Quick Summary
Identify and prioritize meaningful security risks across first-party code, services, infrastructure, build pipelines, and software supply chain components. Validate findings for exploitability,
8+ years of professional software engineering experience, including 2+ years in a Staff Engineer or equivalent technical leadership role. Proven experience identifying, validating,
At Sonatype, we empower developers with best-in-class tools to build secure, high-quality software at scale. Our mission is to create a world where software is always secure and developers can innovate without fear. Trusted by thousands of organizations, including Fortune 500 companies, we are pioneers in software supply chain management, open-source security, and DevSecOps.
As an AI Red Team Staff Software Engineer at Sonatype, you will help shape a high-impact security engineering capability at the intersection of frontier AI, offensive application security, and software supply chain defense. You will use advanced AI models, techniques, and security tooling to discover, validate, and help remediate meaningful risks across Sonatype’s products, codebases, infrastructure, and dependencies.
Your work will turn security findings into durable defensive improvements, including remediation guidance, engineering-ready fix proposals, reusable AI-SDLC patterns, secure coding guidance, and product-security insights that reduce exposure and raise the bar for secure engineering at Sonatype.
Responsibilities
~1 min read- →
Identify and prioritize meaningful security risks across first-party code, services, infrastructure, build pipelines, and software supply chain components.
- →
Validate findings for exploitability, severity, affected products, business impact, and remediation priority.
- →
Collaborate with Security Research and Product to translate novel findings, malicious component discoveries, and emerging attack patterns into research-ready outputs, product improvements, detection opportunities, and customer-facing intelligence.
- →
Work closely with Application Security and Engineering to move validated findings through remediation and reduce repeat vulnerability patterns.
- →
Champion modern AI-SDLC practices by translating recurring vulnerability classes, insecure coding patterns, and effective remediation approaches into reusable guidance, detection logic, secure coding standards, and remediation playbooks.
- →
Create clear remediation guidance, engineering-ready fix proposals, and pull requests where appropriate.
We’re seeking an experienced engineer who thrives in an agile, collaborative environment and enjoys tackling technical challenges.
Requirements
~2 min read-
8+ years of professional software engineering experience, including 2+ years in a Staff Engineer or equivalent technical leadership role.
-
Proven experience identifying, validating, and helping remediate vulnerabilities in production software, services, APIs, infrastructure, or software supply chain components.
-
Strong ability to read, understand, and reason about complex codebases, preferably including Java, Kotlin, or other JVM-based backend systems.
-
Hands-on experience with application security testing methods and tools, such as SAST, DAST, SCA, secret scanning, threat modeling, secure code review, or vulnerability validation.
-
Practical experience using AI-assisted engineering, security analysis, or automation techniques to improve software quality outcomes.
-
Ability to translate security findings into clear remediation guidance, engineering-ready recommendations, and practical risk-based priorities.
-
Bachelor’s degree in Computer Science, Engineering, or a related field—or equivalent practical experience.
-
Strong communication and collaboration skills, with experience working across Application Security, Engineering, Product, or Security Research teams.
-
Solid understanding of cloud-native architecture, CI/CD workflows, build pipelines, containers, and modern DevOps practices.
-
Passion for raising the security bar through technical leadership, mentoring, secure engineering practices, and continuous improvement.
-
Relevant certifications such as:
-
SANS Certifications: GSEC, GCIH, GCLD, GCID, GMON
-
(ISC)² Certifications: CISSP, CC, SSCP, CCSP, CAP, CSSL
-
Location & Eligibility
Listing Details
- Posted
- June 28, 2026
- First seen
- July 10, 2026
- Last seen
- July 10, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 36%
- Scored at
- July 10, 2026
Signal breakdown

The Sonatype journey started 10 years ago, just as the concept of “open source” software development was gaining steam.
View company profilePlease let Sonatype know you found this job on Jobera.
4 other jobs at Sonatype
View all →Explore open roles at Sonatype.
Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.