Skip to main contentA logo with &quat;the muse&quat; in dark blue text.

Staff Info Sec AI Researcher

2 weeks ago Hyderabad, India
Sonatype is the software supply chain security company. We provide the world’s best end-to-end software supply chain security solution, combining the only proactive protection against malicious open source, the only enterprise grade SBOM management and the leading open source dependency management platform. This empowers enterprises to create and maintain secure, quality, and innovative software at scale.

As founders of Nexus Repository and stewards of Maven Central, the world’s largest repository of Java open-source software, we are software pioneers and our open source expertise is unmatched. We empower innovation with an unparalleled commitment to build faster, safer software and harness AI and data intelligence to mitigate risk, maximize efficiencies, and drive powerful software development.

More than 2,000 organizations, including 70% of the Fortune 100 and 15 million software developers, rely on Sonatype to optimize their software supply chains.


At Sonatype, we empower developers with best-in-class tools to build secure, high-quality software at scale. Our mission is to create a world where software is always secure and developers can innovate without fear. Trusted by thousands of organizations, including Fortune 500 companies, we are pioneers in software supply chain management, open-source security, and DevSecOps.

As an AI Red Team Staff Software Engineer at Sonatype, you will help shape a high-impact security engineering capability at the intersection of frontier AI, offensive application security, and software supply chain defense. You will use advanced AI models, techniques, and security tooling to discover, validate, and help remediate meaningful risks across Sonatype’s products, codebases, infrastructure, and dependencies.

Want more jobs like this?

Get Data and Analytics jobs in Hyderabad, India delivered to your inbox every week.

Job alert subscription

What You’ll Do


    Your work will turn security findings into durable defensive improvements, including remediation guidance, engineering-ready fix proposals, reusable AI-SDLC patterns, secure coding guidance, and product-security insights that reduce exposure and raise the bar for secure engineering at Sonatype.


    Key Responsibilities:




    •  Identify and prioritize meaningful security risks across first-party code, services, infrastructure, build pipelines, and software supply chain components.




    • Validate findings for exploitability, severity, affected products, business impact, and remediation priority.




    • Collaborate with Security Research and Product to translate novel findings, malicious component discoveries, and emerging attack patterns into research-ready outputs, product improvements, detection opportunities, and customer-facing intelligence.




    •  Work closely with Application Security and Engineering to move validated findings through remediation and reduce repeat vulnerability patterns.




    • Champion modern AI-SDLC practices by translating recurring vulnerability classes, insecure coding patterns, and effective remediation approaches into reusable guidance, detection logic, secure coding standards, and remediation playbooks. 




    •  Create clear remediation guidance, engineering-ready fix proposals, and pull requests where appropriate.


What We’re Looking For


    We’re seeking an experienced engineer who thrives in an agile, collaborative environment and enjoys tackling technical challenges.


    Minimum Qualifications:




    • 8+ years of professional software engineering experience, including 2+ years in a Staff Engineer or equivalent technical leadership role.




    • Proven experience identifying, validating, and helping remediate vulnerabilities in production software, services, APIs, infrastructure, or software supply chain components.




    • Strong ability to read, understand, and reason about complex codebases, preferably including Java, Kotlin, or other JVM-based backend systems. 




    • Hands-on experience with application security testing methods and tools, such as SAST, DAST, SCA, secret scanning, threat modeling, secure code review, or vulnerability validation.




    • Practical experience using AI-assisted engineering, security analysis, or automation techniques to improve software quality outcomes.




    • Ability to translate security findings into clear remediation guidance, engineering-ready recommendations, and practical risk-based priorities. 




    • Bachelor’s degree in Computer Science, Engineering, or a related field—or equivalent practical experience.




    • Strong communication and collaboration skills, with experience working across Application Security, Engineering, Product, or Security Research teams. 


Nice-to-Have Skills:




    •  Solid understanding of cloud-native architecture, CI/CD workflows, build pipelines, containers, and modern DevOps practices. 




    •  Passion for raising the security bar through technical leadership, mentoring, secure engineering practices, and continuous improvement.




    •  Relevant certifications such as:




      • SANS Certifications: GSEC, GCIH, GCLD, GCID, GMON




      • (ISC)² Certifications: CISSP, CC, SSCP, CCSP, CAP, CSSL


Things we are proud of


  • 2025 AI Compliance Solution of the Year - AI Breakthrough Awards
  • 2025 DEVIES Award to our SBOM Manager new product for its innovation and impact in developer technology

  • 2024 Industry Leader in Forrester-Wave for Software Composition Analysis (2024 Q4 report)

  • 2023 Fast Company Best Places for Innovators

  • 2023 Gartner's Magic Quadrant

  • 2023 Software Report's Top 100 Software Companies

  • 2023 BuiltIn Best Places to Work

  • 2022 Frost & Sullivan Technology Innovation Leader Award

  • 2022 PeerSpot Silver Peer Award in Software Composition Analysis

  • 2022 Tech Ascension Best DevOps Security Solution Award

  • 2022 NVCT Cyber Company of the Year

  • Company Wellness Week - We shut down company operations for a week to enable all employees to pursue personal growth and enjoy a much-needed and deserved rest. 

  • Paid Volunteer Time Off (VTO)

  • Expansion of Sonatype’s India Innovation Hub in Hyderabad, reflecting our continued growth, commitment to innovation, and investment in talent to advance AI-driven software security globally


At Sonatype, we value diversity and inclusivity. We offer perks such as parental leave, diversity and inclusion working groups, and flexible working practices to allow our employees to show up as their whole selves. We are an equal-opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.



Client-provided location(s): Hyderabad, India
Job ID: 27fcf0cf-cd7f-4b04-953b-0d35426bd8bc
Employment Type: OTHER
Posted: 2026-06-28T09:06:10

Perks and Benefits

  • Health and Wellness

    • Health Insurance
    • Health Reimbursement Account
    • Dental Insurance
    • Vision Insurance
    • Life Insurance
    • Short-Term Disability
    • Long-Term Disability
    • FSA With Employer Contribution
    • HSA
    • HSA With Employer Contribution
    • FSA
    • Pet Insurance
    • Mental Health Benefits
  • Parental Benefits

    • Birth Parent or Maternity Leave
    • Non-Birth Parent or Paternity Leave
    • Adoption Leave
  • Work Flexibility

    • Flexible Work Hours
    • Remote Work Opportunities
  • Office Life and Perks

    • Casual Dress
    • Happy Hours
    • Snacks
    • Company Outings
  • Vacation and Time Off

    • Paid Vacation
    • Paid Holidays
    • Personal/Sick Days
    • Volunteer Time Off
  • Financial and Retirement

    • 401(K)
    • Performance Bonus
    • Company Equity
  • Professional Development

    • Promote From Within
    • Shadowing Opportunities
    • Access to Online Courses
    • Lunch and Learns
  • Diversity and Inclusion

    • Diversity, Equity, and Inclusion Program
    • Founder led