Security Tester

SonarSource SA


Security Tester

Sonar's industry-leading solution enables developers and development teams to write clean code and remediate existing code organically, so they can focus on the work they love and maximize the value they generate for businesses. Its open-source and commercial solutions – SonarLint, SonarCloud, and SonarQube – support 29 programming languages. Trusted by more than 300,000 organizations globally, Sonar is considered integral to delivering better software.

The Impact you can have

SonarSource has an objective to ensure the security of our products and the security of our organization meet stringent standards to demonstrate to our rapidly growing customer base how seriously we take security. To achieve this goal, we are looking for a talented Security Tester to join the team to continue to raise the bar for the security of our products, cloud platforms, software delivery pipelines, and operational activities.

On a daily basis, you will

  • Uncover, discuss, exploit and report critical and complex vulnerabilities in our products, infrastructure, cloud platforms, and internal tools
  • Perform specification reviews and code audits of both internal tools and our products
  • Provide input to internal processes and policies to help continuous environment hardening
  • Automate the detection of vulnerabilities to bring efficiency to our security testing
  • Stay up-to-date with cutting-edge security topics and new attack vectors
  • Communication of findings/innovations internally
  • Showcase attacks for colleagues so people understand the threat actor’s capabilities
  • Share your findings with colleagues to foster knowledge sharing and awareness
  • Manage third-party pen-testings of our products, including learning from them to understand the gaps in our armory

Required Technical Skills

  • You have a proven track record of code review to find critical security vulnerabilities in web applications.
  • You have strong knowledge of the AWS Cloud Services, working knowledge of other cloud platforms, and microservice architectures
  • You have solid programming skills in Java/JavaScript plus experience with IoC
  • You have a deep understanding of major security vulnerability types, how to spot these in source code, and how to exploit them with different techniques
  • You have a good understanding of the CVE Process
  • You understand authentication and authorization mechanisms, including single sign-on patterns
  • You have a broad knowledge and experience of the tools and software used for security testing

Required Soft Skills

  • Analytical and problem-solving skills to identify and assess risks, threats, patterns, and trends
  • Taking initiative and having the ability to lead a subject from beginning to end
  • Open-minded and very positive can-do attitude
  • Comfortable in dealing with change and complexity
  • Self-confident enough to challenge the status quo
  • Friendly, enthusiastic, and organized team player, actively share your knowledge and give and receive feedback, to improve the team and yourself  
  • Fluent in English, both written and spoken
Why you will love it here
  • Safe work culture - we value respect, kindness, and the right to fail.
  • Flexible hours - we schedule our days in order to be effective at work, while also being able to enjoy life’s important moments.
  • Great people - we value people skills as much as technical skills and strive to keep things friendly and laid back. Still, that does not prevent us to be passionate leaders in our domains. Our 300+ SonarSourcers from 33 different nationalities can relate!
  • Work-life balance - keeping a healthy work-life balance is important. This is why we have a hybrid work policy and some people prefer working some days from home.
  • Always keep learning - in an ever-changing industry, learning new skills is a must, and we're happy to help our team to acquire them.

What we do

Sonar was started by a team of developers that wanted to change the way code is built in an agile development process. The company was created to develop the open-source tool SonarQube, which is now the standard in code quality management with over 350,000 instances deployed today. Every day we are focused on solving developers’ next big problem.

Who we are

At Sonar we believe in people, excellence, and delivery. We’re a team of problem solvers and overachievers who seek out others who are also passionate and relentless in their respective missions. We want to work with people who are ready to fasten their seat belts and be part of an incredible ride. We work hard not because we’re told to, but because we genuinely love what we do and do what we love. If there’s one main message we want you to remember about us, it’s that we push others to be best in class at whatever they do: choose your battle, innovate, take risks, and lead change. Join us; we’ll be smarter and stronger together.
If this sounds like you, apply now!


  • SonarSource SA

No recruitment agencies please