Demo

Senior Security Engineer

Sonata Software
San Jose, CA Contractor
POSTED ON 7/8/2026
AVAILABLE BEFORE 8/6/2026

Sonata Software Overview

In today's market, there is a unique duality in technology adoption. On one side, extreme focus on cost containment by clients, and on the other, deep motivation to modernize their Digital storefronts to attract more consumers and B2B customers.

As a leading Modernization Engineering company, we aim to deliver modernization-driven hypergrowth for our clients based on the deep differentiation we have created in Modernization Engineering, powered by our Lightening suite and 16-step Platformation™ playbook. In addition, we bring agility and systems thinking to accelerate time to market for our clients.

Headquartered in Bengaluru, India, Sonata has a strong global presence, including key regions in the US, UK, Europe, APAC, and ANZ. We are a trusted partner of world-leading companies in BFSI (Banking, Financial Services, and Insurance), HLS (Healthcare and Lifesciences), TMT (Telecom, Media, and Technology), Retail & CPG, and Manufacturing space. Our bouquet of Modernization Engineering Services cuts across Cloud, Data, Dynamics, Contact Centers, and around newer technologies like Generative AI, MS Fabric, and other modernization platforms.


Job Title: Security Engineer – Pentesting

Location: San Jose, CA (5 days Onsite) – Need Locals


Role summary

We are seeking a highly skilled Security Engineer specializing in Penetration Testing to strengthen our o ensive security capabilities. This role is responsible for identifying vulnerabilities across applications, infrastructure, cloud environments, and emerging AI/ML systems, including Large Language Models (LLMs) and GenAI platforms. The ideal candidate combines deep technical pentesting expertise with hands-on experience in AI security, enabling proactive defense against sophisticated and evolving threats.


Key Responsibilities:

Application & API Security Testing

  • Perform black-box, gray-box, and white-box penetration testing of:
  • Web applications, APIs (REST/GraphQL), and mobile platforms

• Identify vulnerabilities including:

  • Authentication/authorization flaws
  • Injection attacks
  • Business logic vulnerabilities
  • Session Management
  • Information Gathering
  • Data Validation, Governance and Transfer
  • Configuration Management

• Conduct secure code reviews and validate SAST/DAST findings

Infrastructure & Network Penetration Testing

• Execute penetration testing across:

  • Enterprise networks (internal/external)
  • Cloud platforms (AWS, Azure, GCP)
  • Hybrid environments

• Perform:

  • Privilege escalation and lateral movement
  • Active Directory assessments (Kerberos, NTLM, etc.)

• Identify misconfigurations and control weaknesses

AI/ML & GenAI Security Testing

• Conduct security assessments on:

  • LLM-based applications and AI copilots
  • Machine learning models and pipelines

• Perform:

  • Prompt injection and jailbreak testing
  • Data leakage and model abuse scenarios
  • Adversarial ML attacks (evasion, poisoning)

• Assess:

  • RAG (Retrieval-Augmented Generation) pipelines
  • Model APIs, plugins, and agent frameworks
  • E ectiveness of AI guardrails and controls

Red Teaming & Adversary Simulation

• Simulate real-world attack scenarios across:

  • Applications, infrastructure, and AI systems

Develop multi-stage attack chains combining:

  • Traditional and AI-specific techniques

• Support purple team exercises with SOC and detection teams

Automation & AI-Driven Security Testing

Leverage AI tools to:

  • Automate vulnerability discovery
  • Generate test cases and attack payloads
  • Develop custom tools/scripts using:
  • Python, Bash, PowerShell, or Go

• Enhance scalability and repeatability of pentesting processes

Reporting & Stakeholder Engagement

• Deliver:

  • Executive-level summaries (CIO/CISO ready)
  • Detailed technical reports with reproduction steps

• Provide:

  • Risk-based prioritization aligned to business impact
  • Actionable remediation guide

• Collaborate with:

  • Engineering, Cloud, SOC, and DevOps teams


Required Qualifications

Experience

• 5 years in penetration testing, red teaming, or o ensive security

Proven experience testing:

  • Web applications, APIs, and infrastructure

• Hands-on exposure to cloud security and enterprise environments

Technical Skills

• Strong knowledge of:

  • OWASP Top 10 / API Top 10
  • OWASP Top 10 LLM
  • Network and infrastructure pentesting
  • Identity and Active Directory exploitation

• Experience with tools such as:

  • Burp Suite, Metasploit, Nmap
  • BloodHound, Mimikatz, Nessus

AI Security

• Understanding of:

  • LLM architectures and GenAI use cases
  • RAG pipelines, embeddings, and vector databases

Experience with:

  • Prompt injection testing
  • AI red teaming or model security assessments

• Exposure to:

  • LangChain, Semantic Kernel, or similar frameworks

Programming

Proficiency in:

  • Python (required)
  • Scripting (Bash/PowerShell)

• Ability to develop:

  • Custom testing tools and exploit scripts

Preferred Qualifications

• Certifications:

  • OSCP, OSEP, or OSCE
  • GPEN, GWAPT, or CRTO
  • Cloud security certifications (AWS/Azure)

• Experience with:

  • AI security research or tooling
  • Bug bounty programs or red team operations

Key Competencies

  • Strong attacker mindset and creative problem solving
  • Ability to translate technical findings into business risk
  • Excellent collaboration across engineering and security teams
  • Focus on scalable, repeatable security processes


Why join Sonata Software?

At Sonata, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build never seen before solutions to some of the world’s toughest problems. You´ll be challenged, but you will not be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next.

Sonata Software is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, national origin, gender identity, age, religion, disability, sexual orientation, veteran status, marital status, or any other characteristics protected by law.


Hourly Wage Estimation for Senior Security Engineer in San Jose, CA
$70.00 to $86.00
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Senior Security Engineer?

Sign up to receive alerts about other jobs on the Senior Security Engineer career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$112,673 - $137,290
Income Estimation: 
$139,945 - $168,577
Income Estimation: 
$140,233 - $181,029
Income Estimation: 
$161,209 - $233,553
Income Estimation: 
$111,725 - $147,313
Income Estimation: 
$139,945 - $168,577
Income Estimation: 
$140,233 - $181,029
Income Estimation: 
$161,209 - $233,553
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Sonata Software

  • Sonata Software East Brunswick, NJ
  • ABOUT SONATA SOFTWARE Sonata Software, with over $1.2 Billion Revenue, is a leading AI-first Modernization Engineering company, powered by our unique Platf... more
  • 5 Days Ago

  • Sonata Software Carrollton, TX
  • ABOUT SONATA SOFTWARE Sonata Software, with over $1.2 Billion Revenue, is a leading AI-first Modernization Engineering company, powered by our unique Platf... more
  • 15 Days Ago


Not the job you're looking for? Here are some other Senior Security Engineer jobs in the San Jose, CA area that may be a better fit.

  • Xage Security Palo Alto, CA
  • About the role This is a software development role that gives the opportunity of championing the design of path-breaking information security products that... more
  • 2 Months Ago

  • Xage Security Palo Alto, CA
  • About the role The Senior Backend Engineer role gives the successful candidate the opportunity to champion the design of path-breaking information security... more
  • 5 Days Ago

AI Assistant is available now!

Feel free to start your new journey!