Cloudsmith Belfast, Northern Ireland, United Kingdom
Join or sign in to find your next job
Join to apply for the Corporate Security Engineer (GRC) role at Cloudsmith
Cloudsmith Belfast, Northern Ireland, United Kingdom
3 days ago Be among the first 25 applicants
Join to apply for the Corporate Security Engineer (GRC) role at Cloudsmith
TL;DR: We're seeking a Corporate Security Engineer to lead our GRC, Regulatory and Internal Corporate security efforts to help keep Cloudsmith – a world-class, security-first company powering the future of software delivery
About Cloudsmith
Cloudsmith is transforming how organizations handle software artifacts and secure their supply chains. As a fully managed multi-tenant SaaS built on AWS, our mission is to enable organizations to tackle scale and complexity through best-in-class artifact management and to secure software by default. Our vision is to become the software supply chain itself, powering the future of software delivery.
We are the world's most potent artifact management platform, built by developers for developers. Our platform supports over 30 formats spanning languages, containers, and operating systems, with enterprise-grade features, including vulnerability and security scanning, policy management and enforcement, and web-scale capabilities for Fortune 500 companies. Organizations trust Cloudsmith as critical infrastructure in their development, deployment, and distribution pipelines to protect and accelerate their software delivery at any scale.
Backed by top-tier investors and on a trajectory toward IPO and beyond, we're building mission-critical infrastructure that impacts millions of developers worldwide. Operating at the forefront of cloud-native technology, we address complex distributed systems challenges. Now is an exciting time to join us as we revolutionize software delivery and security, contributing to our rapid growth.
The Role
As our GRC Corporate Security Engineer, reporting to the head of application security, your role will focus on protecting Cloudsmith’s assets, ensuring compliance with industry standards such as ISO27001 and SOC2, and leading our Governance, Risk, and Compliance program. You will oversee the secure configuration, hardening, and monitoring of our IT assets, lead incident response, and work closely with customers and vendors to demonstrate security compliance.
Key Responsibilities
Governance, Risk and Compliance
* Maintain and expand our regulatory frameworks, including ISO27001, SOC2, and others, utilizing tools like Vanta.
* Lead vendor security assessments and assurance processes with vendors and customer requirements.
* Define and improve internal security processes such as asset management, incident response, and data protection.
Corporate Security
* Monitor and secure endpoint assets through MDM and EDR platforms.
* Work towards unifying security configurations, deployment, and response via automation and integrations, supporting SOC, SIEM, and SOAR initiatives.
Internal Training and Readiness
* Design and lead security training sessions for staff.
* Conduct tabletop exercises and disaster recovery drills to ensure robust response capabilities.
Required Experience, Qualities & Skills
Technical Expertise
* 5+ years managing internal corporate security and compliance.
* Proven experience implementing GRC programs aligned with industry standards.
* Experience automating manual processes via scripting or PaaS tools.
* Conducting security audits, vulnerability assessments, and compliance checks.
* Developing security policies, procedures, and standards.
* Vendor security and third-party risk management experience.
* Developing incident response plans and conducting tabletop exercises.
* Experience with SIEM tools like Splunk, Microsoft Sentinel, or Elastic Security.
Domain Knowledge
* Deep understanding of compliance standards such as ISO 27001, NIST, CIS Controls, SOC 2, GDPR, HIPAA.
* Experience with security audits, external audits, and ensuring compliance.
* Security policy development around data protection, access control, and vendor risk management.
* Knowledge of IAM tools like Okta, Azure AD, AWS IAM.
* Configuration management and hardening, applying CIS benchmarks.
* Implementing Zero Trust security principles.
Cultural Values
* Open, inquisitive attitude towards learning and improvement.
* Transparent communication and positive collaboration.
* Strategic vision on security’s impact on the company and product.
* Proactive, innovative, and initiative-taking mindset.
* Positive intent and a desire to improve.
Impact & Opportunity
This role is pivotal in building and scaling Cloudsmith’s security capabilities, directly influencing how we protect our platform, customers, and the software supply chain worldwide.
Growth & Development
You will help define security best practices, collaborate with engineering and leadership, and contribute to a secure-by-default platform, shaping the future of software supply chain security.
Benefits, Location & Work Environment
Based in Ireland or the UK, with a remote-first approach, offering competitive salary, equity, health insurance, flexible hours, professional development budget, and a supportive environment.
Some travel for team meetings and events may be required.
Health and Wellness
We prioritize staff health with generous leave, benefits, and flexible policies, supporting work-life balance and family wellbeing.
Personal Growth
Opportunities for skill development, training, and certifications, with budgets to support your growth.
Hybrid / Remote First
Headquartered in Belfast, with a fully-equipped office and regular team events. Most work remotely, facilitated by collaboration tools like Slack and Google Docs.
Equal Opportunity
We are committed to diversity and inclusion, welcoming applications from all backgrounds without discrimination.
The Final Word
We seek a strategic yet hands-on security leader who can build a scalable, secure, and user-focused security culture, impacting the software industry from today through IPO and beyond.
#J-18808-Ljbffr