Information Security Engineer

Summary

Join Sonatype, the leading software supply chain security company, as an Information Security Engineer. This crucial role involves securing our digital assets using cutting-edge tools and collaborating with global teams. You will conduct vulnerability scans, manage security incidents, proactively protect digital assets, and implement security tools and systems. The position requires extensive experience in software development, security engineering, DevOps, and security operations, along with a strong understanding of vulnerability management and security frameworks. Sonatype offers a flexible work-from-home environment, opportunities for career growth, and continuous learning and certification support.

Requirements

• 8+ years of experience in software development or security engineering
• 7+ years of experience in DevOps and security operations
• 7+ years handling incident response and escalation
• Strong understanding of vulnerability management and scanning tools
• Familiarity with common security frameworks, protection methods, and DevSecOps
• Experience with SAST, DAST, SCA, or related security testing tools
• Hands-on experience conducting security reviews (architecture, source code, infrastructure)
• Experience deploying automated/custom vulnerability scans
• Knowledge of cloud and infrastructure security principles

Responsibilities

• Conduct vulnerability scans, analyze results, and support remediation efforts
• Manage security incidents, including response, resolution, and prevention
• Proactively protect digital assets, mitigating risks before breaches occur
• Implement, configure, and upgrade security tools and systems
• Evaluate, integrate, and configure security technologies to enhance protection
• Collaborate with technical teams, product managers, and third-party vendors on security initiatives
• Respond to cybersecurity alerts, monitor logs, and manage security events
• Perform technical risk assessments on software, tools, and third-party integrations
• Identify vulnerabilities in infrastructure and provide risk-based recommendations

Preferred Qualifications

• Knowledge of web application security (e.g., OWASP Top 10)
• Understanding of security architecture principles
• Familiarity with threat modeling frameworks and security assessments
• SANS Certifications: GSEC, GCIH, GCLD, GCID, GMON
• (ISC)² Certifications: CISSP, CC, SSCP, CCSP, CAP, CSSLP

Benefits

• Work with a global team at the forefront of cybersecurity
• Exciting career growth opportunities with industry-leading experts
• Work-from-home flexibility with a strong work-life balance
• Continuous learning & certification support to advance your skills
• Parental leave
• Flexible working practices