← Back to Jobs
SonarSource logo

Senior Security Engineer

SonarSource
3.7(3)
👥201-500
Software Engineering
Austin, TX
5 months ago
🤖 AI-First🛠️ Cursor-friendly🌍 Remote💻 Open Source
Apply →

Explicitly mentions vibe-coding and expects scripting (Python, Bash), so you’ll be doing hands-on rapid coding and automation related to security.

About the Role

Senior Security Engineer based in Sonar’s Austin office responsible for driving product and cloud security across Sonar products and platforms. The role combines secure-by-design collaboration with engineering, offensive security (pen testing, red teaming, bug bounties), incident response, and automation of security testing and tooling.

Job Description

Role

Senior Security Engineer based in Sonar’s Austin office providing senior security expertise to engineering and senior management. The role ensures Sonar products and hosting cloud platforms meet high security standards, leads offensive security efforts, and supports incident response and customer security concerns.

Key Responsibilities

  • Collaborate with product and platform engineering teams to design and implement secure solutions and integrate security requirements into architectures and cloud solutions.
  • Conduct internal and external security reviews, penetration testing, and red team exercises; procure, design, and implement offensive security tooling and automation.
  • Manage external penetration testing services, certifications, and bug bounty engagements.
  • Investigate and resolve security issues in products and internal systems; manage and respond to customer security concerns.
  • Act as a security subject-matter expert during security incidents and contribute to threat management and analysis of threat intelligence.
  • Develop and implement security solutions and initiatives aligned with the strategic security plan.

Requirements

  • In-depth experience with cloud architectures, primarily AWS.
  • Strong experience in application security assessments, including code assessments and authentication/authorization (authN/authZ).
  • Extensive experience with penetration testing, red team engagements, and bug bounty programs.
  • Experience assessing and securing AI features, including agentic AI.
  • Experience with vulnerability investigation and management.
  • Experience with threat modeling (e.g., STRIDE).
  • Experience with cloud network and firewall policy management.
  • Some coding and scripting experience, including vibe-coding, Python, and Bash.
  • Familiarity with Azure, GCP, and Google Workspace is a plus.

Location & Work Arrangement

  • Based in Austin, Texas office; typical flexible policy: 3 days in-office, 2 days remote for locations near offices. Some regions operate fully remotely.
  • Sonar does not currently support visa candidates in the US.

Benefits Summary

  • Flexible comprehensive employee benefits package.
  • 23 days of PTO per calendar year (pro-rated) plus additional time for sickness, life events, and holidays.
  • 401(k) plan with a 4% match, fully vested on day one of participation.
  • Generous discretionary Company Growth Bonus paid annually.
  • Fully paid parking in downtown Austin.
  • Monthly catered events, team events, and an annual global company kick-off.
  • Support for learning and professional growth.

Tech Stack

AWSAzureGCPGoogle WorkspacePythonBashSTRIDEAgentic AI

Skills

Cloud Security ArchitectureApplication SecurityOffensive SecurityPenetration TestingRed TeamingThreat ModelingVulnerability ManagementIncident ResponseSecurity Tooling & AutomationCollaborationCommunication

Experience Level

Senior

Employment Type

Full-time

Benefits

  • Flexible comprehensive benefit package
  • 23 days PTO per year (pro-rated)
  • Additional time for sickness, life events, and holidays
  • 401(k) with 4% match, fully vested on day one
  • Generous annual Company Growth Bonus
  • Fully paid parking in downtown Austin
  • Monthly catered events
  • Team events
  • Annual global company kick-off
  • Learning and professional growth support
  • Flexible work policy (3 days in-office / 2 days remote for nearby locations)