate research into product-grade detection logic and measurable improvements. Working across multiple languages and frameworks builds a durable mental model of how classes of vulnerabilities appear in real codebases, and how security tooling must reason about them at scale. The position also strengthens the ability to communicate findings to developers and stakeholders, a core skill for security roles embedded in SaaS product organizations.
This role tends to suit an experienced practitioner who prefers autonomy, deep technical problem solving, and iterative refinement over purely operational security work. It aligns with professionals who enjoy moving between code review, vulnerability analysis, and rule design, and who are motivated by raising technical standards through documentation, peer review, and mentorship.
The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.
Job Description
Security Researcher
- Product
- Braga, Portugal
- Experienced
- Full time
- ID: P2192
Description
Who are we?
Checkmarx is the AI-powered application security leader helping the world’s most security-conscious enterprises secure the software that powers modern life. For more than two decades, our unified platform and services have helped organizations protect human- and AI-generated code from the first line through runtime, reducing risk across applications, cloud, and the software supply chain without slowing innovation.
We’re trusted by 1,600+ customers in 70+ countries, including some of the largest enterprises and governments in the world. Guided by research-led innovation and a developer-first mindset, we help every developer, security team, and enterprise build software that is risk-free by design.
What are we looking for?
We are looking for an experienced Application Security Researcher to join our Security Research team. As an experienced researcher, you will own research across application security, AI security, and emerging technologies. Analyzing how vulnerabilities manifest across languages and frameworks, and translating that expertise into improvements to Checkmarx's AST products (SAST, SCA, DAST, and beyond).
You will work autonomously on complex problems, share your findings with the team, and help raise the technical bar of Security Research teams.
How will you make an impact?
- Research the security facets of multiple programming languages, frameworks, and technologies, with depth and autonomy.
- Perform secure code review and analyze the results produced by Checkmarx's AST solutions, identifying gaps and improvement opportunities.
- Analyze and reason about code containing a wide range of vulnerabilities across multiple languages and frameworks.
- Devise and propose improvements grounded in application security expertise to bring Checkmarx products to the next level (SAST, SCA, DAST, etc.).
- Help improve detection capabilities by designing, refining, and validating detection logic and rules that power our AST solutions.
- Support developers and relevant stakeholders on application security topics.
- Share knowledge across the team, documenting findings, reviewing peers' work, and mentoring less-experienced researchers.
Requirements
What is needed to succeed?
- Solid knowledge of Application Security with deep understanding of security concepts, vulnerabilities, mitigations, and coding practices.
- Professional security experience (Security research, web application penetration testing, secure development, secure code review, or similar fields).
- Familiarity with both interpreted and compiled languages.
- Familiarity with software development and associated methodologies.
- Ability to learn new programming languages and technologies independently.
- Excellent organizational, interpersonal, and communication skills with the ability to drive collaboration and innovation.
- Ability to handle multiple requests and work in a fast-paced environment.
- Proficient in English – both writing and oral presentation skills.
What we have to offer
Checkmarx offers a great work environment, professional development, challenging careers, competitive compensation, great work-life balance, as well as great benefits and perks throughout the year.
Checkmarx is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, gender, sexual orientation, gender identity or expression, age, disability, or other characteristics protected by law.