Ubuntu Security Engineer

Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. Our platform, Ubuntu, is widely used in breakthrough enterprise initiatives such as public cloud, data science, AI, engineering innovation, and IoT. The company is founder-led, profitable, and growing, with 1200 colleagues in 75 countries and very few office-based roles. We are building a team dedicated to providing security coverage across a wide range of ecosystems and environments and to protecting the open source community and Ubuntu users from emerging threats. We are hiring an Ubuntu Security Engineer to join an industry-leading security engineering team.

We are looking for candidates across all levels of experience, from Graduate to Senior. As part of the Ubuntu Security Team, you will monitor, triage, respond to, and document new and existing vulnerabilities in open source software. You will collaborate with internal teams and external partners to identify issues, prioritize them, and coordinate remediation. This is an engineering-focused role that may also involve activities such as producing security assessments, building features, conducting code reviews, developing internal tools, engaging with the open source community, and participating in industry initiatives and events. This role requires international travel at least twice a year and the ability to work productively in a globally distributed team through self-discipline and motivation.

Worldwide – this is a globally remote role. The role entails traveling as described above.

• Analyzing, fixing, and testing vulnerabilities in open source packages.
• Keeping track of vulnerabilities in the Ubuntu ecosystem as they are discovered, researched, and fixed, leveraging internal tools.
• Collaborating with other teams in the Ubuntu community and upstream developers as needed to exchange or develop vulnerability patches and ensure Ubuntu includes robust security features.
• Auditing source code for vulnerabilities.
• Building features and tools to help teams strengthen the security of their products and contribute to Ubuntu's overall security.

• You have a thorough understanding of common categories of security vulnerabilities and techniques for fixing them.
• You are familiar with coordinated disclosure practices and open source development tools and methodologies.
• You are skilled in one or more of C, Python, Go, Rust, Java, Ruby, PHP, or JavaScript/TypeScript.
• You have excellent logic, problem-solving, troubleshooting, and decision-making skills.
• You can clearly and effectively communicate with the team and Ubuntu community members.
• Experience with Linux, Debian, or Ubuntu is preferred.
• Excellent interpersonal skills, curiosity, flexibility, and accountability; appreciation of diversity; polite and effective in a multi-cultural, multi-national organization.
• Thoughtfulness and self-motivation; result-oriented with a personal drive to meet commitments.

• We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually and more often for graduates and associates, to recognize outstanding performance.
• In addition to base pay, we offer a performance-driven annual bonus or commission.
• We provide all team members with additional benefits that reflect our values and ideals. We balance programs to meet local needs and ensure fairness globally.
• Distributed work environment with twice-yearly team sprints in person.
• Personal learning and development budget of USD 2,000 per year.
• Annual compensation review; recognition rewards; annual holiday leave.
• Maternity and paternity leave; Team Member Assistance Program; Wellness Platform.
• Opportunity to travel to new locations to meet colleagues; travel upgrades for long-haul company events.