Enable job alerts via email!

Senior Application Security Engineer

Cloudsmith

United Kingdom

Remote

GBP 50,000 - 80,000

Full time

Yesterday

Be an early applicant

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

A leading software supply chain company is seeking a security-focused individual who enjoys both building and breaking systems. This role involves embedding security across platforms, leading security reviews, and enhancing automation. Ideal candidates will have a strong software development background, deep application security knowledge, and experience with various security tools. This remote position is available for applicants located in the Island of Ireland or the UK.

Qualifications

Background in software development, especially as a software engineer.
Deep application security knowledge and hands-on experience with SAST, DAST, RASP.

Responsibilities

Embed security across the platform, from source to prod.
Lead threat modeling and security reviews.
Perform ethical pen-testing of services and infrastructure.

Skills

Python

Application Security

Pen Testing

Threat Modeling

Cloud Security

Tools

CircleCI

GitHub Actions

DataDog

AWS Security Hub

Direct message the job poster from Cloudsmith

Some people like building things. Others like breaking them. You? You love both and more importantly, you love stopping bad actors from breaking the things you helped build. If that sounds like your vibe, we’ve got a job you’ll want to see.

This job is with the software supply chain company - securing and powering how software gets delivered everywhere.

What you'll do:

Embed security across the platform, from source to prod.
Architect security controls across distributed, cloud-native systems.
Lead threat modeling and security reviews (and get people to enjoy them)
Perform ethical pen-testing of services and infrastructure.
Extend security automation and monitoring with tools like CircleCI, GitHub Actions, DataDog, AWS Security Hub, etc.
Harden everything from container runtimes to APIs to artifact pipelines.
Write secure code, review others’ code, and help everyone improve their secure coding skills.
Build tools, automate repetitive tasks, and occasionally create a ‘sploity’ proof of concept for fun.

You need:

A background in software development, especially as a software engineer. Proficiency in Python and some TypeScript is a plus.
Deep application security knowledge.
Hands-on experience with SAST, DAST, RASP, and securing cloud environments (preferably AWS).
Strong understanding of container security, API security, Infrastructure as Code (IaC), and CI/CD pipelines.
Experience with pen testing, threat modeling, and developing security tools.
Big bonus if you’ve secured artifact systems or supply chains before.
Additional bonus if you’ve worked with Firecracker, gVisor, or tools like SCA and data enclaves.
You believe security should enable, not block, engineering.
You’re diplomatic and able to work with engineering teams to secure the Software Development Lifecycle (SDLC) without causing spookiness.

If interested, get in touch at rose@ninedots.io

This role is remote within the Island of Ireland or the UK. Applicants must be physically located in these regions; remote work from other countries is not permitted.

Work permit sponsorship is not available.

Seniority level

Not applicable

Employment type

Full-time

Job function

Information Technology

Industries

Data Security, Software Products

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.

Similar jobs