Social network you want to login/join with:
Senior Application Security Engineer, reading
col-narrow-left
Client:
Cloudsmith
Location:
reading, United Kingdom
Job Category:
Other
-
EU work permit required:
Yes
col-narrow-right
Job Views:
4
Posted:
31.05.2025
Expiry Date:
15.07.2025
col-wide
Job Description:
Some people like building things. Others like breaking them. You? You love both and more importantly, you love stopping bad actors from breaking the things you helped build. If that sounds like your vibe, we’ve got a job you’ll want to see.
This job is with the software supply chain company - securing and powering how software gets delivered everywhere.
What you'll do:
* Embed security across the platform, from source to production.
* Architect security controls across distributed, cloud-native systems.
* Lead threat modeling and security reviews (and make them enjoyable).
* Perform penetration testing services and infrastructure testing (ethically, please).
* Extend security automation and monitoring with tools like CircleCI, GitHub Actions, DataDog, AWS Security Hub, etc.
* Harden everything from container runtimes to APIs to artifact pipelines.
* Write secure code, review others' code, and help everyone improve their secure coding skills.
* Build tools, automate repetitive tasks, and occasionally develop proof of concepts for fun.
You need:
* A background in software development. You are fundamentally a software engineer, proficient in Python and familiar with TypeScript.
* Deep knowledge of application security.
* Hands-on experience with SAST, DAST, RASP, and securing cloud environments (preferably AWS).
* Strong understanding of container security, API security, Infrastructure as Code (IaC), and CI/CD pipelines.
* Experience with penetration testing, threat modeling, and developing security tools.
* Bonus: experience securing artifact systems or supply chains.
* Bigger bonus: experience with Firecracker, gVisor, SCA, or data enclaves.
* You believe security should enable, not hinder, engineering teams.
* You are diplomatic and able to collaborate with engineering teams to secure the Software Development Life Cycle (SDLC).
This position is remote within the Island of Ireland or in the UK. You must be physically located there; remote work from other countries is not permitted.
Work permit sponsorship is not available for this role.
#J-18808-Ljbffr