Junior Product Security Engineer Operations
Posted 3 hours 49 minutes ago by Startops
At Sonos we want to create the ultimate listening experience for our customers and know that it starts by listening to each other. As part of the Sonos team, you'll collaborate with people of all styles, skill sets, and backgrounds to realize our vision while fostering a community where everyone feels included and empowered to do the best work of their lives.
This role is located on-site at our Glasgow office. This position is office-based, meaning regular in-person collaboration or use of office equipment is essential to maximize effectiveness for this team and/or position. Qualified applicants must live within commuting distance of our Glasgow office location and should expect to be in office a minimum of 4 days per week.
At Sonos, our Product Security Vision is to protect our products by implementing proven security practices and leveraging expertise to create experiences that both delight our customers and safeguard them and their information from cyber threats.
We are seeking a highly motivated and detail-oriented Junior Product Security Engineer to join our growing Product Security team. This role is a vital component of our product security strategy, providing essential operational support to our Product Security team and contributing significantly to the overall stability and long-term scalability of our Product Security program.
You will play a key role in our efforts to ensure Sonos products meet evolving global cybersecurity regulations, assist in embedding security throughout our development lifecycle, and help build a robust foundation for future product security expertise at Sonos.
What You'll Do
As a Junior Product Security Engineer, you will:
- Support Secure Product Development: Assist in creating and improving secure software development practices, helping to identify and mitigate common security flaws (e.g., OWASP Top 10 vulnerabilities) in web applications, mobile, and IoT devices. Help ensure the proper implementation of authentication and authorization mechanisms, encryption fundamentals, and secure communication protocols like TLS/SSL. Support threat modeling exercises (e.g., using STRIDE or DREAD methodologies) to identify potential security risks in system designs.
- Operational Product Security Support: Gain hands-on experience with common security tools and technologies such as static analysis (SAST), dynamic scanning (DAST), and security testing frameworks. Assist in streamlining vulnerability remediation processes, tracking defect status, and facilitating vulnerability information flow to development teams. Learn and support Product Security Incident Response Team (PSIRT) processes, including vulnerability management, security advisory creation, and coordinated disclosure procedures.
- Contribute to Regulatory Compliance: Assist the team with documentation, evidence collection, and maintaining accurate records for product software, services, and data compliance (e.g., for EU CRA, UK PSTI Act, EU RED Delegated Act, GDPR, CCPA). Conduct targeted research on emerging regulations, industry best practices, and new security technologies to support compliance efforts.
- Enhance Team & Program Capacity: Learn from senior team members and external experts, developing a strong foundational understanding of product security, regulatory compliance (GRC principles), and incident response. Assist in the coordination of the 'security champions' program by preparing materials, tracking engagement, and supporting training initiatives.
Basic Qualifications
We are looking for an enthusiastic and detail-oriented individual with a strong foundational understanding of cybersecurity and a keen interest in growing a career in product security.
Education & Certifications: Bachelor's degree in Computer Science, Cyber Security, or a related technical field. Relevant security certifications (e.g., CompTIA Security+, CySA+) are a plus.
Experience: Minimum of 0-2 years of experience in security, IT, or related technical fields, including valuable internships or academic projects focusing on cybersecurity. Experience with secure software development practices and an understanding of OWASP Top 10 vulnerabilities with the ability to identify common security flaws in web applications, mobile, and IoT devices. Basic knowledge of programming languages (Python, C++, Java, or JavaScript) and familiarity with code review processes. Basic understanding of cloud security concepts and familiarity with major cloud platforms (AWS, Azure, or GCP). Familiarity with Product Security Incident Response Team (PSIRT) processes, including vulnerability management. Knowledge of compliance frameworks (such as SOC 2, ISO 27001, or GDPR) and/or experience participating in security assessments or audits is a plus.
Skills: Foundational Technical Skills: Solid understanding of authentication and authorization mechanisms, encryption fundamentals, and secure communication protocols like TLS/SSL. Security Tool Familiarity: Familiarity with common security tools and technologies such as static analysis tools, dynamic scanning tools, and security testing frameworks. Threat Modeling: Basic understanding of threat modeling methodologies (such as STRIDE or DREAD) and interest in participating in threat modeling exercises. Research & Documentation: Strong ability to conduct thorough research, organize information logically, and produce clear, accurate documentation. Attention to Detail: Meticulous approach to managing data, tracking vulnerabilities, and maintaining compliance evidence, critical for audit readiness. Learning Agility: Enthusiastic, proactive, and quick to learn new technical concepts, security tools, complex regulatory frameworks, and internal processes. Communication: Good verbal and written communication skills for effective internal collaboration and information sharing.
Visa Sponsorship: Sonos is unable to sponsor or take over sponsorship of an employment visa for this role at this time. We ask that applicants be authorized to work for any UK employer, both now and in the future.
Your profile will be reviewed and you'll hear from us once we have an update. At Sonos we take the time to hire right and appreciate your patience.