
Sonar · Bochum
Who is Sonar? Sonar is driving the future of agent-centric software development. As the leader in AI code review and verification, we solve a critical problem...
Who is Sonar?
Sonar is driving the future of agent-centric software development. As the leader in AI code review and verification, we solve a critical problem: ensuring that software generated by AI-assisted developers or autonomous agents is reliable, secure, and maintainable.
Integrating seamlessly with Claude Code, Codex, Cursor, GitHub Copilot, Gemini, and Devin, we help over 75% of the Fortune 100 build trusted, reliable, compliant software. Customers who use Sonar are 44% less likely to report an outage due to AI-generated code.
We believe code verification is the critical missing link in the Agent-Centric Development Cycle (AC/DC). Industry giants like Nvidia, ServiceNow, Booking.com, Goldman Sachs, AstraZeneca, and Ford Motor Company.count on us to provide independent, explainable, consistent review and governance of their AI-generated code via products like:
SonarQube: The world’s leading AI code review and verification platform.
SonarQube Foundation Agent: Currently topping the leaderboards for agentic software repair.
SonarSweep & Sonar Context Augmentation: Providing the enterprise-grade context and constraints agents need to be truly effective.
Our team operates across global hubs in Austin, Bochum, Dubai, Geneva, London, Singapore, Tokyo, and Washington D.C. We move with a mindset we call CODE:
Committed to our customers and community.
Obsessed with quality.
Deliberate in our decisions.
Effective as one team.
With over $400M in revenue and profitable, fast-paced growth, we are building the backbone of the AI software revolution. If you’re hungry to have an impact, want to build at a fast pace, and ready to work at the forefront of AI, we want to hear from you.
Position description
As an Application Security Researcher, you play a central role in realizing our ambition to provide the best SAST solution on the market. Like us, you believe that application security is not the responsibility of a few experts and that developers can have the biggest impact when they get the right information at the right time.
As a member of the Code Security team, you decide what security issues the product should detect and how they materialize in various language ecosystems. You work closely with static analysis developers to specify, clarify, communicate, and validate all functional aspects of the security rules.
You will be a trusted adviser of developers, able to provide meaningful code samples and specifications. This is a great way to have a direct impact on the product and, ultimately, on how millions of developers produce code.
IDnow is a leader in digital identity and fraud prevention in Europe with a mission to transform trust into the most powerful asset in the digital world, empowering enterprises with AI-driven, SaaS-based identity solutions that deliver scalable security, adaptive compliance, and real-time fraud prevention. Through its broad portfolio of digital identity and fraud prevention solutions, IDnow establishes, maintains and enriches trust throughout the customer journey, ensuring businesses can confidently and securely operate while leveraging digital identity to drive growth, security and scalability. The company has offices in Germany, United Kingdom, Romania and France, and is backed by renowned institutional investors, including Corsair Capital and Seventure Partners. Its portfolio of international clients spans a wide range of end markets including financial services, telecommunications, travel & mobility, gaming, and other industries. This position is based in Rennes, France. Europe's leader in identity verification solutions (KYC, eSigning, IDcheck, etc.), is strengthening its RDM (Research Data Management) division. We are looking for a Senior Data Engineer passionate about data and industrialization to design and operate the tools and data storage that power our software and AI research. The data you'll manage is at the core of what IDnow does: identity documents, biometric data, and verification records, sensitive by nature, regulated by design, and technically challenging to handle at scale. You will play a key role in the design and construction of our next-generation data lake, shaping its architecture from the ground up and bringing your experience to a team that values technical leadership and ownership. KEY RESPONSIBILITIES * Define and own data storage and data management architecture for our software and AI/ML workflows. * Develop and maintain tools and services that AI & ML R&D teams and engineering teams rely on, including workflow orchestration platforms and test campaign infrastructure. * Manage and analyze large data volumes. * Set up and maintain backend APIs and services that provide reliable and secure internal data access. * Operate and evolve the platform infrastructure (CI/CD, containerization, deployments) with a strong focus on quality (automated testing). * Enforce data access policies and GDPR compliance rules on research datasets, ensuring proper governance, traceability, and data minimization. * Collaborate closely with internal stakeholders (ML teams, product design and development, QA, devops) in an agile environment to prioritize and deliver within a continuous improvement process. * Enforce data access policies and GDPR compliance rules on research datasets, ensuring proper governance, traceability, and data minimization. PREFERRED EXPERIENCE REQUIRED: * Application development in Python (tooling, services, data scripts, packaging). * API frameworks and REST APIs (FastAPI/Django REST or equivalent). * Automated testing with pytest; strong quality and coverage mindset. * SQL databases: solid knowledge of PostgreSQL and MariaDB (modeling, query writing, migrations, basic performance tuning). * Data storage: design and operation of data storage solutions, including S3-compatible object storage (Ceph/Rook). * Docker and Kubernetes: containerization best practices and cluster deployments. STRONG PLUS: * Helm and ArgoCD: we are currently migrating our full stack to a Kubernetes + Helm + ArgoCD deployment model, hands-on experience here is a significant advantage. * Identity and access management: Keycloak or equivalent SSO/IAM solutions. * Search & analytics: OpenSearch or equivalent. * CI/CD: GitLab CI, deployment automation (Ansible, ArgoCD). WORKING ENVIRONMENT * Multidisciplinary teams (AI/ML research, development, QA), agile methodology. * Internal clients with a direct impact on the speed and quality of AI research at IDnow. * Strong technical culture, with mutual support and continuous growth. * A technically rich domain where AI, security, and privacy constraints intersect. * Linux: day-to-day administration and tooling (shell, security, permissions, networking). WHAT YOU’LL BRING * The ability to translate R&D needs into robust, scalable, and well-tested data platforms and tools. * Technical leadership on data lifecycle management (ingestion, storage, access, traceability) in service of AI and testing. * The ability to drive key architectural decisions on our data lake: storage organization, access patterns, data lifecycle, and tooling choices. * An industrialization mindset (automation, reproducibility, observability) applied to ML and data workflows. SOFT SKILLS * Motivation and initiative. * Curiosity, appetite for technical challenges, and continuous learning. * Team spirit, clear communication with diverse stakeholders (engineers, researchers, QA, devops). * Rigor, service orientation, and product mindset. * English required (international environment). PERKS & BENEFITS * Health & Wellbeing: Use your full access to the mental health platform nilo, including 1on1 sessions. * We value personal and professional development: make full use of Udemy, our training platform with 24/7 access and unlimited content/course consumption incl. certification. * We make your remote work comfy: we provide support on equipment and offer flexible working hours. * We value collaboration & love to come together: regular onsite gatherings, internal initiatives and summer parties to connect outside of work. * May your family require your attention or other reasons apply: use the benefit of our paid special leave days. * Enjoy the possibility to combine work with a longer stay at your holiday destination or extend a weekend with our Workcation possibilities. * In addition to the perks & benefits above, we offer specific benefits that differ between our locations. IDnow applies the principles of non-discrimination and equality: We strive to establish, maintain, and promote an open and inclusive recruitment process and working environment by respecting the principles of equal opportunities. Including but not limited to: sex, race or ethnic origin, religion or convictions, gender identity, citizenship, marital status, disability, age, or sexual orientation.
ABOUT US: SRLabs is home to knowledge leaders securing critical infrastructures in finance, energy, and telecommunications. We focus on hands-on hacking resilience – not compliance –, which we shape by combining our hacking research with impactful consulting work for innovation leaders that have a natural thrive for cutting-edge technologies. We are looking for Security Consultant to join our team in Berlin to drive security evolution through ethical hacking, research and consulting. We welcome candidates from strong technical backgrounds, including software engineering, cloud/platform engineering, systems architecture, and infrastructure operations – who are looking to transition into cybersecurity consulting. YOUR RESPONSIBILITIES Job brief: In this role, you will be primarily responsible for providing security consulting services to a wide variety of clients. You work closely with hackers, researchers, and consultants to identify security issues and provide recommendations in complex, large-scale and one-of-a-kind-environments. Your responsibilities: * Depending on the project scope, perform technical analyses including web & mobile penetration testing, red teaming, architecture & code review, etc. * Maintain a close working relationship with clients and be their trusted advisor for mastering IT security challenges to their organization * Collaborate with internal and external teams to identify security problems and gaps that require new and unique solutions * Produce high-quality technical reports and presentations * Conduct technical trainings and workshops for clients and internal teams within SRLabs * Provide guidance to Junior Security Consultants on complex projects that require your experience and expertise * Engage in research and be up to date on security best practices and techniques WHAT DO YOU BRING? * Strong foundational knowledge of information technology, including (Operating systems, Networking and Web technologies)Exceptional analytical and quantitative problem-solving skills * Expertise in at least two technical topics (network/cloud architecture, software engineering, CI/CD pipelines, identity & access management, vulnerability management, penetration testing, red teaming, embedded systems security) * Exposure to client communication and ability to provide appropriate and clear recommendations * Experience in creating technical reports and presentations that are comprehensive to tech and non-technical audiences * Excellent verbal and written communication skills in English WHAT AWAITS YOU WITH US? * Diverse team of highly motivated and competent security experts * Culture of constant learning and improvement * Flexible home office * Yearly company retreat * Urban Sports Club membership * Deutschlandticket (public transportation) * 30 days paid vacation * Yearly learning budget (1000 EUR) APPLY NOW We are looking forward to receiving your application.
ABOUT US: SRLabs is home to knowledge leaders in the areas of telco security, IoT hardware hacking, Blockchain, AI security, and software security more broadly. We focus on knowledge sharing and continuous learning – achieved through our research combined with the selection of interesting client projects, ranging from enterprise software to Web3 and AI-powered systems, that position us at the forefront of cutting-edge technologies. Our research regularly reaches a global audience through conference talks and publications, and widely used open-source tools. YOUR RESPONSIBILITIES Join our team as a Security Engineer to help clients ship software that stands up to attackers. We're hiring at the junior to mid-level, so whether you're early in your security career or have a couple of years of hands-on experience, we are looking for an ethical hacker at heart who thinks like an attacker. You’ll build and improve the tooling behind our software assurance work, run attacker-mindset audits across enterprise, Web3, and AI-powered systems, and work directly with client teams to strengthen their SDLC. If you have a passion for security tooling, code assurance, AI security, and hands-on consulting, we want to hear from you! * Tooling: Build and maintain tooling that powers our security reviews, including our in-house fuzzing framework and static/dynamic analysis pipelines. * Code audits: Conduct attacker-mindset code audits across enterprise and Web3 systems, including blockchain runtimes and smart contracts, using and extending our fuzzing framework. * AI & agentic security: Assess AI/LLM-powered applications and agentic systems for exploitable weaknesses (e.g. prompt injection, insecure tool use, data leakage) and explore how AI can be used to augment our own audits and tooling. * Reporting: Produce high-quality technical reports and presentations. * Client advisory: Advise clients on SDLC improvements, verify remediations, and help track risk-reduction KPIs * Remediation: Work closely with client developers of the client project team to report and remediate the discovered issues * Community & training: Participate in hacking exercises, contribute to our Security Ambassador program, and conduct developer trainings WHAT DO YOU BRING? * Security fundamentals: Understanding of software security fundamentals, secure architecture, and threat modeling across enterprise and Web3/blockchain systems. * AI/LLM security: Curiosity about AI/LLM security risks (prompt injection, model or data exfiltration, agentic tool misuse) or hands-on experience probing AI systems. * Vulnerability research: Track record of finding and exploiting real-world vulnerabilities (CTFs, bug bounties, pentests, or independent research): this role is for hands-on ethical hackers, security engineers. * Tooling & automation: Strong ability to automate and build tools for security review (static/dynamic analysis, fuzzing, CI integrations. * Communication: Excellent communication skills in English and German is a plus. * Languages: Familiarity with RUST, C/C++, GO and solidity are a plus. * Consulting mindset: Comfortable advising clients directly, explaining risk clearly, and guiding remediation. * Hacker mindset: A passion to grow in security. WHAT AWAITS YOU WITH US? * Unique opportunity to join the world of cybersecurity in Berlin * Diverse team of motivated Security Experts with people from many countries * A wide range of benefits: discounts on gym membership, public transport (BVG pass), German lessons * Annual company retreat * Further education, training, and certificate opportunities * Opportunity to contribute to research * Flexible home office * 30 days of paid vacation APPLY NOW Tell us what you have built or broken. Send your CV along with anything that shows your work: GitHub, CTF profiles, write-ups, bug-bounty history, or research you are proud of. We are looking forward to receiving your application! SRLabs is an equal-opportunity employer. We welcome applicants of all backgrounds.