Information Security Specialist

Who is Sonar? Sonar is driving the future of agent-centric software development. As the leader in AI code review and verification, we solve a critical problem: ensuring that software generated by AI-assisted developers or autonomous agents is reliable, secure, and maintainable. Integrating seamlessly with Claude Code, Codex, Cursor, GitHub Copilot, Gemini, and Devin, we help over 75% of the Fortune 100 build trusted, reliable, compliant software. Customers who use Sonar are 44% less likely to report an outage due to AI-generated code. We believe code verification is the critical missing link in the Agent-Centric Development Cycle (AC/DC). Industry giants like Nvidia, ServiceNow,Booking.com, Goldman Sachs, AstraZeneca, and Ford Motor Company.count on us to provide independent, explainable, consistent review and governance of their AI-generated code via products like: SonarQube: The world’s leading AI code review and verification platform. SonarQube Foundation Agent: Currently topping the leaderboards for agentic software repair. SonarSweep & Sonar Context Augmentation: Providing the enterprise-grade context and constraints agents need to be truly effective. Our team operates across global hubs in Austin, Bochum, Dubai, Geneva, London, Singapore, Tokyo, and Washington D.C. We move with a mindset we call CODE: Committed to our customers and community. Obsessed with quality. Deliberate in our decisions. Effective as one team. With over $400M in revenue and profitable, fast-paced growth, we are building the backbone of the AI software revolution. If you’re hungry to have an impact, want to build at a fast pace, and ready to work at the forefront of AI, we want to hear from you. Position description The primary goal of the Information Security team is to build trust with our rapidly growing customer base by ensuring the Sonar organization meets a high level of security to protect our customers. As a member of the Information Security team, you will be based in Sonar’s Austin office providing security support to engineering, senior management and, when needed, the incident management team. Your positive contributions will significantly impact the growth of the business through Sonar’s “collective intelligence” mindset. • Security Intake Management: Monitor the security queues and dashboards to categorize incoming security requests by severity, and escalate high-priority threats to senior staff. • Remediation Follow-up: Reach out to Engineering, Business and Technology teams to manage security findings and update/verify as needed. • Security Monitoring: Support monitoring and assignment of actions for security tooling. • User Access Reviews: Conduct "least privilege" reviews by comparing current user permissions against HR records to ensure access remains aligned with the employee's role. • Security Documentation: Draft or update simple "Standard Operating Procedures" (SOPs) for common security tasks to ensure the team’s knowledge base remains current as the tech stack evolves. • Process Automation: Learn and leverage AI tools to automate repetitive tasks, streamline reporting, and produce security metrics. • Campaign Management: Launch and manage campaigns to employees such as specialized training, phishing, standards updates, etc. • Customer Obsession: While security is what we do, our customers and internal users are key to our success. We strive for solutions that enable speed without sacrificing security. • Infrastructure Fundamentals: A clear understanding of basic security principles and how security fits into organizations • Incident Triage: Ability to differentiate between true security threats and common "noise" (false positives) within a monitoring queue. • Vulnerability Lifecycle Management: Basic knowledge of how a vulnerability moves from discovery (e.g., a pentest finding) to remediation and final verification. • Logical Troubleshooting: A systematic approach to investigating "how" and "why" events occur. • Technical Communication: The ability to explain security requirements to non-security peers in a professional and collaborative manner. • Foundational Networking: Familiarity with the OSI Model, TCP/IP, and how data flows through firewalls and proxies in a hybrid work environment. • Administrative Diligence: Strong organizational skills for tracking multiple long-term remediation projects without letting smaller alerts slip through the cracks. This role is based in Austin, TX . We are unable to consider candidates unwilling to be in Austin , but we are willing to relocate the right candidate. • Flexible comprehensive employee benefit package. • We encourage usage of our robust time-off allocations. You will receive 23 days of PTO per calendar year (on a pro-rated basis depending on your employment start date), with additional time provided for sickness, life events and holidays • .We offer an exciting 401(k) plan that has a 4% match, fully vested on day one of participation. • Fully paid parking…