AppSec Jobs
← Back to all jobs

Sonar

Security Engineer

Bochum, North Rhine-Westphalia, GermanyWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Sonar

Sonar is a software development platform that assists developers in delivering high-quality and secure code. It analyzes code from internal teams, AI-generated sources, and third-party open source libraries. The platform offers tools for static code analysis, code quality assurance, and security measures, all integrated into CI/CD workflows. Founded in 2008 by three software engineers in France, Sonar is headquartered in Vernier, Switzerland. The company employs between 501 and 1,000 people and has gained the trust of over 400,000 organizations and 7 million developers worldwide. Its offerings support more than 30 programming languages, frameworks, and infrastructure technologies, helping developers reduce technical debt and improve their overall experience.

Industry

information technology & services

Employees

920

271 engineers

Revenue

$98M

Website

Visit →

Security at Sonar

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Built by developers for developers – Solutions: Application security starts with code.
  • Seamlessly integrated into your developer workflow.
  • Security hotspots are instances of security-sensitive code that require human review.
  • Key goal: block merges on untriaged critical issues.
  • Philosophy is primarily communicated through product marketing and developer guides.

Security Team

Org Structure & Reporting Line: Information not publicly available. Key Public-Facing Leaders: Information not publicly available. Team Size Estimate (as_of:): LinkedIn Search Query Used: site:linkedin.com/in/ "Sonar"OR "SonarSource""Application Security" - Result: Information not publicly available. Active AppSec Job Postings (as_of:): Count: 1 (Information Security Specialist) - Common Skill/Tool Patterns: Emphasis on compliance (SOC 2, ISO 27001) and security operations. Gaps & Contradictions: Leadership names and explicit reporting lines are not listed on the current company website (Leadership page returned 404).

Key Initiatives

  • Security Champions Program: "Security champions can act as bridges between teams." Shift Left in Practice: "static application security testing that is triggered on every pull request." Vulnerability Management Process: Intake via security@sonarsource.com.
  • Triage/Remediation: "block merges on untriaged critical issues".
  • Secure SDLC Artifacts: "undergoes a penetration test of its network, Products and Support offerings on an annual basis." Recent Initiatives: "AI CodeFix to help developers fix issues quickly".
  • Note: "we don't have a bug bounty program currently.".

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.