Senior Security Engineer

Senior Security Engineer at SONOS

Department: Platforms and Infrastructure

Location: Seattle

Req#: 4511

At Sonos, we believe in the experience and our standard is ultimate. That’s the vision that drives every product we design. Every choice we make. Everything we do. Including the innovative and dynamic ways we integrate cyber-security into the company culture.Come join a small, highly-effective team of security experts providing engineering guidance and advanced security solutions that strategically support the continued growth of the Sonos brand around the world.

About You

You're not like everyone else.

You bring a unique perspective to the table. Transparency tops your list of values. Your smarts and creativity are off the charts, matched only by your humility. You want to collaborate with a team of diverse talent. You proactively contribute to a culture of respect and inclusion.

You enjoy a challenge.

Inquisitive and focused, you see every challenge as an opportunity. You're ambitious and unafraid to make mistakes because you learn from them and bounce back quickly. You don't stop until you get it right. "Impossible" isn't in your vocabulary. You're more interested in creating the future than waiting for it.

You love to listen.

You start every interaction from a place of listening and seeking to understand. You're culturally connected. You remember your first concert. You can readily recommend a binge-worthy show on Netflix, Hulu or HBO. You can't sit in traffic without a great audiobook, podcast or album. You can make a killer playlist. Your idea of a good weekend includes watching a movie or playing a video game.

What You’ll Do

Take on Security Puzzles: 


Can you use your well-rounded background in host, network and application security to provide security engineering recommendations, helping partner teams identify, prioritize, and in some cases, implement changes that will reduce the level of security risk at Sonos? Can you step out of the engineering world to help improve a business process? Can you support the Legal and People teams through difficult and complex situations? We don't shy away from a challenge with an opportunity to improve the security for our teammates. We strive to never be in the way of productivity by emphasizing elegant security solutions that enable rather than hinder. 


Communicate Effectively: 


You'll work to find the right way to inform and engage all types of audiences. We communicate with everyone from business leaders, product and program managers, developers, operations engineers, and third-party partners. You will need to draw on your empathy and expertise to make the conversation meaningful and precise. 


Operational Excellence: 


When we build things, we build them to last. Being data driven, you will measure the success of the security solutions with metrics and dashboards, as well as the health of the tools we use and services we provide. We never stop improving the effectiveness of the overall security capabilities.


Perform Risk Assessments: 


Analyze existing vendors and solutions and participate in architecture/design reviews for new technology solutions to provide security-focused inputs into the design. Perform risk/security assessments globally across all parts of Sonos.


Having Fun: 


Securing an enterprise is a serious mandate, but Sonos is more than an enterprise. We value the people that work here and place importance on enjoying what you do and who you do it with. Respectful, honest collaboration not only helps us achieve our goals, it helps us enjoy the time we spend working together.


Skills You’ll Need

Vulnerabilities, Risks and Threats: 


You’ve used your experience to perform deep risk assessments using industry standard frameworks like NIST or OCTAVE. You're familiar with scanning tools like Nexpose, Nessus or Qualys and can interpret the results in to meaningful advice for the organization. You have a familiarity with threat modelling both infrastructure and software designs. (Seasponge, TMT2016, Threat Dragon). 


Acting as a trusted advisor: 


You can act as a security authority in consultation with technical, engineering and business to collaboratively build security in to projects and processes from the beginning. You have participated in reviewing the security of potential vendors to validate that they meet your security standards. You can use these assessments to provide guidance to our partner teams to help them decide what tools and services are a good fit for Sonos. In your capacity as a Senior Security Engineer, you will mentor engineers both on your team and across the business. Your experience tells you when this means a quick conversation to correct the course of a project or letting your own work do the talking.


The right tools: 


We use a variety of tools, both opensource and enterprise, to maintain a level of awareness and protection at Sonos. You'll bring curiosity and confidence to the table to help the determine which tools offer the best return. Your experience with IDS/HIDS tools, SIEMs and event correlation will be the foundation that we build our security infrastructure on. 


Building and Automating: 


As we continue mature operationally, we will look towards the future of automation, machine learning and AI. You have experience securing cloud infrastructure (AWS, GCP, Azure). You have used orchestration frameworks like Ansible, Puppet or Chef to deploy and manage hosts and services. You are a natural a scripting and programming in languages like Ruby, Python, Node, C++ or Go and use them to increase your productivity through automation of tasks.


More About Sonos

In 2002, Sonos set out to reinvent the way people listen at home. The wireless home sound system we created makes it easier than ever to fill any and every room with music, podcasts, TV, and just about anything else you could ever want to hear-all with brilliant, immersive clarity. Since then millions of people in over 60 countries have made Sonos part of their lives.

Today we remain focused on innovation, thoughtfully designing products, inventing new technologies, expanding our software platform, crafting the best sound experience and making a positive social impact in the world.

We're empowering people to listen better because listening builds understanding and drives change. It even increases happiness and brings people together. Simply put, listening leads to a better life. (We've got the data to prove it.)