Sonar is driving the future of agent-centric software development. As the leader in AI code verification and governance, we solve a critical problem: ensuring that software generated by AI-assisted developers or autonomous agents is reliable, secure, and maintainable.
Integrating seamlessly with Claude Code, Codex, Cursor, GitHub Copilot, Gemini, and Devin, we help over 75% of the Fortune 100 build trusted, reliable, compliant software. Customers who use Sonar are 44% less likely to report an outage due to AI-generated code.
We believe code verification is the critical missing link in the Agent-Centric Development Cycle (AC/DC). Industry giants like Nvidia, ServiceNow, Booking.com, Goldman Sachs, AstraZeneca, and Ford Motor Company count on us to provide independent, explainable, consistent review and governance of their AI-generated code via products like:
- SonarQube: The world’s leading AI code review and verification platform.
- SonarQube Foundation Agent: Currently topping the leaderboards for agentic software repair.
- SonarSweep & Sonar Context Augmentation: Providing the enterprise-grade context and constraints agents need to be truly effective.
Our team operates across global hubs in Austin, Bochum, Dubai, Geneva, London, Singapore, Tokyo, and Washington D.C. We move with a mindset we call CODE:
- Committed to our customers and community.
- Obsessed with quality.
- Deliberate in our decisions.
- Effective as one team.
With over $400M in revenue and profitable, fast-paced growth, we are building the backbone of the AI software revolution. If you’re hungry to have an impact, want to build at a fast pace, and ready to work at the forefront of AI, we want to hear from you.
What you will do
- System Health Monitoring, Alert Triaging, and Error Budget Management: Dedicate time to monitoring critical security infrastructure (e.g., identity platforms, firewalls, compliance systems) and core infrastructure components. Focus on using and maintaining dashboards tied to Service Level Objectives (SLOs), triaging high-severity alerts, and analyzing the current Error Budget burn rate to guide prioritization for the rest of the day.
- Infrastructure as Code (IaC) and Policy as Code Development: Spend the largest portion of time writing, reviewing, and testing code (e.g., Python, Go, Terraform, or proprietary tools) to automate the deployment, configuration, and security hardening of infrastructure. This involves treating infrastructure and security policies as software to ensure consistency and prevent configuration drift.
- Toil Elimination and Automation of Operational Tasks: Identify, scope, and implement automated solutions for manual, repetitive, and time-consuming tasks (toil) related to security patching, compliance checks, certificate rotations, or infrastructure maintenance. The goal is to continuously reduce the operational workload for the team.
- Security Pipeline and Observability Maintenance: Maintain and enhance the DevSecOps security tools integrated into the CI/CD pipelines (e.g., static analysis, vulnerability scanning, security configuration checks). Ensure the end-to-end logging, metrics, and tracing (observability) systems for both infrastructure and security tools are robust, accurate, and provide immediate diagnostic capability during incidents.
- Incident Response Engineering and Post-Mortem Action: Participate in the on-call rotation and actively engage in engineering solutions derived from post-mortems. This means turning incident root causes into preventative measures implemented via code, improving runbooks into automated actions, and reducing Mean Time To Resolution (MTTR) for future incidents.
Experience and qualifications
- Deep IaC Expertise: Professional experience provisioning and managing complex infrastructure using tools like Terraform or CloudFormation (AWS), or similar tools like Ansible or Puppet for configuration management.
- Cloud/Platform Experience: Hands-on experience with a major cloud provider (AWS, GCP, Azure) or managing large-scale internal/private cloud infrastructure.
- SLO/SLI Implementation: Practical experience defining, measuring, and reporting on Service Level Indicators (SLIs) and Service Level Objectives (SLOs) for critical services.
- Logging/Metrics/Tracing Stacks: Proven experience with modern observability platforms (e.g., Prometheus/Grafana, ELK/EFK stack, proprietary systems, or vendor solutions like Datadog/Splunk) for proactive issue identification.
- Networking: Strong understanding of core networking concepts (TCP/IP, DNS, Load Balancing, Firewalls, Proxies) sufficient to debug complex service connectivity and latency issues.
- Automation of Security Controls: Experience implementing security best practices via code, such as automated vulnerability scanning, configuration hardening, secret management (e.g., HashiCorp Vault), and key rotation.
- Identity and Access Management (IAM): Practical experience managing large-scale IAM systems (e.g., implementing least-privilege policies, single sign-on).
- Incident Management: Experience running or significantly contributing to post-incident reviews (post-mortems) and prioritizing resulting engineering work (error budget management).
We're intentional about this. We believe the best teams are built in the room together. Three anchor days — Mondays, Tuesdays, and Thursdays — create the collaboration rhythm that makes a hub office worth having.
Candidates need to be genuinely based in the location the role is posted — if that's not where you are today, we're happy to support relocation for the right person.
We value diversity, equity, and inclusion
At Sonar, we believe that our diversity is our strength. We are a global company that values and respects different backgrounds, perspectives, and cultures. We are committed to fostering a diverse and inclusive work environment where everyone feels valued and empowered to contribute their best. We are proud to be an equal opportunity employer and welcome all qualified applicants, regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
If you need any accommodation, please reach out to us at [email protected].
All offers of employment at Sonar are contingent upon the results of a comprehensive background check and reference verification conducted before the start date.
Applications that are submitted through agencies or third party recruiters will not be considered.
Skills Required
- Professional experience provisioning and managing infrastructure with Terraform, CloudFormation, Ansible, or Puppet.
- Hands-on experience with a major cloud provider (AWS, GCP, or Azure) or large-scale private cloud.
- Practical experience defining, measuring, and reporting SLIs and SLOs for critical services.
- Experience with observability and logging stacks such as Prometheus/Grafana, ELK/EFK, Datadog, or Splunk.
- Strong networking knowledge (TCP/IP, DNS, load balancing, firewalls, proxies) to debug connectivity and latency issues.
- Experience automating security controls: static analysis, vulnerability scanning, configuration hardening, secret management, key rotation (e.g., HashiCorp Vault).
- Practical experience managing large-scale Identity and Access Management systems and least-privilege policies.
- Experience running or contributing to incident post-mortems and prioritizing remediation work (error budget management).
- Participation in on-call rotations and incident response engineering to reduce MTTR.
- Expertise in change management, configuration management, and system support for production infrastructure.
Sonar Compensation & Benefits Highlights
-
Healthcare Strength — Health coverage is broad and company‑subsidized for employees, with life and disability fully covered and telemedicine included. Additional options like an EAP and HSA/FSA expand the package.
-
Leave & Time Off Breadth — PTO is generous with a substantial baseline and additional days based on seniority, alongside sick leave and holidays where outlined. Company‑wide time off is also included.
-
Parental & Family Support — Paid parental leave covers primary and secondary caregivers with a return‑to‑work program and onsite mother’s room. Company‑sponsored family events add further support for families.
Sonar Insights
What We Do
Sonar provides the essential verification layer for the AI-driven development era, ensuring all code—whether human-written or AI-generated—is code you can trust. Today, AI coding tools are generating explosive volumes of code. This has created an "engineering productivity paradox" : faster code writing doesn't automatically lead to faster, safer software delivery. The new bottleneck is verification. Sonar solves this. Integrating code quality and code security into a single platform (SonarQube), Sonar is the foundation for high performance software engineering, analyzing over 750 billion lines of code daily to ensure applications are secure, reliable, and maintainable. As an independent verification platform, Sonar enables organizations to securely develop at the speed of AI. We are driven by a deep belief in our people, a commitment to excellence, and an unwavering dedication to delivery. We operate as a united group where our collective success is the sum of each individual's contributions. Our company culture is driven by the values of CODE: Committed, Obsessed, Deliberate & Effective. This mindset reflects our culture of creativity, collaboration, and pride in the work we do. Rooted in the open source community, Sonar’s solutions support over 35 programming languages, frameworks, and infrastructure technologies. Today, Sonar is used by 7M+ developers worldwide, including ServiceNow, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company. Sonar is headquartered in Geneva, Switzerland with additional offices in Austin, Texas; Bochum, Germany; London, Singapore, and Tokyo. The company is rapidly growing with over 800 employees! Join us in our mission to solve the trillion-dollar challenge of bad code!
Why Work With Us
We are a product-first company, with a people-first culture. Every employee has the opportunity to grow and learn. We promote from within, provide regular feedback and professional development opportunities, value the right to fail along with respect and kindness and work with team members to achieve their full potential.
Gallery
Sonar Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
At Sonar, we require employees to come into the office 3 days/week.



.png)








.png)




