Position descriptionThe primary goal of the Information Security team is to build trust with our rapidly growing customer base by ensuring the Sonar organization meets a high level of security to protect our customers. As a member of the Information Security team, you will be based in Sonar's Austin office providing security support to engineering, senior management and, when needed, the incident management team. Your positive contributions will significantly impact the growth of the business through Sonar's "collective intelligence" mindset.
What you will do- Security Intake Management: Monitor the security queues and dashboards to categorize incoming security requests by severity, and escalate high-priority threats to senior staff.
- Remediation Follow-up: Reach out to Engineering, Business and Technology teams to manage security findings and update/verify as needed.
- Security Monitoring: Support monitoring and assignment of actions for security tooling.
- User Access Reviews: Conduct "least privilege" reviews by comparing current user permissions against HR records to ensure access remains aligned with the employee's role.
- Security Documentation: Draft or update simple "Standard Operating Procedures" (SOPs) for common security tasks to ensure the team's knowledge base remains current as the tech stack evolves.
- Process Automation: Learn and leverage AI tools to automate repetitive tasks, streamline reporting, and produce security metrics.
- Campaign Management: Launch and manage campaigns to employees such as specialized training, phishing, standards updates, etc.
Experience and qualifications- Customer Obsession: While security is what we do, our customers and internal users are key to our success. We strive for solutions that enable speed without sacrificing security.
- Infrastructure Fundamentals: A clear understanding of basic security principles and how security fits into organizations
- Incident Triage: Ability to differentiate between true security threats and common "noise" (false positives) within a monitoring queue.
- Vulnerability Lifecycle Management: Basic knowledge of how a vulnerability moves from discovery (e.g., a pentest finding) to remediation and final verification.
- Logical Troubleshooting: A systematic approach to investigating "how" and "why" events occur.
- Technical Communication: The ability to explain security requirements to non-security peers in a professional and collaborative manner.
- Foundational Networking: Familiarity with the OSI Model, TCP/IP, and how data flows through firewalls and proxies in a hybrid work environment.
- Administrative Diligence: Strong organizational skills for tracking multiple long-term remediation projects without letting smaller alerts slip through the cracks.
Additional commentsThis role is based in Austin, TX. We are unable to consider candidates unwilling to be in Austin, but we are willing to relocate the right candidate.
Benefits- Flexible comprehensive employee benefit package.
- We encourage usage of our robust time-off allocations. You will receive 23 days of PTO per calendar year (on a pro-rated basis depending on your employment start date), with additional time provided for sickness, life events and holidays
- .We offer an exciting 401(k) plan that has a 4% match, fully vested on day one of participation.
- Fully paid parking in the heart of downtown Austin, Texas.
- Global workforce with employees in 20+ countries representing 35+ unique nationalities.
- We have an annual kick-off somewhere in the world where we meet to build relationships and goals for the company.
- Monthly catered events, and team events
