Why should I Apply:
At Sonar, we’re a group of brilliant, motivated, and driven professionals working hard to help organizations build responsible, secure, high-quality code quickly and systematically. We build solutions that don’t just solve symptoms of problems – we fix problems at the source – source code, to be specific.
We have a dynamic culture with employees worldwide and hub offices in the USA, Switzerland, the UK, Singapore, and Germany. We believe team members should have the opportunity to come to work every day, work on a product they are proud of, love what they do, and feel energized by their peers. With our roots deep in the open source community, we’re all about the mission: provide solutions that deliver Clean Code.
The impact you can have
We have a primary goal to ensure the security of our products and the security of our organization meet stringent standards to demonstrate to our rapidly growing customer base how seriously we take security. We have an exciting business agenda ahead and want to continue building customer trust by strengthening our security profile, ensuring a zero-trust architecture, and expanding our suite of independent certifications. Sonar has been ISO 27001 certified since 2022, and we are now pursuing SOC2 Type 2.To achieve this goal, we are seeking a talented security governance professional to join the Security Governance team. You will have extensive experience implementing security governance frameworks and managing audit processes. You will raise the bar for our security processes, procedures, and controls across our organization, ensuring they are designed and implemented to levels that will bring value to the organization and satisfy an independent audit. As part of a team-based organization, your contributions will impact the growth of our business via Sonar’s “collective intelligence” mindset.
On a daily basis, you will
- Formalize the security controls objectives, testing framework, and measurements.
- Perform the controls testing and identify improvement activities to ensure compliance with internal security policies and external regulations.
- Liaise with all departments to assess the compliance gaps, determine the remediation actions to close them, and track and report progress.
- Contribute to the implementation of the trust service principles required for SOC compliance and auditing of the systems and processes to obtain SOC2 reports.
- Contribute to the continuous improvement of the ISO 27001 Information Security Management System.
- Perform security risk assessments, perform in-depth analysis, design mitigating security controls, and document the gaps and actions.
- Design, generate, or source metrics, providing status reports on gaps, exceptions, and risks through key indices.
- Deliver information security awareness campaigns, training, and educational activities.
- Contribute to decision-making processes to be aligned with business security objectives and risk tolerance.
- Contribute to aligning information security with business goals.
- Basis the learnings from internal and external assessments, measuring information security against internal policies and procedures to raise the bar of the overall information security program.
- Contribute to the Business Continuity, Disaster Recovery, Vulnerability Management and Application Security processes.
The skills you will demonstrate
- You have at least 5 years of Security Governance, managing security risk, implementing and testing controls.
- You have experience implementing and maintaining compliance with ISO 27001 standards and/or the SOC trust principles.
- You have experience managing internal and external audits through careful preparation and post-audit activities.
- You have experience working with GRC tools or Trust Center equivalents.
- You have experience addressing Information Security issues in a broad range of IT disciplines, infrastructures, and technologies.
- You have experience with SaaS/Cloud technologies and on-premise software delivery.
- You have experience working on cross-team projects across a global organization.
- You have experience reporting and presenting operational activity and project progress.
- You are a friendly, enthusiastic, and organized team player. You actively share your knowledge and give and receive feedback to improve the team and yourself.
- You are fluent in English, both written and spoken.
Why you will love it here:
• Our culture and mission set us apart. We have a dynamic work culture that values respect and kindness – and embraces the right to fail (and get right back up again!). We believe that the best idea wins and everyone has a voice.
• We believe that great people make a great company. We value people skills as much as technical skills and strive to keep things friendly and laid-back while still being passionate leaders in our domains. Our 550+ SonarSourcers from 33 different nationalities can relate!
• We embrace work-life balance. It is important to maintain a healthy work-life balance. This is why we have a flexible work policy that includes remote and in-office hybrid work (minimum three days a week in the office - Monday/Tuesday/Thursday).
• We have a growth mindset. We love to learn and believe that continuous education is critical to our success. In an ever-changing industry, new skills are a must, and we're happy to help our team acquire them.
We prioritize Diversity, Equity, and Inclusion:
At Sonar, we are a global workforce and recognize the value of different backgrounds, and global cultures.
We are committed to creating a diverse work environment and are proud to be an equal-opportunity employer. All qualified applicants will be considered for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
All offers of employment at Sonar are contingent upon the clear results of a comprehensive background check conducted prior to the start date.
Please note that applications submitted through agencies or third-party recruiters will not be considered.
What We Do
Software-driven digital innovation is essential for competing in today's market, and the foundation of this innovation is code. However, there are widespread cracks in this foundation – lines of bad, insecure, and poorly written code – that manifests into tech debt, security incidents, and availability issues. With Sonar, developers and organizations are empowered to create quality, secure code confidently, whether written by humans or generated with AI.
The Sonar solution, SonarQube, helps prevent code quality and security issues from reaching production, amplifies developers' productivity in concert with AI assistants, and improves the developer experience with streamlined workflows. Sonar analyzes all code, regardless of who writes it—your internal team or genAI—resulting in more secure, reliable, and maintainable software.
At Sonar, we are driven by a deep belief in our people, a commitment to excellence, and an unwavering dedication to delivery. We operate as a united group where our collective success is the sum of each individual's contributions. Our company culture is driven by the values of CODE: Committed, Obsessed, Deliberate & Effective. This mindset reflects our culture of creativity, collaboration, and pride in the work we do.
Rooted in the open-source community, Sonar’s solutions support over 30 programming languages, frameworks, and infrastructure technologies. Today, Sonar is used by 7M+ developers and 400K organizations worldwide, including the DoD, Microsoft, NASA, MasterCard, Siemens, and T-Mobile.
Sonar is headquartered in Geneva, Switzerland with additional offices in Austin, Texas; Annecy, France; Bochum, Germany, London, England; and Singapore. The company is rapidly growing with over 600 employees!
Join us in our mission to solve the trillion-dollar challenge of bad code!
Why Work With Us
We are a product-first company, all while maintaining a people-first culture. Every employee has the opportunity to grow and learn. We promote from within, provide regular feedback and professional development opportunities, value the right to fail along with respect and kindness and work with team members to achieve their full potential.
Gallery
Sonar Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
At Sonar, we require employees to come into the office 3 days/week.