Full-Time

Senior Security Engineer

Posted on 8/2/2024

Sonar

Sonar

501-1,000 employees

Tools for code quality and security

Enterprise Software
Cybersecurity

Senior

Austin, TX, USA

Position requires onsite presence in Austin.

Category
Cybersecurity
IT & Security
Required Skills
Microsoft Azure
AWS
Google Cloud Platform
Requirements
  • Proven experience with AWS architectures, services, and security including IAM Access Analyzer.
  • Experience with CI/CD platforms, DevSecOps tools, and processes.
  • Experience with cloud application security assessment methods
  • Code review experience
  • Knowledge of the latest threats and common vulnerabilities
  • Experience managing independent pen-testing
  • Knowledge of common web application vulnerabilities such as OWASP top 10 and SANS 25.
  • Experience working on triaging and investigating external vulnerability reports.
  • Experience with security solutions such as EDR, DLP, PAM, and IDP.
  • Azure and GCP platform experience is a plus.
  • Fluent in English, both written and spoken.
Responsibilities
  • Work with the engineering teams to ensure cloud platform and application solutions are secure by design.
  • Review the product cloud architectures and solutions to ensure the security requirements are delivered.
  • Run periodic internal security reviews on products, CI/CD pipelines, and cloud platforms.
  • Organize and manage pen-testing by external providers.
  • Provide support for security issues and requests from engineering.
  • Review and investigate vulnerability reports from customers and researchers.
  • Define requirements, test, and implement security tools and features.
  • Ensure the integrity of the security posture across rapid business and technology change.
  • Work with the SOC team to improve the efficiency of monitoring, alerting and the management of security incidents.

SonarSource provides tools aimed at improving code quality and security for software developers. Its main products include SonarLint, an IDE plugin that gives real-time feedback on code quality; SonarQube, a self-managed solution for comprehensive code analysis and reporting; and SonarCloud, a cloud-based service that offers similar features with the convenience of cloud management. The company operates on a subscription-based model, allowing clients to access its tools through annual subscriptions or usage-based pricing for cloud services. SonarSource stands out in the market with its strong emphasis on the "Clean Code" philosophy, which promotes writing code that is easy to understand and maintain. The goal of SonarSource is to help developers and organizations produce high-quality, secure, and reliable software.

Company Stage

Late Stage VC

Total Funding

$444.6M

Headquarters

Vernier, Switzerland

Founded

2008

Growth & Insights
Headcount

6 month growth

14%

1 year growth

23%

2 year growth

49%
Simplify Jobs

Simplify's Take

What believers are saying

  • Growing demand for real-time code quality tools boosts Sonar's market relevance.
  • Integration with CI/CD platforms like Jenkins increases Sonar's adoption.
  • Remote work trends enhance the appeal of SonarCloud's cloud-based offerings.

What critics are saying

  • Emerging AI-driven code quality tools pose competitive threats to Sonar.
  • Rapid evolution of programming languages may lead to compatibility issues.
  • Economic downturns could impact Sonar's subscription-based revenue model.

What makes Sonar unique

  • SonarSource supports over 20 programming languages, offering broad compatibility for developers.
  • SonarLint provides real-time feedback, enhancing code quality during the development process.
  • SonarCloud offers cloud-based solutions, ideal for remote and distributed teams.

Help us improve and share your feedback! Did you find this helpful?

INACTIVE