Senior Application Security Engineer
Job Summary
At Sonos we want to create the ultimate listening experience for our customers and know that it starts by listening to each other. As part of the Sonos team youll collaborate with people of all styles skill sets and backgrounds to realize our vision while fostering a community where everyone feels included and empowered to do the best work of their lives.
About Sonos
Sonos makes the worlds leading listening experiences and the products behind them span a technically diverse ecosystem: embedded firmware mobile applications web platforms cloud services and partners. If youre looking for an opportunity to apply security principles across technical domains and work on an outstanding consumer product this is a great opportunity.
The Product Security team combines modern security tooling automation and AI with industry-defining security frameworks and direct development team partnerships. We enable secure-by-design and secure-by-default practices that are a natural part of how engineers work. Were creating AI-powered workflows that encode security guidelines automate the groundwork for threat modeling and replace manual triage with intelligent pipelines. If you think security policy should run in a pipeline rather than live in a document youll fit right in.
What Youll Do
Youll own the execution layer of product security the systems tooling and processes that make security practice consistent and measurable across cloud mobile and embedded engineering domains.
Automate and scale security practice
Integrate and operationalize security tooling (SAST SCA secrets scanning DAST SBOM) across engineering workflows ensuring findings are high-signal and actionable
Partner with engineering teams to embed secure-by-design and secure-by-default practices directly into how they build
Build and extend AI-powered security tooling that encodes guidelines as automated workflows replacing manual review steps with intelligent pipelines that run in CI/CD
Test assess and design securely
Lead and scale threat modeling across cloud mobile and embedded domains including device-cloud-mobile trust boundaries
Establish repeatable security testing practices using automation and targeted manual assessment
Scope and coordinate third-party penetration testing engagements across cloud mobile web and connected devices including IoT and firmware assessments
Respond and comply
Support vulnerability intake triage coordinated disclosure and PSIRT readiness
What Youll Bring
4 years in software engineering application security or product security
Experience working directly with engineering teams in modern software development environments
Hands-on experience implementing and operationalizing security tooling: SAST SCA DAST secrets scanning or similar
Experience integrating security practices and tooling into CI/CD pipelines
Experience using AI tools to automate security practices and previously manual activities
Experience scoping or coordinating penetration testing engagements and working with the results; experience with IoT or embedded device assessments is a strong plus
Experience working with IoT products connected devices or embedded systems is preferred but not required
Your profile will be reviewed and youll hear from us once we have an update. At Sonos we take the time to hire right and appreciate your patience.
Required Experience:
Senior IC
About Company
Sonos is the ultimate wireless home sound system: a whole-house WiFi network that fills your home with brilliant sound, room by room.