Who is Sonar?
Sonar is driving the future of agent-centric software development. As the leader in AI code verification and governance, we solve a critical problem: ensuring that software generated by AI-assisted developers or autonomous agents is reliable, secure, and maintainable.
Integrating seamlessly with Claude Code, Codex, Cursor, GitHub Copilot, Gemini, and Devin, we help over 75% of the Fortune 100 build trusted, reliable, compliant software. Customers who use Sonar are 44% less likely to report an outage due to AI-generated code.
We believe code verification is the critical missing link in the Agent-Centric Development Cycle (AC/DC). Industry giants like Nvidia, ServiceNow, Booking.com, Goldman Sachs, AstraZeneca, and Ford Motor Company count on us to provide independent, explainable, consistent review and governance of their AI-generated code via products like:
- SonarQube: The world’s leading AI code review and verification platform.
- SonarQube Foundation Agent: Currently topping the leaderboards for agentic software repair.
- SonarSweep & Sonar Context Augmentation: Providing the enterprise-grade context and constraints agents need to be truly effective.
Our team operates across global hubs in Austin, Bochum, Dubai, Geneva, London, Singapore, Tokyo, and Washington D.C. We move with a mindset we call CODE:
- Committed to our customers and community.
- Obsessed with quality.
- Deliberate in our decisions.
- Effective as one team.
With over $400M in revenue and profitable, fast-paced growth, we are building the backbone of the AI software revolution. If you’re hungry to have an impact, want to build at a fast pace, and ready to work at the forefront of AI, we want to hear from you.
Position description
We are still at the beginning of our growth journey, so we are putting new processes, technologies, and tools in place on a continuous basis. Your role is a pivotal engineering contributor to the tooling and services to automate and enhance the software development lifecycle, empowering our fellow SonarSourcers to deliver with speed, confidence, and security. You would be a member of a team that delivers solutions across all of our 5 offices: Austin (Texas, US), Geneva (Switzerland), Bochum (Germany) and Singapore.
As a Major Incident Manager, you use and create automation tools to monitor and observe production infrastructure services both on premises and in the cloud. You are allergic to repetitive tasks, preferring to maximize automation and reliability. You are expert in change management, infrastructure management, system support, and configuration management.
What you will do
System Health Monitoring, Alert Triaging, and Error Budget Management: Dedicate time to monitoring critical security infrastructure (e.g., identity platforms, firewalls, compliance systems) and core infrastructure components. Focus on using and maintaining dashboards tied to Service Level Objectives (SLOs), triaging high-severity alerts, and analyzing the current Error Budget burn rate to guide prioritization for the rest of the day.
Infrastructure as Code (IaC) and Policy as Code Development: Spend the largest portion of time writing, reviewing, and testing code (e.g., Python, Go, Terraform, or proprietary tools) to automate the deployment, configuration, and security hardening of infrastructure. This involves treating infrastructure and security policies as software to ensure consistency and prevent configuration drift.
Toil Elimination and Automation of Operational Tasks: Identify, scope, and implement automated solutions for manual, repetitive, and time-consuming tasks (toil) related to security patching, compliance checks, certificate rotations, or infrastructure maintenance. The goal is to continuously reduce the operational workload for the team.
Security Pipeline and Observability Maintenance: Maintain and enhance the DevSecOps security tools integrated into the CI/CD pipelines (e.g., static analysis, vulnerability scanning, security configuration checks). Ensure the end-to-end logging, metrics, and tracing (observability) systems for both infrastructure and security tools are robust, accurate, and provide immediate diagnostic capability during incidents.
Incident Response Engineering and Post-Mortem Action: Participate in the on-call rotation and actively engage in engineering solutions derived from post-mortems. This means turning incident root causes into preventative measures implemented via code, improving runbooks into automated actions, and reducing Mean Time To Resolution (MTTR) for future incidents.
Experience and qualifications
Deep IaC Expertise: Professional experience provisioning and managing complex infrastructure using tools like Terraform or CloudFormation (AWS), or similar tools like Ansible or Puppet for configuration management.
Cloud/Platform Experience: Hands-on experience with a major cloud provider (AWS, GCP, Azure) or managing large-scale internal/private cloud infrastructure.
SLO/SLI Implementation: Practical experience defining, measuring, and reporting on Service Level Indicators (SLIs) and Service Level Objectives (SLOs) for critical services.
Logging/Metrics/Tracing Stacks: Proven experience with modern observability platforms (e.g., Prometheus/Grafana, ELK/EFK stack, proprietary systems, or vendor solutions like Datadog/Splunk) for proactive issue identification.
Networking: Strong understanding of core networking concepts (TCP/IP, DNS, Load Balancing, Firewalls, Proxies) sufficient to debug complex service connectivity and latency issues.
Automation of Security Controls: Experience implementing security best practices via code, such as automated vulnerability scanning, configuration hardening, secret management (e.g., HashiCorp Vault), and key rotation.
Identity and Access Management (IAM): Practical experience managing large-scale IAM systems (e.g., implementing least-privilege policies, single sign-on).
Incident Management: Experience running or significantly contributing to post-incident reviews (post-mortems) and prioritizing resulting engineering work (error budget management).
We Value Diversity, Equity, and Inclusion:
At Sonar, we believe that our diversity is our strength. We are a global company that values and respects different backgrounds, perspectives, and cultures.
We are committed to fostering a diverse and inclusive work environment where everyone feels valued and empowered to contribute their best. We are proud to be an equal opportunity employer and welcome all qualified applicants, regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
All offers of employment at Sonar are contingent upon the precise results of a comprehensive background check and reference verification conducted before the start date.
We do not currently support visa candidates in the US.
Applications that are submitted through agencies or third party recruiters will not be considered.
In-office culture
We're intentional about this. We believe the best teams are built in the room together. Three anchor days — Mondays, Tuesdays, and Thursdays — create the collaboration rhythm that makes a hub office worth having.
Candidates need to be genuinely based in the location the role is posted — if that's not where you are today, we're happy to support relocation for the right person.
We value diversity, equity, and inclusion
At Sonar, we believe that our diversity is our strength. We are a global company that values and respects different backgrounds, perspectives, and cultures. We are committed to fostering a diverse and inclusive work environment where everyone feels valued and empowered to contribute their best. We are proud to be an equal opportunity employer and welcome all qualified applicants, regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
If you need any accommodation, please reach out to us at hiring@sonarsource.com.
All offers of employment at Sonar are contingent upon the results of a comprehensive background check and reference verification conducted before the start date.
Applications that are submitted through agencies or third party recruiters will not be considered.