About the role
At Sonos we want to create the ultimate listening experience for our customers and know that it starts by listening to each other. As part of the Sonos team, you'll collaborate with people of all styles, skill sets, and backgrounds to realize our vision while fostering a community where everyone feels included and empowered to do the best work of their lives.
About Sonos
Sonos makes the world's leading listening experiences - and the products behind them span a technically diverse ecosystem: embedded firmware, mobile applications, web platforms, cloud services, and partners. If you're looking for an opportunity to apply security principles across technical domains, and work on an outstanding consumer product, this is a great opportunity. The Product Security team combines modern security tooling, automation, and AI with industry-defining security frameworks and direct development team partnerships. We enable secure-by-design and secure-by-default practices that are a natural part of how engineers work. We're creating AI-powered workflows that encode security guidelines, automate the groundwork for threat modeling, and replace manual triage with intelligent pipelines. If you think security policy should run in a pipeline rather than live in a document, you'll fit right in.
What You'll Do
You'll own the execution layer of product security – the systems, tooling, and processes that make security practice consistent and measurable across cloud, mobile, and embedded engineering domains.
Automate and Scale Security Practice
- Integrate and operationalize security tooling (SAST, SCA, secrets scanning, DAST, SBOM) across engineering workflows, ensuring findings are high-signal and actionable
- Partner with engineering teams to embed secure-by-design and secure-by-default practices directly into how they build
- Build and extend AI-powered security tooling that encodes guidelines as automated workflows – replacing manual review steps with intelligent pipelines that run in CI/CD
Test, Assess, and Design Securely
- Lead and scale threat modeling across cloud, mobile, and embedded domains, including device-cloud-mobile trust boundaries
- Establish repeatable security testing practices using automation and targeted manual assessment
- Scope and coordinate third-party penetration testing engagements across cloud, mobile, web, and connected devices – including IoT and firmware assessments
Respond and Comply
- Support vulnerability intake, triage, coordinated disclosure, and PSIRT readiness
What You'll Bring
- 4+ years in software engineering, application security, or product security
- Experience working directly with engineering teams in modern software development environments
- Hands-on experience implementing and operationalizing security tooling: SAST, SCA, DAST, secrets scanning, or similar
- Experience integrating security practices and tooling into CI/CD pipelines
- Experience using AI tools to automate security practices and previously manual activities
- Experience scoping or coordinating penetration testing engagements and working with the results; experience with IoT or embedded device assessments is a strong plus
- Experience working with IoT products, connected devices, or embedded systems is preferred but not required
About this listing
This role passed our automated spam and quality filters and was active in our feed when last checked. Joboru is an aggregator — here is how we screen listings. If anything looks off, tell us.
Similar jobs you may like
Data Architect
1 day agoTriad Group PLC
Solution Architect
1 day agoBRIGHT EXECUTIVE RECRUITMENT
IC Design Layout Engineer (Contract)
1 day agoMorson Edge
AI Technologist Aerospace & Defence
1 day agoDXC
Senior Paid Digital Specialist
1 day agocns media
Missile Test Architect
1 day agoCertain Advantage
Housing & Wellbeing Co-ordinator
1 day agoPlaces for People
Lead Software Engineer Python Full Stack
1 day agoClient Server
People Operations Manager - Jockey Club Experiences - Exeter/ Wincanton
1 day agoCompass UK & Ireland