Social network you want to login/join with:
Senior Application Security Engineer, High Wycombe
Client: Cloudsmith
Location: High Wycombe, United Kingdom
Job Category: Other
-
EU work permit required: Yes
Job Views:
4
Posted:
31.05.2025
Expiry Date:
15.07.2025
Job Description:
Some people like building things. Others like breaking them. You? You love both and more importantly, you love stopping bad actors from breaking the things you helped build. If that sounds like your vibe, we’ve got a job you’ll want to see.
This job is with the software supply chain company - securing and powering how software gets delivered everywhere.
What you'll do:
* Embed security across the platform, from source to prod.
* Architect security controls across distributed, cloud-native systems.
* Lead threat modeling and security reviews (and get people to enjoy them).
* Perform ethical pen-testing on services and infrastructure.
* Extend security automation and monitoring with tools like CircleCI, GitHub Actions, DataDog, AWS Security Hub, etc.
* Harden everything from container runtimes to APIs to artifact pipelines.
* Write secure code, review others’ code, and help everyone level up their secure coding game.
* Build tools, automate boring tasks, and occasionally create a proof of concept for fun.
You need:
* A background in software development. You’re fundamentally a software engineer. Proficiency in Python is essential, and knowledge of TypeScript is a plus.
* Deep application security knowledge.
* Hands-on experience with SAST, DAST, RASP, and securing cloud environments (preferably AWS).
* Strong understanding of container security, API security, Infrastructure as Code (IaC), and CI/CD pipelines.
* Experience with pen testing, threat modeling, and developing security tools.
* Bonus points if you’ve secured artifact systems or supply chains before.
* Additional bonus if you’ve worked with Firecracker, gVisor, or security tools like SCA and data enclaves.
* You believe security should enable, not block, engineering.
* You’re diplomatic and can work with engineering teams to secure the Software Development Life Cycle (SDLC) without causing disruption.
This position is remote within the Island of Ireland or the UK. Applicants must be physically located in these areas; remote work from outside these locations is not permitted.
Work permit sponsorship is not available for this role.
#J-18808-Ljbffr