Sonarsource1mo ago

Information Security Specialist

AustinEmployee / Full-Timemid

SecurityInformation Security Specialist

0 views0 saves0 applied

Apply Now

Quick Summary

Requirements Summary

Familiarity with the OSI Model, TCP/IP, and how data flows through firewalls and proxies in a hybrid work environment.

Technical Tools

SecurityInformation Security Specialist

Sonar is driving the future of agent-centric software development. As the leader in AI code review and verification, we solve a critical problem: ensuring that software generated by AI-assisted developers or autonomous agents is reliable, secure, and maintainable.

Integrating seamlessly with Claude Code, Codex, Cursor, GitHub Copilot, Gemini, and Devin, we help over 75% of the Fortune 100 build trusted, reliable, compliant software. Customers who use Sonar are 44% less likely to report an outage due to AI-generated code.

We believe code verification is the critical missing link in the Agent-Centric Development Cycle (AC/DC). Industry giants like Nvidia, ServiceNow, Booking.com, Goldman Sachs, AstraZeneca, and Ford Motor Company.count on us to provide independent, explainable, consistent review and governance of their AI-generated code via products like:

SonarQube: The world’s leading AI code review and verification platform.
SonarQube Foundation Agent: Currently topping the leaderboards for agentic software repair.
SonarSweep & Sonar Context Augmentation: Providing the enterprise-grade context and constraints agents need to be truly effective.

Our team operates across global hubs in Austin, Bochum, Dubai, Geneva, London, Singapore, Tokyo, and Washington D.C. We move with a mindset we call CODE:

Committed to our customers and community.
Obsessed with quality.
Deliberate in our decisions.
Effective as one team.

With over $400M in revenue and profitable, fast-paced growth, we are building the backbone of the AI software revolution. If you’re hungry to have an impact, want to build at a fast pace, and ready to work at the forefront of AI, we want to hear from you.

Position description

The primary goal of the Information Security team is to build trust with our rapidly growing customer base by ensuring the Sonar organization meets a high level of security to protect our customers. As a member of the Information Security team, you will be based in Sonar’s Austin office providing security support to engineering, senior management and, when needed, the incident management team. Your positive contributions will significantly impact the growth of the business through Sonar’s “collective intelligence” mindset.

Security Intake Management: Monitor the security queues and dashboards to categorize incoming security requests by severity, and escalate high-priority threats to senior staff.

Remediation Follow-up: Reach out to Engineering, Business and Technology teams to manage security findings and update/verify as needed.

Security Monitoring: Support monitoring and assignment of actions for security tooling.

User Access Reviews: Conduct "least privilege" reviews by comparing current user permissions against HR records to ensure access remains aligned with the employee's role.

Security Documentation: Draft or update simple "Standard Operating Procedures" (SOPs) for common security tasks to ensure the team’s knowledge base remains current as the tech stack evolves.

Process Automation: Learn and leverage AI tools to automate repetitive tasks, streamline reporting, and produce security metrics.

Campaign Management: Launch and manage campaigns to employees such as specialized training, phishing, standards updates, etc.

Customer Obsession: While security is what we do, our customers and internal users are key to our success. We strive for solutions that enable speed without sacrificing security.

Infrastructure Fundamentals: A clear understanding of basic security principles and how security fits into organizations

Incident Triage: Ability to differentiate between true security threats and common "noise" (false positives) within a monitoring queue.

Vulnerability Lifecycle Management: Basic knowledge of how a vulnerability moves from discovery (e.g., a pentest finding) to remediation and final verification.

Logical Troubleshooting: A systematic approach to investigating "how" and "why" events occur.

Technical Communication: The ability to explain security requirements to non-security peers in a professional and collaborative manner.

Foundational Networking: Familiarity with the OSI Model, TCP/IP, and how data flows through firewalls and proxies in a hybrid work environment.

Administrative Diligence: Strong organizational skills for tracking multiple long-term remediation projects without letting smaller alerts slip through the cracks.

This role is based in Austin, TX. We are unable to consider candidates unwilling to be in Austin, but we are willing to relocate the right candidate.

Flexible comprehensive employee benefit package.

We encourage usage of our robust time-off allocations. You will receive 23 days of PTO per calendar year (on a pro-rated basis depending on your employment start date), with additional time provided for sickness, life events and holidays

.We offer an exciting 401(k) plan that has a 4% match, fully vested on day one of participation.

Fully paid parking in the heart of downtown Austin, Texas.

Global workforce with employees in 20+ countries representing 35+ unique nationalities.

We have an annual kick-off somewhere in the world where we meet to build relationships and goals for the company.

Monthly catered events, and team events

At Sonar, we believe that our diversity is our strength. We are a global company that values and respects different backgrounds, perspectives, and cultures. We are committed to fostering a diverse and inclusive work environment where everyone feels valued and empowered to contribute their best. We are proud to be an equal opportunity employer and welcome all qualified applicants, regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

If you need any accommodation, please reach out to us at hiring@sonarsource.com.

All offers of employment at Sonar are contingent upon the results of a comprehensive background check and reference verification conducted before the start date.

We do not currently support visa candidates in the US.

Applications that are submitted through agencies or third party recruiters will not be considered.