Sonos
Sonos

Senior Application Security Engineer

TLDR

Own the execution layer of product security across cloud, mobile, and embedded engineering, driving consistent, measurable security tooling.

At Sonos we want to create the ultimate listening experience for our customers and know that it starts by listening to each other. As part of the Sonos team, you’ll collaborate with people of all styles, skill sets, and backgrounds to realize our vision while fostering a community where everyone feels included and empowered to do the best work of their lives.

About Sonos

Sonos makes the world's leading listening experiences — and the products behind them span a technically diverse ecosystem: embedded firmware, mobile applications, web platforms, cloud services, and partners. If you're looking for an opportunity to apply security principles across technical domains, and work on an outstanding consumer product, this is a great opportunity.

The Product Security team combines modern security tooling, automation, and AI with industry-defining security frameworks and direct development team partnerships. We enable secure-by-design and secure-by-default practices that are a natural part of how engineers work. We’re creating AI-powered workflows that encode security guidelines, automate the groundwork for threat modeling, and replace manual triage with intelligent pipelines. If you think security policy should run in a pipeline rather than live in a document, you'll fit right in.

What You’ll Do

You’ll own the execution layer of product security — the systems, tooling, and processes that make security practice consistent and measurable across cloud, mobile, and embedded engineering domains.

Automate and scale security practice

  • Integrate and operationalize security tooling (SAST, SCA, secrets scanning, DAST, SBOM) across engineering workflows, ensuring findings are high-signal and actionable

  • Partner with engineering teams to embed secure-by-design and secure-by-default practices directly into how they build

  • Build and extend AI-powered security tooling that encodes guidelines as automated workflows — replacing manual review steps with intelligent pipelines that run in CI/CD

Test, assess, and design securely

  • Lead and scale threat modeling across cloud, mobile, and embedded domains, including device-cloud-mobile trust boundaries

  • Establish repeatable security testing practices using automation and targeted manual assessment

  • Scope and coordinate third-party penetration testing engagements across cloud, mobile, web, and connected devices — including IoT and firmware assessments

Respond and comply

  • Support vulnerability intake, triage, coordinated disclosure, and PSIRT readiness

What You’ll Bring

  • 4+ years in software engineering, application security, or product security

  • Experience working directly with engineering teams in modern software development environments

  • Hands-on experience implementing and operationalizing security tooling: SAST, SCA, DAST, secrets scanning, or similar

  • Experience integrating security practices and tooling into CI/CD pipelines 

  • Experience using AI tools to automate security practices and previously manual activities

  • Experience scoping or coordinating penetration testing engagements and working with the results; experience with IoT or embedded device assessments is a strong plus

  • Experience working with IoT products, connected devices, or embedded systems is preferred but not required

Your profile will be reviewed and you'll hear from us once we have an update. At Sonos we take the time to hire right and appreciate your patience.

Sonos builds premium audio products that deliver unparalleled listening experiences, combining high-quality hardware with advanced software. Our focus is on audio enthusiasts and everyday listeners who crave exceptional sound quality in their environments. What sets us apart is our dedication to fostering a community and collaborative spirit as we strive to elevate the way people experience music.

View company profile
Senior Application Security Engineer
Apply for this job

Pro members saw this job first

New jobs unlock for everyone after 24 hours. Startup Jobs Pro shows them right away, with instant alerts and salary filters. From $7/month.

Get Pro