SonarSource provides world-class solutions for continuous code quality and security. Our open-source and commercial products (SonarCloud, SonarQube, SonarLint) help developers and organizations of all sizes to manage the quality & security of their code, and ultimately deliver better software. SonarSource solutions support development in 25+ programming languages such as Java, C#, JavaScript, TypeScript, C/C++, COBOL and many more. With over 6,000 customers including eBay, Thales, BMW and used by more than 200,000 organizations globally, SonarSource products are the preferred and most trusted solutions on the market.
The Impact you can have
SonarSource has an objective to ensure the security of our products and the security of our organization meet stringent standards to demonstrate to our rapidly growing customer base how seriously we take security.
To achieve this goal, we are looking for a talented Security Specialist with strong AWS experience to join the team to raise the bar for our security processes, procedures and controls and to ensure that, across our cloud platform, our software delivery pipelines and our operational activities, they are designed, implemented and monitored to levels that will satisfy an independent audit.
On a daily basis, you will
be responsible for ensuring that the company's digital assets are protected both on the AWS platform and on-premise by preventing, detecting and managing cyber threats.
- Create best-in-class security observability across the AWS infrastructure
- Designing, implementing and monitoring robust security processes and controls
- Conducting security assessments through vulnerability testing and risk analysis
- Working with the product teams to implement controls and to resolve vulnerabilities
- Work with service management to own security incidents and analyzing any security incidents to identify root cause
- Maintaining the incident response, business continuity and disaster recovery plans
- Be part of the vendor management process to own security assessments and period reviews of third-party vendors
- Periodically reporting on risk and key indices
The skills you will demonstrate
- You have a solid experience in the implementation of AWS Managed Services through Infrastructure as Code, CDK and CloudFormation.
- You have a keen interest and understanding of the cyber security risks associated with various technologies and how to manage them through tactical and strategic controls.
- You have analytical and problem-solving skills to identify and assess risks, threats, patterns and trends.
- You have an excellent working knowledge of various security technologies such as network and application firewalls, intrusion detection and prevention, vulnerability scanning, composition analysis and anti-virus.
- You have a strong understanding of supply chain risks and vulnerabilities
- You have an excellent working knowledge of AWS Managed Services, including VPC, CloudWatch, CloudTrail, GuardDuty, Security Hub, CloudFormation, Config, IAM, WAF, Secrets Manager, Systems Manager, Lambdas, Fargate, EC2, Control Tower, OU’s and SCPs.
- You have solutions for AWS monitoring, log analysis and alerting tools
- You are comfortable working with Linux, Git, Python, Shell, PostgreSQL
- You have interest in deepening your experience in Security Operation domains, such as; Attack analysis, Forensic analysis, Threat intelligence.
- You either hold or are in process to obtain AWS Security Specialty certification
- You are interested to learn about Azure and Google Cloud security practices
- You are a friendly, enthusiastic and organized team player. You actively share your knowledge, give and receive feedback, to improve the team and yourself.
- You are fluent in English, both written and spoken.
Office location
SonarSource is a company with offices in Geneva (Switzerland), Annecy (France) and Bochum (Germany). The role can be based in any of these offices.
Why you will love it here
- Safe work culture:
We value respect, kindness, and the right to fail. - Flexible hours:
We schedule our days in order to be effective at work, while also being able to enjoy life’s important moments. - Great people:
We value people skills as much as technical skills and strive to keep things friendly and laid back. Still, that does not prevent us to be passionate leaders in our domains. Our 200+ SonarSourcers from 27 different nationalities can relate! - Work-life balance:
Keeping a healthy work-life balance is important. This is why some people prefer working some days from home. - Always keep learning:
In an ever-changing industry, learning new skills is a must, and we're happy to help our team to acquire them.
What we do
SonarSource was started by a team of developers that wanted to change the way code is built in an agile development process. The company was created to develop the open-source tool SonarQube, which is now the standard in code quality management with over 190,000 instances deployed today. Every day we are focused on solving developers’ next big problem.
Who we are
At SonarSource we believe in people, excellence, and delivery. We’re a team of problem solvers and overachievers who seek out others who are also passionate and relentless in their respective missions. We want to work with people who are ready to fasten their seat belts and be part of an incredible ride. We work hard not because we’re told to, but because we genuinely love what we do and do what we love. If there’s one main message we want you to remember about us, it’s that we push others to be best in class at whatever they do: choose your battle, innovate, take risks, and lead change. Join us; we’ll be smarter and stronger together.